On Tue, May 23, 2006 at 02:06:05PM -0600, Alex Georgopoulos wrote: > Tons maybe a little exaggerated but like Kelson said the users keep retrying > cause they don't get any notification that it is getting blocked so the send > it again. Removing the def from the cvd file is an option but would be
They don't get any notification that it is blocked? That sounds like a problem on their end. Or does your mailserver generate a tempfail (4xx error code) when it finds a virus? > anoying to maintain over time. I would really like to know why this is > happening and get it fixed from the source and not a work around that we'll > have to maintain. (Trend, Symantic and Mcafee all said there wasn't > anything wrong with the file) I even took the file converted it to ODF > format then back to Excel and it still gave me a false positvie. I stripped > out he macros too and it still doesn't like it. My hunch is that there is a > problem with the way that particular def works. And you might be right. Please recall that ClamAV comes with a full money back guarantee if it's not performing the way God intended it. Seriously, though: the workaround (removing the sig by extracting the .cvd) might only be necessary once or for a single day. Your customer would be happy, file would get sent (unless the receiving end also uses clamav!), and the problematic sig might be removed/updated from the distribution by one of the next database updates. It's likely however your customer won't hit the same FP twice in short succession (at least - in my experience. FPs are still quite rare). -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disc lamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
