stopping clamav detecting encrypted zip files

Gareth list-mailscanner at
Wed Apr 4 18:38:00 IST 2007

> Are you using the clamavmodule?  I've had the same problem.  There's a
> commandline switch to turn that notice if when using clamscan, but not
> with the module.  I'd suggested earlier that someone should add code for
> clamav, like the code for Sophos that allows you to specify messages to
> ignore.

Yes I am. I have the quarantine of silent viruses turned off the the
quaranteen basically consists of encrypted zip files and other banned
attachments which didn't contain a virus.

> The behaviour in MailWatch is to prevent the release of anything with a
> virus, which is generally a good thing to do.  Especially if you're
> allowing your users to release their own messages.  Since MailScanner
> thinks and encrypted file warning from ClamAV is a virus and flags
> the message as such, it can not be released.

How do you enable users to release their own messages?
Is it just a case if they have an account they can do a release or are there
extra priviledges or a setting which needs to be made somewhere?

> In order to release it, you'll need to manually modify the entry in the
> MailWatch database for that message to clear the virusinfected flag.

I'll have a look at the code to mailwatch tomorrow. I might add a bit of
code to check to see if the user is an administrator and then allow them to
release the message. Or perhaps just look at the name of the virus and if it
is then ignore the virus flag so it can be released.

More information about the MailScanner mailing list