Quoting Antony Stone <[EMAIL PROTECTED]>:
On Thursday 08 April 2004 8:45 pm, Jack London Networks wrote:
Okay, I like the --mbox support of clamscan. Problem is - now that I
know there are infected messages in people's inboxes/other folders, I
have very little information to go on to find and clean those
messages. For example, I know a few people have copies of Bagle,
SomeFool/Netsky and so forth - but in an inbox of 4,000 items - how do I
know _which_ message is infected?
If you have some time, you can use formail to split the mailbox into
individual messages and pipe them through clamscan to locate the bad ones...
containing the viruses, then use mboxgrep to find the mails containing those
attachment names?
Most recent viruses use either double extensions or a common set of extensions
(.zip, .rar, .scr, .exe, .pif etc) so you can mboxgrep for those to help
narrow down the search.
If you check the reports for a lot of the recent viruses, the list of
possible strings/filenames for some of them is too long to do an actual
search on those. But they follow patterns, and your eye will catch the
patterns rather quickly.
--
Eric Rostetter
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
