Looking over the clamd failures on my mail server I noticed that it was always leaving behind a work directory in /tmp, which pretty much narrows it down to the mbox.c code that pulls apart a mail message for scanning. James Stevens had posted a message to the clamav-devel list about replacing mbox.c with a small module that called "ripmime" to do the disassembly, but his code didn't actually pull the message apart so clamav could scan it. In my testing with his code clamav wasn't finding a single one of the viruses that came through.
Ok, I took James' code and got it working, though I'm positive it's not going to be fast enough for heavy loads. I just posted my version of the mbox.c replacement code to the devel list, it should show up in the archives. The regular mbox.c module appears to need some serious work to make it robust enough to deal with brain-dead mail clients who create bad mime attachments (or spamware that gets it wrong also). ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
