> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Dirk Mueller > > No, this is not the problem. mimedefang does not pass the > original mail to > ClamAV. it extracts all mime parts, and then calls the virus > scanner on those > files, since not all virus scanners can handle raw mails. The > virus scanner > never actually sees the original, unmodified mail with mimedefang. > > So this is a mimedefang-only bug. Not a bug in ClamAV.
Well, I'd call it a bug (or maybe a feature) of both :) I would say that the problem is that MD only does part of the job of extracting parts. Rather than fully decoding the email it does a half-hearted job (and no, I'm not having a go - it's a design choice I can fully understand). This means that any smart scanners get only part of the story. Ideally MD would not just pass the decoded parts but the original email, as is, to the scanner. There would be some overhead, but it's better than the current situation. > BTW, my workaround for letting ClamAV handle mails directly > is to prepend the > mail with a "From [EMAIL PROTECTED]" before passing it down to > clamdscan --mbox. > This way it will always handle it as email. I had thought about that myself :) > But again, to avoid misunderstandings: this is not needed > with mimedefang, > since mimedefang never runs the virus scanner on the mail itself. Yeah, I solved the problem by using clamav-milter itself. I'd rather not have something else in the loop (more things to break), but I'll live with it. PLEASE - keep list traffic on the list. Email sent directly to me may be ignored utterly. -- Rob | What part of "no" was it you didn't understand? _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
