Clamav suggestions

Julian Field MailScanner at ecs.soton.ac.uk
Thu May 10 10:51:08 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That would slow it down a lot, as it would require another run of the 
command-line scanner(s).

MailScanner always tries to deliver as much of the message as possible. 
So if you had 3 docs attached to an email message, 1 of which had a 
macro virus, scanning the whole message with ClamAV would result in none 
of the attachments getting through. Whereas MailScanner's philosophy is 
that the other 2 docs and the message body text should still get 
delivered as they are not infected. So I don't want to throw the whole 
message at ClamAV either.

- --[ UxBoD ]-- wrote:
> Why not just scan the whole file after all the individual scans, but only if it hasn't detected anything in the individual element ones ?
>
> On Thu, 10 May 2007 09:43:16 +0200, Fabio Pedretti <pedretti at eco.unibs.it> wrote:
>   
>> Citando "Koopmann, Jan-Peter" <jan-peter at koopmann.eu>:
>>
>>     
>>> On Wednesday, May 09, 2007 9:27 PM Julian Field wrote:
>>>
>>>       
>>>> I can't see any effective good solution to this one.
>>>>         
>>> Except for convincing the clamav developers to put in another scan
>>> option. When called with this option they would not check for the
>>> existance of mail headers. I have no idea how delighted they would
>>> be if we proposed this though. Any volunteers? :-)
>>>       
>> I don't know if this is a good solution. Clamav check for this strings
>> only in mails, as check for macro viruses only in MS files, for unix
>> viruses only on ELF files, etc...
>> I think the problem is in how MailScanner call clamav, giving it all
>> separated attachments and not the full mail.
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --
>> This message has been scanned for viruses and dangerous content by
>> MailScanner, and is
>> believed to be clean.
>>     

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: UTF-8

wj8DBQFGQutIEfZZRxQVtlQRArzKAJ91LL+CA4vtESEYmlmQl94HwtslAwCg08jC
jjcAgWal0akj1uoq014pszo=
=bk0h
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list