> > > I would guess that your best bet is going for a scanner (actually, > scanners I > > you want to do a thorough job) that has Windows as its > native platform > > (ClamAV is designed for *nix) and doing it from a Windows > environment > (which > > would allow you to use the MAPI-interface to scan inside > the pst's). > > But > it > > really depends on what kind of system and compromise (accidental or > > professionally targeted) you're dealing with. > > I do forensics for hobby, it isn't a professional target. > > You are right, but given that I'm analysng a Windows > post-mortem filesystem from a GNU/Linux enviroment is > difficult to execute a Windows-native scanner. Maybe should I > change my analysis enviroment (from GNU/Linux -> Windows :)
Have a look at: http://alioth.debian.org/projects/libpst/ MrC _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
