Hi, >> and the filenames are like: >> >> -rwxrwxrwx 1 vscan vscan 12180 Aug 7 13:58 virus.Ywa18d
I think your solution is to rename the files from virus.Ywa18d to just Ywa18d. It should be the same as the name used in the X-Quarantine-ID header in the file itself. Make sure it isn't compressed. I'm also now noticing there are hundreds or thousands of messages erroneously quarantined as a result of this rule. It appears to expand to: # sigtool --find-sigs MBL_303159 | sigtool --decode-sigs VIRUS NAME: MBL_303159 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: www.inexglobal.com/downloads Does anyone know what's going on with this domain? It doesn't look like a domain thousands of my users would be including in their email on Aug 7th, so I don't know whether the emails were really spam... Hope this helps. Regards, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
