On Wed, 2007-10-03 at 18:31 -0500, René Berber wrote:
> Karsten Bräckelmann wrote:
> > Another downside of this approach, together with ClamAV treating mbox
> > format files as text/plain is, that only the first hit will be reported.
>
> That was made to improve performance, the Changelog say so.
Thanks for clarifying this, René.
Anyway, that whole last paragraph was a heads up to those who advocated
re-scanning after delivery (see the recent threads). They do not get
what they believe they do.
Also, thanks to you and Tomasz for replying to this request with some
insight. IMHO wildcards in the signatures should be properly limited
anyway. Unfortunately, the supported patterns are somewhat limited in
functionality -- something that probably suits binary viruses much
better than text-based email scam...
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
