Further to my problem of a message getting in to my system without being
blocked by clamd and then being block when re-directed by my exchange server:
I now have several examples of pairs of messages which differ only because one
header is longer than the other. I have copies of the two messages sitting side
by side in the same directory with identical ownerships and permissions.
I get the following:
clamdscan internet1.eml
/var/spool/exim/clamtest/message1/internet1.eml: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.005 sec (0 m 0 s)
clamdscan exchange1.eml
/var/spool/exim/clamtest/message1/exchange1.eml:
<wrapped> Email.Spam.Sanesecurity.Url_557 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.004 sec (0 m 0 s)
The signature is present in the bodiess of both messages (in a plain text
part). If I do a diff there is only a difference in the headers.
I am using clamav-0.92 compiled from source on Red Hat uname -a produces:
Linux dot 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686 i386
GNU/Linux
How do I go about diagnosing this?
Phil.
---------------------------------------
Phil Chambers ([EMAIL PROTECTED])
University of Exeter
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
