On Thu, 23 Oct 2003 at 21:50:25 +0200, Cedric Foll wrote:
>
> I'm trying to use clamav for 2 days.
>
> I've put it on my mx mail serveur, this serveur send mail to a Trend
> IMSS and them the mail come to my pop serveur.
>
> IMSS has detected a virus (PE_DUMARU.A) that clamav hasn't see.
>
> The raison it's perhaps that I'm using clamav in a particular way.
> When Postfix on the MX get a mail, it send it to a shell script, the
> script does the folowing things (it's a simplification of my script).
> -----------
> cat > in.$$
>
> clamscan in.$$ || {
> rm in.$$
> exit
> }
> bogofilter -p < in.$$ | sendmail "$@"
>
> rm in.$$
> exit
> -----------
>
> clamscan seem to do be alway able to get virus in that way.
> What can I do ? (I want to use a script like this one).
>
Disclaimer: I'm not analysing whether your script is good or not, I'm
just giving a general advice.
If you find an infected file in which ClamAV doesn't detect an
infection, check it again manually ('clamscan file_name'; 'clamscan
--mbox file_name'). If this is a mail message and clamscan doesn't
detect a virus, try also to extract the attachment from the message
(with uudeview or mimencode or any utility you know and like) and run
clamscan on the attachment.
If clamscan still doesn't detect the infection, examine the file with
"clamav online specimen scanner" (COSS):
http://www.gietl.com/test-clamav/ .
Then, when you are _sure_ that clamav doesn't know the virus, submit the
file via http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
so that database developers could prepare the signature and update the
database.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community? Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
