Clamav suggestions

--[ UxBoD ]-- uxbod at splatnix.net
Thu May 10 11:14:25 IST 2007


Yeah that makes sense Jules.

Taking a step back from this and looking at it again.  Does this only happy with the SaneSecurity signatures ?

Apologies, if I have missed a previous thread on this.

On Thu, 10 May 2007 10:51:08 +0100, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> That would slow it down a lot, as it would require another run of the 
> command-line scanner(s).
> 
> MailScanner always tries to deliver as much of the message as possible. 
> So if you had 3 docs attached to an email message, 1 of which had a 
> macro virus, scanning the whole message with ClamAV would result in none 
> of the attachments getting through. Whereas MailScanner's philosophy is 
> that the other 2 docs and the message body text should still get 
> delivered as they are not infected. So I don't want to throw the whole 
> message at ClamAV either.
> 
> - --[ UxBoD ]-- wrote:
>> Why not just scan the whole file after all the individual scans, but
> only if it hasn't detected anything in the individual element ones ?
>>
>> On Thu, 10 May 2007 09:43:16 +0200, Fabio Pedretti
> <pedretti at eco.unibs.it> wrote:
>>   
>>> Citando "Koopmann, Jan-Peter" <jan-peter at koopmann.eu>:
>>>
>>>     
>>>> On Wednesday, May 09, 2007 9:27 PM Julian Field wrote:
>>>>
>>>>       
>>>>> I can't see any effective good solution to this one.
>>>>>         
>>>> Except for convincing the clamav developers to put in another scan
>>>> option. When called with this option they would not check for the
>>>> existance of mail headers. I have no idea how delighted they would
>>>> be if we proposed this though. Any volunteers? :-)
>>>>       
>>> I don't know if this is a good solution. Clamav check for this strings
>>> only in mails, as check for macro viruses only in MS files, for unix
>>> viruses only on ELF files, etc...
>>> I think the problem is in how MailScanner call clamav, giving it all
>>> separated attachments and not the full mail.
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> This message has been scanned for viruses and dangerous content by
>>> MailScanner, and is
>>> believed to be clean.
>>>     
> 
> Jules
> 
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: UTF-8
> 
> wj8DBQFGQutIEfZZRxQVtlQRArzKAJ91LL+CA4vtESEYmlmQl94HwtslAwCg08jC
> jjcAgWal0akj1uoq014pszo=
> =bk0h
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
// Phone: +44 (0) 845 869 2749  SIP: uxbod at sip.splatnix.net


-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list