ClamAV and MailScanner Bug

[Stephen Swaney]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Wess Bechard
> Sent: Wednesday, May 04, 2005 8:58 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: ClamAV and MailScanner Bug
>
> I also had quite a few viruses slip through this way in the past few days.
> I've applied Julian's patch to the VirusSweep.pm already, which grabs the
> empty files, but they still slip through.
>
> On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote:
>
>       Julian,
>
>       I'm using sendmail 8.13.3.  All I did to duplicate it was send a
> test
>       message with an EICAR attachment.  If I used clamav by itself, then
> the
>       virus is detected but MS still says it's clean and delivers it.  If
> I
>       switch to clamavmodule, then the virus is detected and MS removes
> the
>       message id from it's array of ones to be deliverer.  If I used a
> sophos
>       as a secondary scanner to clamav then virus is also detected and
> stopped
>       but I think that is because it's acting on the sophos detection and
> not
>       the clamav.
>
>       -----Original Message-----
>       From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
> On
>       Behalf Of Julian Field
>       Sent: Wednesday, May 04, 2005 4:19 AM
>       To: MAILSCANNER at JISCMAIL.AC.UK
>       Subject: Re: ClamAV and MailScanner Bug
>
>       Also, is it specific to one MTA?
>       Looks like you are using Postfix. What is anyone else with this
> problem
>       running?
>
>       On 4 May 2005, at 09:04, Julian Field wrote:
>

Is your "Maximum Archive Depth = " set to "0". Yesterday we had to set this
to a positive integer (we used the default of 3) to stop filenames like:

"Winzipped-Text_Data.txt           .exe"