UNKNOWN CLAMD RETURN

[Rick Cooper]

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of UxBoD
 > Sent: Thursday, July 19, 2007 7:36 AM
 > To: MailScanner discussion
 > Subject: Re: UNKNOWN CLAMD RETURN
 > 
 > Rick,
 > 
 > Here is the output :-
 > 
 > [root at bianchi tmp]# clamscan /tmp/eicar.com 
 > /tmp/eicar.com: Eicar-Test-Signature FOUND
 > 
 > ----------- SCAN SUMMARY -----------
 > Known viruses: 154131
 > Engine version: 0.91.1
 > Scanned directories: 0
 > Scanned files: 1
 > Infected files: 1
 > Data scanned: 0.00 MB
 > Time: 1.491 sec (0 m 1 s)
 > [root at bianchi tmp]# clamdscan /tmp/eicar.com 
 > /tmp/eicar.com: Eicar-Test-Signature FOUND
 > 
 > ----------- SCAN SUMMARY -----------
 > Infected files: 1
 > Time: 0.000 sec (0 m 0 s)
 > 
 > But as it is the header then that is probably why it is not 
 > giving a filename that has been scanned.


[..]

I am kind of wondering if the file(s) in ./ shouldn't be ingnored, I believe
(Julian?) the only file in the ./ dir is the header file and the only rules
that would trigger on a header file would be the SaneSecurity spam sigs.

Julian, do you agree with skipping anything in the root of the ScanDir and
let SA catch it (hopefully), or mark the entire message as bad?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.