-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Micah wrote:
>> There are scripts on line you can download that will split your single file >> into >> individual files - each a complete message. These you scan one at a time. >> After >> you've found and dealt with the infected message(s) you reassemble the >> individual >> files into a single file again. >> >> Start here: http://batleth.sapienti-sat.org/projects/mb2md/ >> > > Wow. This seems like such an unnecessary and time consuming hassle (to me, > it seems ClamScan > should be able to tell you what message tested positive as it does detect > email files and the > individual messages within). I was really hoping when I first got the hit > that the "verbose" > option would give me some information; but the output was actually no more > verbose. [snip] > I don't mean to rant (much). I do realize we are dealing with the current > limitations of the > scanner and how to work with them. But I really think there should be a push > to have the scanner > spit out more useful information. [snip] You want to use clamscan for something it was not designed to do, it was designed to detect viruses and that's all. As I said, a long command that splits the mailbox (just like Dennis suggested), tests each message and reassembles the mailbox without the infected: $ formail -Ys sh -c 'tee temp.file | clamdscan --quiet - && cat < temp.file >> mailbox.cleaned' < mailbox ; rm temp.file All in one line, formail is part of procmail, and use of clamdscan is faster that clamscan. Remember that old_mailbox probably is a live one, so it would better to stop receiving messages. If you want to see what was infected, just `diff old_mailbox new_mailbox`. - -- René Berber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Cygwin) iD8DBQFHAd5vL3NNweKTRgwRCIxRAJsGnzA5aixOJnFFZXTiDa1Rh8PTBwCdFXkC yDjN6IayTHZ4Xxyv4cJEuJg= =bHNQ -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
