[Mimedefang] ClamAV not detecting all viruses

[Stewart James]

> So now my head hurts (brick wall and all). My relevant filter and
> filter_begin portions are below. However, revewing them I think I have
> perhaps spotted a issue. I scan with message_containts_virus in
> filter_begin and then with entity_contains_virus in filter. I am
> wondering if this is the real cause of my grief (plus now I scan
> everything more than needed).

My heads starting to recover from the weekend and I can elaborate a bit
further.

First. If I put some code in the filter_begin to reject messages not
just run message_contain_virus, it will work better and trend will not
get called. But, the reason why is not what I can call good news.

On some viruses. ClamAV finds the virus when ran by
message_contains_virus - which is good. But as my current filter does
not reject at this point and continues onto entity_contains_virus I seem
to find a problem.

when ClamAV is then ran over the same message with
entity_contains_virus. It fails to detect it and the routine falls
through to TREND.

So while I can simply put some code in filter_begin to repair my problem
I can a little concerned that I may have found a bigger issue - namely
varied results with clamAV depending on wether it is called with
message_ or entity_

Has anyone else noticed this? Perhaps it is a bug/issue in 2.41 that has
since been fixed? I will try and dig a bit deeper and see if I can
figure out why entity_contains_virus and clamAV miss viruses that it
detected with message_contains_virus.

Cheers,

Stewart