ClamAV and Password Protected Bagles

Julian Field mailscanner at ecs.soton.ac.uk
Thu Mar 4 14:02:20 GMT 2004


At 13:54 04/03/2004, you wrote:
> > >If some virus scanners can see viruses by seeing the message as a whole
> > >rather then in parts, it would be nice to come up with something to let
> > >them try.  Maybe it could be an option setting in MailScanner.conf to
> > >include or not include the original message when virus scanning.
> >
> > That will involve yet more I/O, but I'll definitely consider it.
>
>Could you please make this an option?

It's not as trivial to implement as it sounds, as MailScanner scans many
messages at once and needs to be able to spot the difference between the
message text and any similarly-named attachment. Whatever I decide to call
the raw message text, someone will write a virus which contains a harmless
attachment called the same thing to try to defeat me. I wonder how (or even
if) the Amavis guys have solved this problem?

I intend to do a stable release tomorrow and it certainly won't be in that.
Too late to start implementing new features now. But I will think about
ways of overcoming the problems, something will come to mind. Be warned it
will make MailScanner go slower as more I/O will have to be done on the
entire message.

>   You can keep it disabled by default.
>For those of us using McAfee, which seems like it won't be able to detect
>these, we could at least add ClamAV which will catch them if it scans the
>queue file.  Thanks for your consideration.
>
>Jason

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list