This is the ability to identify mass-mailing viruses based on the name of the virus detected. For example the W32.Beagle (or Bagle) from Symantec shows up as [EMAIL PROTECTED] This means that can then drop any messages with the @mm instead of just removing the attachment and sending on to the client.
Depending on who named the virus first, ClamAV will either use the "@mm" suffix or the "Worm." prefix. It's not 100% consistent, but the information is there.
Because we use more than one virus scanner (with, naturally, different naming schemes), we check for @mm, Worm., and a few specific names to decide how to handle the message. (FWIW, we use MIMEDefang to integrate the scanners and discard/reject/disinfect messages.)
-- Kelson Vibber SpeedGate Communications <www.speed.net>
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
