In article <[EMAIL PROTECTED] smith.charlieb.ott.istop.com>, [EMAIL PROTECTED] says... > > On Thu, 8 Apr 2004, Burt wrote: > > > My research showed that the problem was that the temporary file that the > > clamav plugin creates for clamav to scan does not contain the email's > > envelope "From " header (that is, the From header without a colon). > > Without that, clamav doesn't recognize the file as an email (or, in > > clamav terms, mbox format). > > That's a bug in clamav. The envelope sender is message metadata, not part > of the message itself. Moreover, the "From " format is relevant to only > one form of message storage - it's not intrinsic to mail messages in > general.
I know that the "From " is mbox-specific. I should have been clearer in my earlier post. clamav appears to look for one of a set of strings at the start of the file sent to it to determine how to process it. As long as one of those strings is at the head of the temp file, clam(d)scan will know to break out attachments and process them -- otherwise, it will scan the encoded data, and likely not find anything. If the clamav plugin was written to decode any attachments first and then send all the resulting temp files through clam(d)scan, you wouldn't need to ensure that the first line of the temp file matched up, but that seems like unnecessary work for the plugin. (It is the way that qmailscanner operates though, I believe) The list of strings that clamav appears to be looking for at the start of the file to identify an email are: "From ", "Received: ", "Return-Path: ", "Delivered-To: ", "X-UIDL: ", "For: ", "From: ", "X-Symantec-", "Hi. This is the qmail-send" It then further identifies those that start with "From " to be of mbox format, and will handle multiple emails in the one file. As Shad stated in his earlier post, the stock spamassassin plugin adds the X-Spam-* headers to the top of the message, so those will prevent clamav from handling the file correctly. So you have a couple of options as to how to handle this: 1. Add the "From " header to the top of the temp file in the clamav plugin. You could add another header, or juggle the headers, but that doesn't seem as simple. 2. You could modify the spamassassin plugin and remove the ", 0" as the third argument to each $transaction->header->add() call, thus placing the X-Spam-* headers at the bottom of the header stack (I do this anyway, to be more consistent with the way that spamc formats messages, but that's not important). My concern with this, is that you are still relying on the fact that the first header in the clamav plugin temp file is going to match one of the set listed above. Anyway, my apologies for the long-winded message. I hope this is a better explanation of what I found. btw, I haven't been a code monkey in years, so please excuse (and feel free to correct) any misunderstandings on my part. Cheers, Burt
