Which AV is right :) ?
Christiaan den Besten
chris at scorpion.nl
Thu Aug 12 13:16:50 IST 2004
Hi !
Just completed a small test to see if F-Prot finds viruses Clam passed as
virusfree ..... and yes .. it did.
But: I am not yet convinced if F-Prot is doing the 'Right thing TM :)"
Scenario:
- 1. An email containing a virus as an attachment is send to a
foreign mailserver.
- 2. Foreign mailserver bounces the message attaching the complete
message in mbox format in de message body.
- 3. Clam scans the messages -> No virus found
- 4. F-Prot scans the message -> Zafi.B found ....
- The actual virus is in de mbox formatted body ... this is not executable
by a normal user if he/she receives it ?
- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.
Should MailScanner do a double check ?.. one with and one without de mbox
parameter, or is F-Prot just to paranoid ?
Which is right ?
bye,
Chrs
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list