Michael, > looking at a previous users tests of amavisd 2.6.3. > from 2.6.2_3, it worked. > > I used all three tests at sanesecurity: > http://sanesecurity.com/usage.htm > > and got them to pass with 2.6.2. > with 2.6.3, the html body one fails. > > besides default amavisd.conf, I have these local modifications: (which > worked in 2.6.2) > > $bypass_decode_parts = 0; > > @keep_decoded_original_maps = (new_RE( > qr'^MAIL$', # retain full original message for virus checking > qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if ... > qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, > # qr'^Zip archive data', # don't trust Archive::Zip > ));
Well, I don't know. I tried all three Sanesecurity test patterns in their intended location, and they were all detected by ClamAV. The qr'^MAIL$' in @keep_decoded_original_maps ensures the full message is passed intact to clamd, so it should detect the presence of a pattern in a HTML part. Does the command line clamscan detect it, when you give it the full mail message extracted from your mailbox? > second issue: > > emails with bad headers are bouncing back, even through I have: > > $final_bad_header_destiny = D_DISCARD; But for what reason are they bouncing? Perhaps they are infected or banned, besides having a bad header. Log level 5 of the incident is required please. Mark ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/