Jari, > I have latest amavisd-new and clamd from Debian Lenny /backports. > It does not seem to recognise virii in email (just this one kind of > trojan is the culprit), but clamd reports fine when trying manually the > email attachment later. > [...] > Manual scan: > $ clamscan DHL_document_82660.zip > DHL_document_82660.zip: Suspect.Bredozip-zippwd-2 FOUND > [...] > It's always that Bredolab that is not recognised, so it seems. Other > kinds of virii reported ok, I think. > > If I configure other scanners for amavisd those will get recognised by > the other scanners ok (F-Prot, BitDefender).
Perhaps clamav needs a complete message to be able to recognize this type of load. Try adding qr'^MAIL$' to your @keep_decoded_original_maps in amavisd.conf, e.g.: @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # retain full original message for virus checking qr'^MAIL-UNDECIPHERABLE$', qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); Mark ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/