On Wed, 2007-10-03 at 18:31 -0500, René Berber wrote: > Karsten Bräckelmann wrote:
> > Another downside of this approach, together with ClamAV treating mbox > > format files as text/plain is, that only the first hit will be reported. > > That was made to improve performance, the Changelog say so. Thanks for clarifying this, René. Anyway, that whole last paragraph was a heads up to those who advocated re-scanning after delivery (see the recent threads). They do not get what they believe they do. Also, thanks to you and Tomasz for replying to this request with some insight. IMHO wildcards in the signatures should be properly limited anyway. Unfortunately, the supported patterns are somewhat limited in functionality -- something that probably suits binary viruses much better than text-based email scam... guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html