Hi, The virus/clamdscan plugins seems to ignore scanning of non-multipart messages, probably so save cpu-cycles? For easy testing I normally just send a plain message via telnet with the eicar-virus-test-string, so for that to work, I have to disable that check - which I guess would be OK?
Next problem is that clamdscan (or clamscan) seems to ignore ASCII text files, and as body_spool() doesn't write any received headers, the eicar-virus-test-string isn't detected. % cat 1.eml Subject: Virus Test [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* % cat 2.eml Received: (qmail 23486 invoked by uid 1001); 6 Mar 2007 20:44:51 -0000 Subject: Virus Test [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* % file 1.eml 2.eml 1.eml: ASCII text 2.eml: RFC 822 mail text % clamdscan 1.eml 2.eml /tmp/v/1.eml: OK /tmp/v/2.eml: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.005 sec (0 m 0 s) This might be a clamav problem (or a configuration problem) - but would it be possible to write the received headers to the spool along with the body? /Claus A
