If you are running Debian with Amavisd-new and Clamav, you will need to upgrade (for example, apt-get install -t unstable amavisd-new) to the newest version of amavisd-new (20030616p7-3 as of this email) and add a line like this in the appropriate place in /etc/amavis/amavisd.conf -
$keep_decoded_original_re = new_RE( qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i, qr'^MAIL' );
The "MAIL" bit is the important part, and this is noted in the changelog for this version.
This will allow Amavis to catch the viruses that use password-protected zip files that ClamAV has signatures for (based on the email message, and not the virus).
I have also found the procmail recipe posted here earlier to be useful, and have found that 'clamscan -m' run against my users Maildirs (I use Courier-Imap) to be effective, and added a cronjob that looks like this:
* * * * * /bin/find /home/*/Maildir -type f -cmin 1 -exec /usr/local/bin/clamscan -i --no-summary -m --log=/var/log/clamscan.log --move=/var/lib/amavis/virusmails {} \;
to remove email messages from my user's mailbox that may have slipped past the scanners - and any that may reappear on the minute.
This uses no small amount of resources, but it's better than having a bunch of viruses sitting in mailboxes. :)
Somewhat off topic:
Under special conditions this afternoon the rest of my department and I infected several air-gapped machines with some of these viruses and found most of the commercially available antivurus solutions to be only partially effective at both detecting and fixing them. Quite a surprise to us, although Clamav did a great job of finding already-infected files on a windoze box when using the system rescue CD (www.sysresccd.org) and updating the virus database in ramdisk.
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
