> $ clamscan -a -v -z --block-macros=yes /var/spool/mqueue/dfuBJBh64e020058 > Scanning /var/spool/mqueue/dfuBJBh64e020058 > /var/spool/mqueue/dfuBJBh64e020058: OK
The dfuBJBh64e020058 file looks like a sendmail queue datafile, in which case it would have no email headers and contain only mime encoding eg base64 and just be a plain text file and not an email file to clamav, so scan negative. If you extract the email file from the queue files, or extract the Office file from the mime part in the df file and re-scan this may work. For sendmail quarantined queue file something like the following will extract the email file: cat hfuBJBh64e020058 dfuBJBh64e020058 > somefile Edit somefile to remove the unwanted lines down to the start of the email headers eg the first H??Received: , then remove H?? at start of lines and change the '.' on its own at the end to just a newline (to mark the end of headers) (Use qf instead of hf for a non quarantine queue file, but also bear in mind that queue processing by the mail daemon may be writing to a qf but not a hf file.) Rescan and clamav should recognize as email file and extract and scan any attachments. -- David Shrimpton _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
