On Thu, 05 Feb 2004 at 12:09:00 +0100, Bruno Treguier wrote: [...] > > Here is my problem: I submitted yesterday a new version of the paypal > trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission > was made via the web service. > > The mail was an text/html one, with a quoted-printable encoding. So when > I run clamscan or clamdscan on a file containing the raw email, the > detection is correct. > > The problem is that I run clamav as a virus scanner via amavis, and > amavis does all the decoding before calling the scanners. So when clamav > is called, it does NOT detect the trojan anymore, as it is no longer > quoted-printable encoded... > > Is there a solution to this problem ?
The solution is probably a correcting the signature by us ;-) . Thank you for pointing this out! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users