On Tue, 10 Aug 2010, Matus UHLAR - fantomas wrote:
On 10.08.10 06:35, Steve Thompson wrote:
Clamav-milter is used to check incoming e-mail. There are many examples
that are passed as clean and delivered, with these headers inserted:
X-Virus-Scanned: clamav-milter 0.96.1 at <mail server>
X-Virus-Status: Clean
However, a clamscan of the delivered messages (maildir format) reveals
that they are not clean:
<filename>: Trojan.Agent-167068 FOUND
How is this possible?
it's possible that the signature was not available at the time mail was
received but it is available now.
Yes, this is true in general, but in my case the available signatures were
the same in both cases (clamscan was run only an hour or two after the
e-mail had been delivered, and the clamscan was run on the same system
that delivered the e-mail, and freshclam had not been run in the
meantime).
Steve
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
