[Mimedefang] TestVirus.org
J.D. Bronson
jbronson at wixb.com
Fri Jul 30 12:55:22 EDT 2004
>On Friday 30 July 2004 03:03 am, Martin Blapp wrote:
> > Clamav is not catching 5 tests, and viri are slipping throuh ! At least
> > test 8 and 23 are very important to catch I think:
>
>There's timing... I was just looking at this stuff yesterday. I got the same
>results initially (except for #25, which had been defanged), but after
>investigation was able to easily block the rest by copying a few bits over
>from the current example filter. From what I can tell, it looks like these
>would all be detected by a default install of the latest MimeDefang paired
>with a current Clamd with the ScanMail option enabled.
Could you kindly post exactly what you did?
>Take a cue from the current example filter and call
>md_copy_orig_msg_to_work_dir_as_mbox_file() just before calling
>message_contains_virus. This way, clamd gets to look at the raw message in
>addition to the MD-decoded parts and will pick out the binhex attachment.
>Note that you have to do something in response to this rather than wait for
>entity_contains_virus, because MD won't see that entity.
Can you also expand on this please?
(examples ?)
thanks in advance!
-JDB
** DISCLAIMER **
Per Anti-Virus Policy, this email has been scanned for viruses.
Scanned clean by F-PROT ANTIVIRUS 4.4.3 - http://www.f-prot.com
More information about the MIMEDefang
mailing list