Hi Mark,
On 16 February 2010 15:21, Mark Martinec <mark.martinec+ama...@ijs.si> wrote:
>> Since an email relay sits mere seconds away from malware generation, one
>> can accept that not all viruses would get caught.. I've however heard
>> reports from downstream that a next relay in line is catching some viruses
>> that got missed by our amavisd-new setup. Also using ClamAV.
>>
>> Now, before making assumptions or trying to test this elusive suspicion,
>> I'd like to run this question by the list first: Do you think that
>> scanning a directory filled with MIME unpacked email bits should be more,
>> less, or equally as reliable as scanning the raw email file? In practice,
>> do you think that Clam or whatever might use the extra "information" of
>> malicious payload sitting snugly surrounded by it's MIME encoding? In
>> short, which option is best, pointing the AV components of amavisd-new at
>> the raw file or at the pieces? Thanks for any advice!
>
> Indeed, ClamAV may use the extra information from a mail header section
> or from a message structure. For this reason it is advisable to retain
> the complete message as one additional (or the only) file passed to
> virus scanners - and this is a default since amavisd-new-2.6.3:
>
> @keep_decoded_original_maps = (new_RE(
> qr'^MAIL$', # retain full original message for virus checking
> qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
> qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
> ));
A-ha! Thanks for that.. We're still a couple of minor versions
behind that one, 2.6.1 I think. In the meantime, is it okay to just
point an AV configuration at "{}/../email.txt" instead of "{}", or
would there be unexpected consequences?
my regards,
Riaan
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
