I have been running a clamav-milter setup for a while. Previously I had been running a amavisd+uvscan setup. I setup clamav-milter to run before amavisd and configured amavisd to quarantine instead of discard.
I have also created a little script which rm anything from the amavis quarantine that clamscan --mbox detects. This should elminate cases such as when a write error or other error condition allows the email to pass clamav-milter and proceed to amavis-milter.
Whats left can be broken down into the following generic categories. Advice on how to proceed on these is greatly appreciated. Anyone with interest in the messages will be sent a copy.
- Emails that do not appear to start with headers that would enable the magic detection in libclamav to see it as an email message
Apparently clamav-milter sends a made up received header ("Received: " is a magic phrase...) to clamd so this should never happen while using clamav-milter, unless this is coincidentally also an email that passed clamav-milter due to error conditions.
Perhaps a flag to FORCE mbox processing of input? A clamd protocol extension?
- Emails that do not contain proper MIME and content type headers in the beggining headers of the message.
As I am not well versed in the appropriate standards I cannot say who is right here, but amavisd which uses MIME::Parser and also mpack-1.6 unpack the attachments with ease. clamscan does flag those unpacked attachments as viruses.
Of the above category they vary. Usualy it is a mail bounce containing a copy of the message. The messages are sometimes delimited with a Unix mbox style from, but more often just contain a new set of headers and body. The new set of headers has proper MIME headers.
- Truncated mime attachments that uvscan catches after munpack and that clamscan does not
Presumably these are defanged and useless viruses.
- NAI Uvscan Exploit-URLSpoof.gen which I just submitted. sigtool said signature was too short.
I have more but.....
Joe
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
