Which AV is right :) ?

Christiaan den Besten chris at scorpion.nl
Thu Aug 12 13:16:50 IST 2004


Hi !

Just completed a small test to see if F-Prot finds viruses Clam passed as
virusfree ..... and yes .. it did.

But: I am not yet convinced if F-Prot is doing the 'Right thing TM :)"

Scenario:
        - 1. An email containing a virus as an attachment is send to a
foreign mailserver.
        - 2. Foreign mailserver bounces the message attaching the complete
message in mbox format in de message body.
        - 3. Clam scans the messages -> No virus found
        - 4. F-Prot scans the message -> Zafi.B found ....

- The actual virus is in de mbox formatted body ... this is not executable
by a normal user if he/she receives it ?
- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.

Should MailScanner do a double check ?.. one with and one without de mbox
parameter, or is F-Prot just to paranoid ?

Which is right ?

bye,
Chrs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list