On Sat, 31 Jan 2004, Jon R. Kibler wrote: > We are having a problem where clamav is missing MyDoom viruses that > uvscan catches. It seems that clamav is missing about 1/3 to 1/2 of the > MyDooms we are seeing. (The only MyDooms we are getting are bounces to > bogus email addresses.)
The problem is probably that the bounces include the infected file(s) as base64 encoded. MD and clamav don't base64 decode it, but uvscan does. So, either be happy that something in your arsenal does catch it, or add base64 decoding to your MD filter, which will probably be a big hairy mess. (maybe quarantine messages with base64 in them for later review?) clamav should be able to detect these in the future. There has been talk with the author of ripmime to link clamav with his library. This may be available to some degree in post-0.65 snapshots but I haven't tried any yet. Jason -- Jason Englander <[EMAIL PROTECTED]> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
