I have a strange situation which I can't explain. I have an Internet-facing front-end server using exim with ClamAV. I also have the Sanesecurity signatures installed. Delivery is achieved by relaying to an Exchange server which is behind the firewall.
Some users have re-direction set up so that the Exchange server passes messages back to the front-end server for onward transmission. Note, this is re-direction, not forwarding, so the messages just have an extra Received: line added to the header. Several times per day I see messages to some of these users being rejected by ClamAV as they are being received back from the Exchange server for re-direction! That means that the messages have been cleared by ClamAV as they arrive from the Internet but are then rejected a few seconds later when returning! So far they have all been Sanesecurity signatures which have caused this. One thought is that Exchange could possible be re-writing attachments, but that would mean that ClamAV is sensitive to the way in which attachments are encoded. Any ideas? Phil. --------------------------------------- Phil Chambers ([EMAIL PROTECTED]) University of Exeter _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
