Thanks for your comments Nigel. > > > > So, some questions: > > > > 1) How dangerous are these virus-bounces? > > In theory not at all, but I don't trust MUAs not to > be broken > so clamAV does look for and find them.
Exactly! > > > 2) Should clam detect the virus when given the > > text/plain main body of the bounce message? > > Yes, it already does. hmmm - the virus that got through was W32/Mytob-Z and it was detected by a Mirapoint server downstream. We call clamav from mimedefang on a part by part basis. > > > 3) Should clam detect the virus when given the > entire > > bounce message? > > Yes, if you have a sample which is not found, please > email it to me. We currently don't ask clamav to scan the entire raw message - just each part separately. The mail was dropped by the mirapoint server and I'm finding it difficult to obtain an infected qmail bounce. > > > 4) What other mechanisms can we use to drop these > > virus-bounces? > > I have a (closed source) milter to do that. I run it > in parallel with clamAV > so that it can block bounces which don't include the > complete original > virus (most bounces don't include the original > emails with their viruses). I > can talk to you about that if you want. > Ahhhh - could the original bounced mail have been truncated in some way? Was the mirapoint server picking up on the subject/sender etc or maybe it has some special filters to pick these up? Thanks again. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ http://lurker.clamav.net/list/clamav-users.html