On Wed, 3 Mar 2004, Tomasz Papszun wrote: > Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of > mail messages (stream of characters as they are), while amavisd-new (and > probably amavis) "divide" messages to parts and decode them separately, > hence ClamAV doesn't get the original stream of chars.
Does that explain why clamscanning a mailbox file without the --mbox option will produce hits? By the way, is there a tool that would help me clean these mailboxes when I notice they're infected? I've been manually scanning inboxes from time to time and then (mostly) manually removing the viruses, which is a bit tedious. mboxgrep is a nice little utility that helps automate things a little, but clamscan's reporting when it finds a virus in a mail file doesn't seem to help you ID which message it is, so it's of limited use. Jeffrey Moskot System Administrator [EMAIL PROTECTED] ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
