Chris Gauch wrote: > We are currently running ClamAV (0.86.2) in a Linux Sendmail (8.13.4) > and MIMEDefang (2.53) > our logs indicate that over 86 attachments have been > flagged as "suspicious" by ClamAV 0.86.2 over the past couple of > days. We're beginning to wonder how many of those "suspicious" > attachments were actually legit Microsoft documents. Any insight or > investigation into this issue would be greatly appreciated. Thanks.
MIMEDefang has a "suspicious characters in headers" check. This is unrelated to ClamAV. A frequently-made customization to mimedefang-filter is to change action_discard to action_bounce for suspicious characters. That at least takes care of false positives. YMMV. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
