ClamAV suggestion

[Fabio Pedretti]

Hi,
I am using MailScanner 4.44.6 (I know it's old, but seems that my  
suggestions are not implemented in current code) with clamscan 0.90.1  
(not Mail::Clam module). I have some suggestions for using it with  
clamav:

1) clamscan is called with the option --disable-summary , which is  
deprecated. --no-summary should be used instead.
2) I noticed that some phishing mail are not blocked (I am also using  
the signatures of sanesecurity). If I do a clamscan on the full  
original mail with headers, clamscan find the virus (I can provide a  
sample if needed). Seems the problem is that MailScanner extracts the  
content of the mail (body + attachment) and scans it, but some  
phishing mail are only detected if the full headers are present (in  
the clamav DB in the extended signature format, option 4 is for mail  
files, look at signatures.pdf in clamav source, and are detected only  
if full mail with headers is scanned).
MailScanner should be modified so that all the original mail (with  
headers and without extracting attachment) should be passed to  
clamscan, so all virus can be catched.
3) Would be nice to have a module which directly uses clamd and then  
fallback to clamscan if it's not working, other than clamscan or  
Mail::Clam options.
4) Would be nice to have the possibility to quarantine only the entire  
message and not also the attachments: worse is that if there are some  
compressed files, the original file as well as the content are  
quarantined, doubling the space on the disk.

Fabio