Imagine finding help (and the correct answer by the way) right here on campus! You seem to be right on the mark. If I ripmime one of my quarantined files and then clamscan the results, it finds the virus everytime.
Thanks, Phil
On Friday, May 7, 2004, at 02:05 PM, Steven Dean wrote:
[EMAIL PROTECTED] said:Hi, I am attempting to replace our e-mail virus scanner (RAV) with clamav. I am running it under OS X 10.3. I have about 250 e-mail messages that RAV has quarantined as being virus infected. If I use clamscan to scan these files, it only finds a few files that are infected (with I.Frame). If I use McAfee Virex, it finds no infected files. Yet RAV steadfastly insists that most of these files are infected thusly:
The infected file was saved to quarantine with name: 1083955063-460226.msg. The file (part0005:postcard.zip)->(Zip) attached to mail (with subject:test) sent by <not disclosed> to <not disclosed> is infected with virus: Win32/[EMAIL PROTECTED]
All of the messages in question seem like bogus e-mails with spoofed addresses. I'm really confused as to whether i can trust clamav or not. I have downloaded the latest definitions with freshclam and run clamd in debug mode to make sure it's using the newly updated databases. Any suggestions?
Thanks, Phil Ershler
Phil,
I don't think clamscan has any way to deal with the mime attachments. If you
want to test against the messages you will need to de-mime them to get to the
attachments. We use ripmime but I'm sure there are others out there.
I'm over in CADE (EMCB building) if you need any help.
--Steven Dean 581-8713
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
