Bill Landry wrote: > Dan Zachary wrote: > >> I have recently noted that database signatures of 'type 4' are not >> always detected. (Often used to detect phishing or greeting card scams). >> >> >> I am using sendmail and mimedefang. The mimedefang is calling clamd. >> >> > Yes, check the archives. This is a known issue it seems with wrapper programs > like mimedefang, mailscanner, amavisd-new, etc., that break messages up into > decoded mime parts and send the individual parts to clamd for scanning. The > type 4 signatures want to see the whole message in its entirety, not just the > individual decoded parts. >
This is actually described (and I believe already enabled) in the example filter file, but to have MIMEDefang provide a copy of the intact mail file to the virus scanners, drop the following into the filter_begin section of MD's filter: --------- # Copy original message into work directory as an "mbox" file for virus-scanning md_copy_orig_msg_to_work_dir_as_mbox_file(); --------- Craig. ------ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
