Am 12.11.2013 12:59 schrieb Andreas Schulze: > I found a fantastic fact! +1
other samplemessage: $ clamdscan falsepositive falsepositive.ok /tmp/falsepositive: Worm.Bagle.H-zippwd-1 FOUND /tmp/falsepositive.ok: OK ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.061 sec (0 m 0 s) $ diff falsepositive falsepositive.ok 49c49 < X-Spam-Note: SpamAssassin run bypassed due to message size --- > X-Spam-Note: SpamAssassin run bypAssed due to message size looks like a simple "pass" in lower case trigger the file as Worm.Bagle.H-zippwd-1 Anyway: a working whitelisting option would still be nice :-) -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml