pedretti at eco.unibs.it
Fri Mar 9 18:26:09 CET 2007
I am using MailScanner 4.44.6 (I know it's old, but seems that my
suggestions are not implemented in current code) with clamscan 0.90.1
(not Mail::Clam module). I have some suggestions for using it with
1) clamscan is called with the option --disable-summary , which is
deprecated. --no-summary should be used instead.
2) I noticed that some phishing mail are not blocked (I am also using
the signatures of sanesecurity). If I do a clamscan on the full
original mail with headers, clamscan find the virus (I can provide a
sample if needed). Seems the problem is that MailScanner extracts the
content of the mail (body + attachment) and scans it, but some
phishing mail are only detected if the full headers are present (in
the clamav DB in the extended signature format, option 4 is for mail
files, look at signatures.pdf in clamav source, and are detected only
if full mail with headers is scanned).
MailScanner should be modified so that all the original mail (with
headers and without extracting attachment) should be passed to
clamscan, so all virus can be catched.
3) Would be nice to have a module which directly uses clamd and then
fallback to clamscan if it's not working, other than clamscan or
4) Would be nice to have the possibility to quarantine only the entire
message and not also the attachments: worse is that if there are some
compressed files, the original file as well as the content are
quarantined, doubling the space on the disk.
More information about the MailScanner