Re: [Clamav-users] Scans mail but never finds virus

[Chadwick Wachs]

That discard is another external helper and rule combination that runs 
after the ClamAV helper that basically takes messages with certain file 
extensions and moves them to another quarantine folder.  It is designed 
as a safety incase virus checkers miss the file or new virus come out 
before definitions are updated - the most common virus file types are 
automatically quarantined.  However, that rule runs on a much lower 
priority than ClamAV on the mail server and only comes into play after 
the messages is deemed safe by ClamAV.  In this case (and in all cases 
now), ClamAV determines ALL messages are safe, even those with virus 
attached to them.  In my log below, that message was missed by Clam but 
caught because the virus had a .pif file attachment and the rule 
determined it suspicious.

Chad
On Jun 21, 2004, at 9:11 PM, [EMAIL PROTECTED] 
wrote:

15:56:33.49 2 LOCALRULES(chad) [490316] rule(Dangerous Attachment)
discarded the message
15:56:33.49 2 ACCOUNT(chad) [490316] delivered
15:56:33.49 2 DEQUEUER [490316] LOCAL(chad) delivered
 I have absolutely no idea about the filter you use, but you can see 
from the
above lines in your log, it's telling you it deleted the message, but 
still
delivers it to your account.

Matt

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users