[Mimedefang] TESTVIRUS.org - test question

[Rob]

> -----Original Message-----
> From: mimedefang-bounces at lists.roaringpenguin.com 
> [mailto:mimedefang-bounces at lists.roaringpenguin.com] On 
> Behalf Of Dirk Mueller
> 
> No, this is not the problem. mimedefang does not pass the 
> original mail to 
> ClamAV. it extracts all mime parts, and then calls the virus 
> scanner on those 
> files, since not all virus scanners can handle raw mails. The 
> virus scanner 
> never actually sees the original, unmodified mail with mimedefang.
> 
> So this is a mimedefang-only bug. Not a bug in ClamAV. 

Well, I'd call it a bug (or maybe a feature) of both :)

I would say that the problem is that MD only does part of the job of
extracting parts.  Rather than fully decoding the email it does a
half-hearted job (and no, I'm not having a go - it's a design choice I can
fully understand).  This means that any smart scanners get only part of the
story.  Ideally MD would not just pass the decoded parts but the original
email, as is, to the scanner.  There would be some overhead, but it's better
than the current situation.

> BTW, my workaround for letting ClamAV handle mails directly 
> is to prepend the 
> mail with a "From foo at bar.com" before passing it down to 
> clamdscan --mbox. 
> This way it will always handle it as email. 

I had thought about that myself :)

> But again, to avoid misunderstandings: this is not needed 
> with mimedefang, 
> since mimedefang never runs the virus scanner on the mail itself. 

Yeah, I solved the problem by using clamav-milter itself.  I'd rather not
have something else in the loop (more things to break), but I'll live with
it.


PLEASE - keep list traffic on the list.  Email sent directly to me may be
ignored utterly.

-- 
Rob | What part of "no" was it you didn't understand?