Hi there, On Tue, 4 Feb 2014, Kris Deugau wrote:
My own favourite ClamAV integration glue, the MIMEDefang milter, does its own work to split off attachments and untangle "email" into "files" (more or less), and then points Clam at the whole set, on the not-unlikely chance Clam can't decode the attached file(s) from the email message. IIRC some time ago, there were a number of viruses that produced either broken or obscure MIME, and ClamAV couldn't find the virus in the complete email, but when it was fed the detached and decoded file, it triggered just fine.
You make an important point, and it isn't just virus-borne mailers which break the mail standards - Microsoft has some history there, for example. MIMEDefang is good at making sense of dodgy mail structures and it's very flexible, but being heavy on Perl it's a bit processor-intensive for some. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
