> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Nigel Horne > > cl_mbox() isn't being called. Please ensure that the file you give it > (eicar-binhex) is a valid email.
It is, and I've put it up at http://macgregor.myby.co.uk/eicar-binhex, however that has enabled me to track down the problem. It's the mail headers, or lack of. If I forward the email as the body of another then it's detected fine. ClamAV requires that the first word be one of many standard headers. However in the case of the mail from testvirus.org the first header isn't one that's being looked for, but another (X-Message-Info:). Sticking a "From test" at the start solves the problem. The "problem" with the direct email is that my box is the first one to add a Received: header. As that isn't added until *AFTER* the milter is run, there's no magic for the check to work with. The headers at that point look like: X-Originating-Ip: 82.33.62.105 Message-Id: <[EMAIL PROTECTED]> Date: Sat, 28 Feb 2004 02:55:36 -0500 From: "testvirus.org" <[EMAIL PROTECTED]> To: <blah> Subject: Virus Scanner Test Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_886481886==_" X-Note: Report abuse to [EMAIL PROTECTED] X-From: [EMAIL PROTECTED] - ([127.0.0.1]), outgoing 1. X-Note: IPMX, NOLEGIT (0) I think you can see the problem :) So, can Message-Id be added as a tag and there be some option to look for it within N lines of the start of a file (I'm guessing that looking for any valid header within the first 2 lines should be fine)? Either that or some way of saying that every item scanned is an email (for use within mail filters, which is how I'm using it)? PLEASE - keep list traffic on the list. Email sent directly to me may be ignored utterly. -- Rob | What part of "no" was it you didn't understand? ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
