On Fri, 2004-02-20 at 09:54, Doug Monroe wrote: > Greg is/was using F-Secure, but wrt to clamscan use, it might be > advisable to add the -m flag to clamuko_options (Jason?) >
Nope - I have a better answer :-) 1.21 will check the body of the message for the presence of "MIMEiness" - if it finds it, it will force Q-S to assume the message has attachments, and run the virus scanners over it. Note: NONE OF THIS IS NEEDED!!! There is no problem. As far as I can tell, when such a bounce message gets to an end-user, all they see is a raw text message - no attachments - no virus. As such the fact that other AV systems say there is a virus is debatable. I'd say as the user cannot possibly be infected without good access to MIME internals and an editor, it isn't a virus! I mean, if I shoved the EICAR test virus string in this sentence, should a virus scanner claim it found it or not? I'd say as the string isn't in a file called EICAR.COM, it isn't the virus. But indeed, some virus scanners would say it was viral! Different vendors - different approaches. Anyway, I am swallowing my moral high ground on this one and 1.21 will attempt to detect such bounced messages - but it is still up to the actual AV systems to find the virus... (Doug: as far as the "-m" option WRT ClamAV goes - let me have a look at that - it's a separate, specific issue) Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
