On Thu, 05 Feb 2004 at 12:09:00 +0100, Bruno Treguier wrote:
[...]
> 
> Here is my problem: I submitted yesterday a new version of the paypal
> trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission
> was made via the web service.
> 
> The mail was an text/html one, with a quoted-printable encoding. So when
> I run clamscan or clamdscan on a file containing the raw email, the
> detection is correct.
> 
> The problem is that I run clamav as a virus scanner via amavis, and
> amavis does all the decoding before calling the scanners. So when clamav
> is called, it does NOT detect the trojan anymore, as it is no longer
> quoted-printable encoded...
> 
> Is there a solution to this problem ?

The solution is probably a correcting the signature by us ;-) .

Thank you for pointing this out!

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to