[Mimedefang] netsky.c passing MD-2.40 with clamav+uvscan
Alan Lehman
alehman at gbutler.com
Sat Mar 20 12:23:21 EST 2004
Lucas Albers wrote:
>> You need these switches for uvscan/clamscan:
>>
>> ($Features{'Virus:NAI'} . " --noboot --mime --secure --allole $path
>> ($Features{'Virus:CLAMAV'} . " -r --stdout --disable-summary --infected
>>
>> You need these options in clamd if you are running clamd to catch newer
>> encrypted virus's.
>> ScanMail
>> ScanArchive
>> ArchiveMaxRecursion 5
>> ArchiveMaxFiles 1000
>> ArchiveMaxFileSize 10M
>> ScanRAR
>> MaxDirectoryRecursion 3
>> StreamSaveToDisk
>>
>> I run uvscan 2.4.20 and clamscan .65 or .67.
>> You should run .67 or some virus's will slip by, as per maintainer.
>>
>>
>
> I was looking in the wrong place for the switches. My default
> mimedefang.pl included all of those except '-r'
> I added ScanMail, ScanArchive and ScanRAR to my clamav.cf.
> MaxDirectoryRecursion is 15 by default. I left that as-is.
>
> These changes didn't seem to help much though.
Running MD-2.40 with the config shown above, I updated to clamav-0.70-rc
and vlnx-4.3.20. My downstream Exchange/Groupshield is still detecting
10 to 15 netsky.b, netsky.c and bagle.gen per day unless I block all
zip's. It catches 150 to 250 viruses each day.
Is anyone else seeing this proportion of misses?
More information about the MIMEDefang
mailing list