Hi, In addition to previous mails about Mimail.C(G): I use clamav with amavis-perl and amavis-ng. With both I have the same problem. Virus is not detected in mail. But when i save attachment: shark% clamscan photos.zip (here clamav with amavis-perl) photos.zip: Worm.Mimail.C FOUND
----------- SCAN SUMMARY ----------- Known viruses: 9922 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.01 Mb I/O buffer size: 131072 bytes Time: 0.759 sec (0 m 0 s) On other machine (clamav 0.54, later also 0.60 and amavis-ng) in amavis log i got: amavis[49413]: /home/amavis/tmp/amavis-unpack-3fa949d0-c105/parts/00000000: OK amavis[49413]: /home/amavis/tmp/amavis-unpack-3fa949d0-c105/parts/00000001: File size limit exceeded. amavis[49413]: /home/amavis/tmp/amavis-unpack-3fa949d0-c105/parts/00000002: Empty file. amavis[49413]: ----------- SCAN SUMMARY ----------- amavis[49413]: Known viruses: 9922 amavis[49413]: Scanned directories: 1 amavis[49413]: Scanned files: 2 amavis[49413]: Infected files: 0 amavis[49413]: Data scanned: 0.02 Mb amavis[49413]: I/O buffer size: 131072 bytes amavis[49413]: Time: 0.575 sec (0 m 0 s) amavis[49413]: End output from /usr/local/bin/clamscan amavis[49413]: Return code 0 So, I checked manually part 00001 and clamscan did not find virus (File size limit exceeded occured). Clamscan --disable-archive 00001 found Mimail.C and there was no error. But when I copy 00001 to another file with zip or rar extension, eg. 1.zip or 1.rar, then i got: rak# cp 00000001 1.zip rak# clamscan 1.zip 1.zip: File size limit exceeded. 1.zip: Worm.Mimail.C FOUND ----------- SCAN SUMMARY ----------- Known viruses: 9922 Scanned directories: 0 Scanned files: 2 Infected files: 1 Data scanned: 0.01 Mb I/O buffer size: 131072 bytes Time: 0.576 sec (0 m 0 s) There is also error, but virus is found. As i read in other posts, the file has bad header. I unzipped this file (photos.jpg.exe) and clamscan found the virus. Is there any way to solve the problem? Maybe i should add --disable-archive in amavis config. But what with other archives then? Best regards, Pawel Adamczyk ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
