[Mimedefang] CLAMAV issues - Plexus.B flagged incorrectly?
David F. Skoll
dfs at roaringpenguin.com
Thu Jul 1 23:57:31 EDT 2004
On Thu, 1 Jul 2004, Paul Murphy wrote:
> Jul 1 10:21:32 adelie mimedefang.pl[32288]: Filter: ,,text/plain, Virus=1
> Jul 1 10:21:32 adelie mimedefang.pl[32288]: Virus: 0, ok, ok,Worm.Plexus.B
> Jul 1 10:21:32 adelie mimedefang.pl[32288]: Filter: ,,text/html, Virus=1
> Jul 1 10:21:32 adelie mimedefang.pl[32288]: Virus: 0, ok, ok,Worm.Plexus.B
> Jul 1 10:21:45 adelie mimedefang.pl[32288]:
[...]
> As you can see, $FoundVirus is set and $VirusName is also set correctly, but
> entity_contains_virus() (and thus entity_contains_virus_clamd) is returning a
> code of 0 and a category of "ok".
Don't use entity_contains_virus() to detect viruses. The
message_contains_virus() functions scan both the original raw MIME
message and the decoded MIME parts, and are therefore much more reliable.
--
David.
More information about the MIMEDefang
mailing list