> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Peter > Bonivart > Sent: Thursday, May 20, 2004 2:22 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Question regarding virus detection > > > Jim Maul wrote: > > There is something that is causing clamav to not be able to detect this > > virus after the message has been bounced and now forwarded. > > Damaged bounces are not dangerous. Why bother making signatures for them > when you don't make money showing how many viruses you detect? > >
Can you elaborate on how they arent dangerous? I realize its slightyly harder to get infected because there is no attachment itself to click on, but the possibility is there. Especially since the virus is just mime encoded. All it would take is outlook getting this message, decoding the mime segment and executing the now valid letter45.txt.pif. Running reformime or ripmime on the bounce produces a couple text parts and the executable .pif which clamscan DOES recognize. Whats weird is this is EXACTLY what qmail-scanner should have done to begin with so im not sure how it even got through.... Jim ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
