On 15 Feb 2004 at 11:57, Alain DESEINE wrote: > At 15:04 13/02/2004 -0700, you wrote: > > > >Are you using *_contains_virus_clamd() or *_contains_virus_clamav() > >functions? > > I use both.
What does that gain you? You're not increasing your likelihood of detection by running it through the same AV engine twice; you're just adding significant load by using the non-daemonised scanner. > >The daemonized scanner requires a local socket accessible to the > >defang user, which your configuration doesn't include. Also note > >that there was a bug in clamav 0.65 causing intermittent hangs; I'd > >suggest upgrading to 0.66. > > I'm not sure you're right, because when i receive a mail with a virus > attached (EICAR.COM for example) the virus is well found. The problem is > only when the virus is contained in a zip file. Well, my installation of MIMEDefang + clamd detects zipped EICAR just fine, so there's gotta be something up with yours. :-) You stated in your original mail that scanning zipped archives works fine from the commandline works fine, so it can't be an issue with clamav not being built against libz and libbz2. Maybe you should check to see if MIME::Tools is actually parsing your test message properly? touch /var/spool/MIMEDefang/DO-NOT-DELETE-WORK-DIRS Send test message with zipped EICAR rm /var/spool/MIMEDefang/DO-NOT-DELETE-WORK-DIRS You should have one or more (if it's a production server) mdefang-* directories in /var/spool/MIMEDefang. Each should have a Work/ subdirectory with decoded message parts, including your zipfile attachment. If you can run clamdscan there and detect the virus, there's no reason it shouldn't detect it as it passes through. ---- Nels Lindquist <*> Information Systems Manager Morningstar Air Express Inc. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
