UNKNOWN CLAMD RETURN

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jul 19 19:03:36 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rick Cooper wrote:
>  
>
>  > -----Original Message-----
>  > From: mailscanner-bounces at lists.mailscanner.info 
>  > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
>  > Behalf Of UxBoD
>  > Sent: Thursday, July 19, 2007 7:36 AM
>  > To: MailScanner discussion
>  > Subject: Re: UNKNOWN CLAMD RETURN
>  > 
>  > Rick,
>  > 
>  > Here is the output :-
>  > 
>  > [root at bianchi tmp]# clamscan /tmp/eicar.com 
>  > /tmp/eicar.com: Eicar-Test-Signature FOUND
>  > 
>  > ----------- SCAN SUMMARY -----------
>  > Known viruses: 154131
>  > Engine version: 0.91.1
>  > Scanned directories: 0
>  > Scanned files: 1
>  > Infected files: 1
>  > Data scanned: 0.00 MB
>  > Time: 1.491 sec (0 m 1 s)
>  > [root at bianchi tmp]# clamdscan /tmp/eicar.com 
>  > /tmp/eicar.com: Eicar-Test-Signature FOUND
>  > 
>  > ----------- SCAN SUMMARY -----------
>  > Infected files: 1
>  > Time: 0.000 sec (0 m 0 s)
>  > 
>  > But as it is the header then that is probably why it is not 
>  > giving a filename that has been scanned.
>
>
> [..]
>
> I am kind of wondering if the file(s) in ./ shouldn't be ingnored, I believe
> (Julian?) the only file in the ./ dir is the header file and the only rules
> that would trigger on a header file would be the SaneSecurity spam sigs.
>
> Julian, do you agree with skipping anything in the root of the ScanDir and
> let SA catch it (hopefully), or mark the entire message as bad?
>   
It should mark the entire message as bad in my view.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGn6d5EfZZRxQVtlQRAkdNAKD75LUxupg8jTgI+eV/iOQpB6RA8ACgkXy2
LzItPwnH1QaszlsmOf1Knew=
=BDPE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list