> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Flynn > Sent: 6. maj 2004 09:50 > To: [EMAIL PROTECTED] > Subject: [Clamav-users] There is something I dont get here ... > > "E-mail sample with missing headers. SomeFool > found if headers are added." > > So removing headers is a good way to let viruses go through ? >
No MTA will create an e-mail without adding at least a <Received: > line. Your sample is missing these - this is not a problem regarding ClamAV, but probably your MTA -> scanner configuration. > > You could argue that without headers, a message cannot go through. > Well, it's wrong if this message is itself included in another one, like > the > one I got. > The submitted sample isn't a bounced message. > So, what's next ? Clam will never recognize those ? > Do I need to write a program to fix headers and/or parse the mbox files > myself > before passing them to clam ? > There are many ways to do this - using the --mbox option should detect the virus if the _full_ e-mail is scanned by ClamAV. Otherwise I suggest using "ripmime" or "reformime" to extract embedded attachments. Best regards, Diego d'Ambra
smime.p7s
Description: S/MIME cryptographic signature