My raw speculation:
1) It is missed because the virus.cfg is using the
"PRESCAN ON" switch (the default, I believe) and the declude.exe
application does not decode the MIME or other coding as flexibly as a mail
client would, or makes an uninformed decision about what is an object worth
scanning.
ANSWER: use PRESCAN OFF instead. This will incur
more CPU time as the selected antivirus scanner(s) will be scanning all
objects.
2) For F-Prot specifically, the /server switch is not
being used and therefore F-Prot is not doing the message format decoding.
If Declude did a perfect job, this setting would be
irrelevant.
ANSWER: use the /server switch in your SCANFILE
definition. This would cause more CPU time on the few messages that appear
as nested message encoding; it is intended for scanning servers with multiple
mailbox formats and nested messages.
I follow my own advice on these two points and do not
have a problem with F-Prot under Declude EVA missing known
viruses.
Andrew 8)
|
- Re: [Declude.Virus] [IMail Forum] Realistic virus thre... Bill Landry
- RE: [Declude.Virus] [IMail Forum] Realistic virus... Colbeck, Andrew
- Re: [Declude.Virus] [IMail Forum] Realistic v... Bill Landry
- RE: [Declude.Virus] [IMail Forum] Realist... Markus Gufler
- [Declude.Virus] Declude V4.0 [EMAIL PROTECTED]
- [Declude.Virus] Changes @ Declud... [EMAIL PROTECTED]
- RE: [Declude.Virus] Changes ... Robert Grosshandler
- RE: [Declude.Virus] Chan... Grant Griffith
- RE: [Declude.Virus] Changes ... Andy Schmidt
- RE: [Declude.Virus] Chan... Kevin Bilbee
- RE: [Declude.Virus] Chan... Andy Schmidt
- Re: [Declude.Virus] Chan... Don Brown