>> On 10.08.10 06:35, Steve Thompson wrote:
>>> Clamav-milter is used to check incoming e-mail. There are many examples
>>> that are passed as clean and delivered, with these headers inserted:
>>>
>>> X-Virus-Scanned: clamav-milter 0.96.1 at <mail server>
>>> X-Virus-Status: Clean
>>>
>>> However, a clamscan of the delivered messages (maildir format) reveals
>>> that they are not clean:
>>>
>>> <filename>: Trojan.Agent-167068 FOUND
>>>
>>> How is this possible?
>>
>> it's possible that the signature was not available at the time mail was
>> received but it is available now.
>
> Yes, this is true in general, but in my case the available signatures were
> the same in both cases (clamscan was run only an hour or two after the
> e-mail had been delivered, and the clamscan was run on the same system
> that delivered the e-mail, and freshclam had not been run in the
> meantime).
I forget whether clamav-milter uses clamd, but I notice that you
ran *clamscan* instead of *clamdscan*. Clamscan will load up
the databases itself, so there exists the possibility that it's
using *different* databases than clamd/clamav-milter is.
Benny
--
"Something's going on in this house - last night, I saw a face!"
"Did it have a nose?"
"Yes!"
"That sounds like a face all right."
-- Scary Movie 4
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
