[Clamav-users] quarantined viruses

[Doug Hardie]

I have clamav-70 with senmail and milter with a quarantine directory.  
I see a number of files left there that do apear to contain a virus.  
However, there are some files that are very short remaining that have 
been identified as containing a virus in the maillog file but only 
contain one empty mime attachment.  The info on the attachment is what 
I would expect for the indicated virus.  Running clamdscan on the 
remaining file indicates that it has found the virus in it.  However, 
the attachment is empty.  So, I am a bit confused.  Is clamav 
identifying the virus based on the mime information or the content of 
the attachment?  It appears that it is using only the mime info.  I was 
going to save some of that but it was just too late last night so I 
don't have any examples handy.  At first I was going to send them in as 
false viruses, but after looking at them, the only thing they really 
contained was the empty attachment which probably did at one time 
include a virus.  I decided none of my users would want to receive them 
even without the virus so leaving them blocked was just fine.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users