Hi Mark, On 16 February 2010 15:21, Mark Martinec <mark.martinec+ama...@ijs.si> wrote: >> Since an email relay sits mere seconds away from malware generation, one >> can accept that not all viruses would get caught.. I've however heard >> reports from downstream that a next relay in line is catching some viruses >> that got missed by our amavisd-new setup. Also using ClamAV. >> >> Now, before making assumptions or trying to test this elusive suspicion, >> I'd like to run this question by the list first: Do you think that >> scanning a directory filled with MIME unpacked email bits should be more, >> less, or equally as reliable as scanning the raw email file? In practice, >> do you think that Clam or whatever might use the extra "information" of >> malicious payload sitting snugly surrounded by it's MIME encoding? In >> short, which option is best, pointing the AV components of amavisd-new at >> the raw file or at the pieces? Thanks for any advice! > > Indeed, ClamAV may use the extra information from a mail header section > or from a message structure. For this reason it is advisable to retain > the complete message as one additional (or the only) file passed to > virus scanners - and this is a default since amavisd-new-2.6.3: > > @keep_decoded_original_maps = (new_RE( > qr'^MAIL$', # retain full original message for virus checking > qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables > qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, > ));
A-ha! Thanks for that.. We're still a couple of minor versions behind that one, 2.6.1 I think. In the meantime, is it okay to just point an AV configuration at "{}/../email.txt" instead of "{}", or would there be unexpected consequences? my regards, Riaan ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/