Suntower West wrote: > Hi, > > I'm getting a positive for this in a Eudora mailbox (which is > basically just an ASCII file.) However, when I scan the same file > with Comodo it comes up as clean. > > 1. Is this a false positive? > > 2. If not, then, is there a way to locate the bad code within the > text and remove it without removing the entire file (which I need!) > > TIA,
To answer the second question (if your mailer rejected the previous response to your question check the mail list archives at http://lurker.clamav.net/list/clamav-users.html): To find the offending text you need to extract the signature from the ClamAV signature files. This doesn't work for all signatures, but does for this one. In your signatures directory: grep Email.Phishing.DblDom-59 * main.cld:Email.Phishing.DblDom-59:4:*:2f2e7777772e70617970616c2e636f6d2f Select and copy the hex data following the final : Past it into the right hand panel at http://nickciske.com/tools/hex.php and select "DECODE". The decoded text will appear in the left hand panel. That the text that was found in your message that caused the rejection. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
