[Mimedefang] Missed Viruses
Stewart James
stewart.james at vu.edu.au
Tue May 18 02:05:20 EDT 2004
Hi all,
I seem to be having an issue with MD and clamAV.
I am now running clamAV and Trends vscan - ClamAV first.
Some viruses are slipping past ClamAV, but are being picked up by Trend.
I have started to quarantine the ones picked up by Trend - and when I
submit the entire message to the clamAV online scanner the virus is
found. When I scan the entire message locally the virus is not found
(which I thought was OK as I did not think clamAV would unpack it's own
mime messages anyway.)
Looking at the missed viruses they are all bounces from other systems
that have attached in some way or form the entire virus. I am thinking
that for some reason MD is not unpacking all the possible mime parts and
thus clamAV never gets to see a binary file to check.
I have thrown a sample at: http://lists.vu.edu.au/MD/ENTIRE_MESSAGE
Has anyone else come accross this? Any ideas on what I may be doing
wrong?
Thanks,
Stewart
More information about the MIMEDefang
mailing list