Hi, In testing clamd, I was able to get a virus through unnoticed. This is basically due to the fact that clamav doesn't process mime attachments very well and to make it work properly, it relies on other programs extracting mime attachments.
Here's my setup: 1. I have a message file which has the Sircam virus in it. 2. I run a wrapper which uses ripmime to extract any mime parts into a directory, then I run clamscand on that directory. Normally this works fine, because ripmime extracts the offending virus attachment as a separate file and clamav then catches the virus. 3. I send myself a message which has the message file as an attachment. Via pine, what happens is the message file gets attached as a base64-encoded attachment. 4. My script, which uses ripmime, then runs and extracts the attachment, which then happens to be just the rfc822 message file. At this point, clamav does not catch the virus because that attachment file is the message that has in it the virus which is another attachment. The only way I can imagine this working is if somehow there was a recursive extraction, to the point that eventually the virus file itself got exposed. So the problem is that typically it works fine just using ripmime and running clamav on the resulting files. Unfortunately this is a "recursive" case, and it does not work. Does anyone have a suggestion on how to solve this? My script is getting called from maildrop; it extracts mime parts into a directory and then runs clamdscan on that directory. But for this specific scenario, it would only work if somehow it ran ripmime recursively. It really would be nice if clamdscan itself were able to properly handle mime attachments; but I've never been able to get it to work well with mime attachments. So I'm dependent on using something like ripmime. Maybe there's something similar to ripmime, which already does some sort of recursive extraction? Thanks for your help. Ricardo ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
