On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote: > On Tue, 2 Mar 2004, jef moskot wrote: > > For some reason, my system is allowing Worm.Bagle.F-zippwd files > > through... > > For what it's worth, this seems to be an issue with amavis. By default, > it doesn't scan the body of the message. If/when I get I fix, I'll post
Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of mail messages (stream of characters as they are), while amavisd-new (and probably amavis) "divide" messages to parts and decode them separately, hence ClamAV doesn't get the original stream of chars. > it here so all other dinosaurs can update their scripts. Not only dinosaurs. Amavisd-new also does so. These scripts are simply "too intelligent" ;-). There is a patch (it was posted to the amavis-user ML) to development version of Amavisd-new which enables scanning of full intact messages, but I haven't tried it yet. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
