When qpsmtpd receives a message, it stores the header information in memory and spools the body into a file. So there are files on disk in the following form:
----=_Mail_SendEasy_11MwTRh_76015_1109190792 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
=41 =66=69=6C=65 =66=6F=72 =79=6F=75
----=_Mail_SendEasy_11MwTRh_76015_1109190792 Content-Type: application/octet-stream; name="virus.jpeacock_rowman.com.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="virus.jpeacock_rowman.com.zip"
UEsDBAoAAAAAAHqaVjKRs0JkwHAAAMBwAAATAAAAanBlYWNvY2tAcm93bWFuLmNvbU1akAADAAAA BAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgAAAAO H7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...
which is exactly the MIME body parts of the entire message, minus the headers, including the important wrapping header:
Content-Type: multipart/mixed; boundary=...
The current ClamAV plugin for qpsmtpd creates a new temporary file, writes out the header lines and copies the body lines before scanning the file.
Our current AV package (McAfee's uvscan) has no problem scanning this MIME fragment as is, and I'd like to make ClamAV just as capable. Thoughts???
TIA
John
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
