[Mimedefang] RE: [Clamav-users] suspicious classification resulting in false postives

Matthew.van.Eerde at hbinc.com Matthew.van.Eerde at hbinc.com
Fri Sep 9 12:16:47 EDT 2005

Chris Gauch wrote:
> We are currently running ClamAV (0.86.2) in a Linux Sendmail (8.13.4)
> and MIMEDefang (2.53)
> our logs indicate that over 86 attachments have been
> flagged as "suspicious" by ClamAV 0.86.2 over the past couple of
> days.  We're beginning to wonder how many of those "suspicious"
> attachments were actually legit Microsoft documents.  Any insight or
> investigation into this issue would be greatly appreciated.  Thanks. 

MIMEDefang has a "suspicious characters in headers" check.  This is unrelated to ClamAV.

A frequently-made customization to mimedefang-filter is to change action_discard to action_bounce for suspicious characters.  That at least takes care of false positives.  YMMV.

Matthew.van.Eerde (at) hbinc.com               805.964.4554 x902
Hispanic Business Inc./HireDiversity.com       Software Engineer

More information about the MIMEDefang mailing list