Am 16.02.2017 um 21:17 schrieb Mark Foley:
I am running a scheduled clamscan on the IMAP mail folders. The command is: /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \ --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/ This scan turns up the following: /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S: Win.Trojan.DarkKomet-5711346-0 FOUND /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:SEC_deficiency_letter_to_Timbervest.pdf: Win.Trojan.DarkKomet-5711346-0 FOUND This email has 4 .pdf attachments. When I run clamscan manually on any of them I get no infections: $ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\ Distribution.pdf 2011.06.08 Notification of Distribution.pdf: OK
why --scan-ole2=yes when you scan a pdf? --scan-pdf makes more sense _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
