On 11.1.2010 13:53, Mark Martinec wrote: > > Jari, > > >> >> I have latest amavisd-new and clamd from Debian Lenny /backports. >> >> It does not seem to recognise virii in email (just this one kind of >> >> trojan is the culprit), but clamd reports fine when trying manually the >> >> email attachment later. >> >> [...] >> >> Manual scan: >> >> $ clamscan DHL_document_82660.zip >> >> DHL_document_82660.zip: Suspect.Bredozip-zippwd-2 FOUND >> >> [...] >> >> It's always that Bredolab that is not recognised, so it seems. Other >> >> kinds of virii reported ok, I think. >> >> >> >> If I configure other scanners for amavisd those will get recognised by >> >> the other scanners ok (F-Prot, BitDefender). > > > > Perhaps clamav needs a complete message to be able to recognize this > > type of load. Try adding qr'^MAIL$' to your @keep_decoded_original_maps > > in amavisd.conf, e.g.: > > > > @keep_decoded_original_maps = (new_RE( > > qr'^MAIL$', # retain full original message for virus checking > > qr'^MAIL-UNDECIPHERABLE$', > > qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, > > )); > > That seems to be in 20_debian_defaults
@keep_decoded_original_maps = (new_RE( # qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); Thanks anyway :) ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/