On Thu, Aug 05, 2004 at 09:58:33AM -0700, Richard A Nelson wrote: > Today, I see that clamdscan called by mimedefang is *still* not > detecting Worm.Mydoom.M, whilst the subsequent clamav-milter *is* :( > > The mimedefang->clamdscan *is* catching some, just not (for the nonce) > some of the attempts: > Worm.Mydoom.M, Worm.SomeFool.Gen-1, Worm.SomeFool.Gen-2 > so I'm left thinking that even though mimedefang and clamdscan are > running different uids, there shouldn't be a permissions issue.
I'm just guessing here, but... are you sure your clamd is up to date? (I'm not familiar with clamav-milter, does that use clamd too, internally? Or does it use the clamav libs directly?) Also... is "ScanMail" included in your clamav.conf? > I'm running spamassassin 3.0pre2, so it is *not* the umask issue - > I even perused the code to make sure... > > Here's my mimedefang-filter(pretty stock) if anyone can help: > http://www.cavein.org/mimedefang-filter I can't find anything specific in the filter. You could try md_copy_orig_msg_to_work_dir_as_mbox_file() instead of md_copy_orig_msg_to_work_dir() what you have now, could be that clamd doesn't recognise the mail otherwise (but I doubt it). I just tried sending a mydoom.m to myself, and my mimedefang/clamd blocks it just fine... and I'm not even using md_copy_orig_msg...! (It very well might have been another mydoom.m variant that doesn't abuse MIME as much). -- #!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]> $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
