[Mimedefang] Configure uvscan to scan inside a zip file.

Jason Englander jason at englanders.cc
Tue Jul 1 20:03:01 EDT 2003

On Tue, 1 Jul 2003, Lucas Albers wrote:

> Have you sent a virus infected zip through your mail server?
> And it detected the virus and blocked the attachment?

I don't use uvscan at home, it's too slow (and I won't give money to NAI).
A client of mine uses it, but I have them set up to get scanned with
File::Scan and clamd on three outside MX hosts, then uvscan on two
inside MX hosts.  Nothing with a zip attachment has ever made it to

I'm a member of the clam antivirus signature "team", and I also have
a few ISP clients.  I see so many viruses, signatures, e-mails with
infected attachments, and such every day that I can't even remember what
the deal was, but I think that client's MD filter was catching the Sobig.E
attachments before the signature was added.  They have a very long,
complicated MD filter...

Running uvscan at the commandline against a Sobig.E sample that I have
does this:

# uvscan --secure \"your_details.zip
        Found the W32/Sobig.e at MM virus !!!

I use Pine, which wouldn't let me attach a file with that name (it
doesn't like the quote), but I attached it as yd.zip and set the
client's MD to use only uvscan and it did find Sobig.e at MM in it.

I sent "your_details.zip through my home mail server using nail (my
/bin/mail) and clamd did detect it.


Jason Englander <jason at englanders.cc>
394F 7E02 C105 7268 777A  3F5A 0AC0 C618 0675 80CA

More information about the MIMEDefang mailing list