On 2009-10-23 19:46, Jari Fredriksson wrote: > 23.10.2009 17:25, Jari Fredriksson kirjoitti: > >> This may or may not be an amavisd-new question, but I start here. >> >> > > Now things changed a bit. That was detected, but with a MIME error. >
Did you change anything, or did it change with a signature update? > Cheers. > > ------------------------------------------------------------------ > > A virus was found: > > Bad header: > MIME error: error: part did not end with expected boundary > This message is not coming from ClamAV. It looks like amavisd-new cannot MIME-decode the message (perhaps because it is intentionally non-RFC conforming), and shows an error. Still since ClamAV did detect a Virus, it should classify it as a virus. Doesn't it? > Scanner detecting a virus: ClamAV-clamd > > Content type: Virus > Internal reference code for the message is 16851-07/Zh1IxQou4Qc0 > > First upstream SMTP client IP address: [10.123.29.115] > According to a 'Received:' trace, the message originated at: > [93.83.198.166], > 93.83.198.166 > > Return-Path: <deliv...@dhl-usa.com> > From: "Manager Collin Escobar" <deliv...@dhl-usa.com> > Message-ID: <000d01ca53fe$a0163910$6400a...@chowderedh> > Subject: DHL Express Services. Please get your parcel NR.25483 > The message has been quarantined as: Z/virus-Zh1IxQou4Qc0 > > Notification to sender will not be mailed. > > The message WAS NOT relayed to: > <s...@wellington.fredriksson.dy.fi>: > 250 2.7.0 Ok, discarded, id=16851-07 - INFECTED: > > Virus scanner output: > p004: Suspect.Bredozip-zippwd-2 FOUND > p002: Suspect.Bredozip-zippwd-2 FOUND > Looks like ClamAV is working properly, right? Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
