Am 02.10.2007 um 05:05 schrieb Chinh Nguyen Tam: > Dennis Peterson wrote: >> Chinh Nguyen Tam wrote: >>> Greetings, >>> >>> We've notice some strange behavior of clamav in our email server >>> for. >>> When we try to send some email (HTML format, Outlook 2003) with URL >>> inside, clamav detects these email as Email.Foolball-2 virus. If >>> we send >>> the emails with the same URL in Thunderbird HTML format or in >>> pure text, >>> clamav will let the emails pass by. >>> You can see the example of one Outlook HTML attached in this >>> messages >>> (please unpack with gzip). >>> Please advice if anyone met the same problem before and how to >>> solve this. >>> >>> Thank you very much! >> >> If your message contains a url such as http://123.231.255.29/, in >> other words a URL >> made up from an IP address, and if that URL is preceded by the >> word "tracker" then >> the message will fail. In fact I had to reword this post to get >> past the av filter. >> >> dp > > Yes, our emails contain urls with IP. We must change it so something > like hxxp://123.123.123.123 to pass the filter. But you know, It's > a bit > noisy for the users. It'd be ok if there's a tip to disable this > kind > of check from clamav. >
Could you submit such a mail @ http://cgi.clamav.net/sendvirus.cgi Thank you. -- Best regards, Christoph _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
