At 14:17 5.10.2004 -0500, you wrote:
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Nigel Horne > Sent: Tuesday, October 05, 2004 2:02 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] Detection problem? > > > On Tuesday 05 Oct 2004 19:34, Sasa Stupar wrote: > > I am running a clamav-milter with sendmail 8.13.0. I have made > a test at > > www.testvirus.org and two tests passed thru: #24 and #25. > > There is no signature to detect, so nothing to stop. > > > In explanation it says that it should detect it but it doesn't. > > The explanation is wrong. >
Actually the explanation is not wrong. It says your *mail server* should detect and stop them, and it should... ff you are going to serve mail to any Microsoft based products. It does *not* say your antivirus solution should detect them.
In the case of #24 accepting fragmented emails is policy issue. If you allow fragmented emails there is no way you can scan the contents, as they arrive, as a whole. There are ways to catch them (I don't allow them on any of our servers) and detection of such is not clam's job.
In the case of #25 accepting an attachment with CLSID extension, if you are delivering to Microsoft based products, is a very bad idea (but not clam's job)
Rick
But how do I deny fragmented mails on sendmail? I am still a begginer in sendmail.
Sasa Stupar
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
