Bill Randle wrote:It may also depend upon the specific virus. Viruses that are imbedded in password protected zip files
Have you updated clamav recently? Is is possible you have more than one copy of the virus
definition tables installed? While clamd will get the path to the db files from the /etc/clamav.conf
file, clamscan does not read the config file and uses its internal defaults unless you override
it via command line args. Try running clamscan (with --mbox) and with the arg that explicitly tells
it where to find the db files (get the path from /etc/clamav.conf or /etc/freshclam.conf [which should
be the same]).
I did update it, however there's only one location those db files are located in. clamscan is using the right location (with or without specifying it on the command line) and it still only sees two. I think David's right, in that it only scans complete messages which include their headers, and it ignore those that don't have all their headers. Kinda weird.
are detected by signatures based on certain common header information, as well as patterns in the
message body / attachment. Since the zip file is password protected, clamav can't look inside the zip
file itself, thus has to rely on other clues to let you know it's infected.
-Bill
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
