[Mimedefang] mimedefang with ClamAV using ./Work instead of INPUTMSG

David G McMurtrie dave64 at andrew.cmu.edu
Wed Jul 20 15:56:50 EDT 2016

Hi all,

I noticed that when using message_contains_virus_clamd(), mimedefang 
passes the path of the ./Work directory to clamd for scanning, where all 
the unpacked MIME parts have already been deconstructed by mimedefang. 
This works fine for attachments that contain a virus, but it takes away 
the ability of clamd to recognize that something was a mail file.  Any 
signatures that depend on that knowledge will never match.  I discovered 
this today when I created a cdb signature database to block any 
attachments of a certain type.

After a bunch of sysadmin by google work, I see that mimedefang contains 
functions to copy INPUTMSG into the Work directory.  That should solve my 
problem, but it's not exactly the most efficient way to solve it.

Since clamd has the ability to parse MIME messages, and indeed depends on 
that ability to be able to effectively use all of its signatures, is there 
any reason why mimedefang doesn't just tell clamd to scan INPUTMSG instead 
of Work?

Or it's possible this has been covered many times before and there's some 
simple configuration bit I'm supposed to be setting that would make all 
this just work.



More information about the MIMEDefang mailing list