Folks,
We discussed this issue last week and Doug Monroe and I did some experiments with these messages that were getting through and:
Although Norton AV 2002 discovered an attachment and quarantined it, without Norton AV active the message appears to Outlook Express NOT to have an attachment due to the way the attachment was embedded into the email message. Message was not scanned by QS as it is PLAIN Text with attachment at the end of the body. So, some of you may be getting 'false positives' from Norton AV on attachments that are benign.
FYI- while investigating this whole mystery of why base64 encoded data in -bounce- messages was not getting found by QS/av, but was being caught by desktop av, I came across a ref to the -m option for clamav:
--mbox -m Treat stdin as a mailbox
Greg is/was using F-Secure, but wrt to clamscan use, it might be advisable to add the -m flag to clamuko_options (Jason?)
bad.xyz = saved bounce message file
---WITHOUT -m
$ clamscan -r --disable-summary --max-recursion=10 --max-files=10 --max-space=5M bad.xyz
bad.xyz: OK
---WITH -m
$ clamscan -m -r --disable-summary --max-recursion=10 --max-files=10 --max-space=5M bad.xyz
bad.xyz: Worm.SCO.A-dam FOUND
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
