[Mimedefang] mimedefang with ClamAV using ./Work instead of INPUTMSG
David G McMurtrie
dave64 at andrew.cmu.edu
Wed Jul 20 15:56:50 EDT 2016
I noticed that when using message_contains_virus_clamd(), mimedefang
passes the path of the ./Work directory to clamd for scanning, where all
the unpacked MIME parts have already been deconstructed by mimedefang.
This works fine for attachments that contain a virus, but it takes away
the ability of clamd to recognize that something was a mail file. Any
signatures that depend on that knowledge will never match. I discovered
this today when I created a cdb signature database to block any
attachments of a certain type.
After a bunch of sysadmin by google work, I see that mimedefang contains
functions to copy INPUTMSG into the Work directory. That should solve my
problem, but it's not exactly the most efficient way to solve it.
Since clamd has the ability to parse MIME messages, and indeed depends on
that ability to be able to effectively use all of its signatures, is there
any reason why mimedefang doesn't just tell clamd to scan INPUTMSG instead
Or it's possible this has been covered many times before and there's some
simple configuration bit I'm supposed to be setting that would make all
this just work.
More information about the MIMEDefang