On Tue, 26 Aug 2003 at 8:24:41 -0700, [EMAIL PROTECTED] wrote: > Quoting Tomasz Papszun <[EMAIL PROTECTED]>: > > > > About the sample you sent to me: this is a message in Maildir format, > > not Mailbox. As it has been already written a couple of times here > > lately, clamscan does not (yet) recognizes messages other than mbox > > format (but work is being done to extend '--mbox' capabilities). > > > > After I changed your sample into mbox format (by inserting 1 line > > beginning with "From [EMAIL PROTECTED]"), 'clamscan --mbox' *does* > > detect Sobig.F in it. I also extracted the attachment from that message > > and clamscan (without any additional option) detects Sobig.F > > successfully. I use usual databases. > > > > So I'd like to make sure: was _that particular_ sample (which you sent > > to me) really allowed by a live mail system using clamav? Or you take > > some infected message and manually check it with clamscan? In the latter > > case, a virus will not be detected in it obviously, due to described > > reason. > > > Tomasz, > > This is a file that has already been received by the mail system. > I now under stand that this file type is unsupported by the scanner. > > Thanks for the answer.
Well, I must say that the origin of that sample is still unclear for me after your reply. When you wrote "file that has already been received by the mail system", do you mean that this mail system has no antivirus protection and that you checked the message _later_, by hand? Or that the mail system has AV scanning and it permitted the virus anyway? The second possibility would make me worry so I want to have this case clarified. P.S. Sorry, Mr Smith but I must return to my please. When I wrote that you quoted a few levels of marketing footers, I meant that you should remove them when you reply (as well as other unnecessary fragments). In this (your) reply, they occupy 1.5 screenfuls already :-( . Things are getting better though, as you answered below my message, not above it :-) . Thank you for this. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
