folks, ive had qmail-scanner 1.20 running on my freebsd box with clamav-0.70 and recently, ive been getting emails with viri that clamav knows about getting through as follows:...snip...
but If I export that email to a file and clamscan it with -m clamav reports it a somefool.P.
but when it comes through my mail server, QS never catches it.. heres how my QS clamscan is configured.
my $clamscan_binary='/usr/local/bin/clamscan';
my $clamscan_options="-r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 --max-space=100000";
and heres the debug..
...snip...
Fri, 23 Apr 2004 21:43:31 -0400:93702: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/beast108277101146193702 [1082771011.52097]
Fri, 23 Apr 2004 21:43:31 -0400:93702: w_c: primary Content-Type of text/plain found
...snip...
...snip...
I upgraded to QA 1.22 but that didnt seem to help:
Fri, 23 Apr 2004 22:08:08 EDT:97814: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/beast108277248847997814 [1082772488.69036]
Fri, 23 Apr 2004 22:08:08 EDT:97814: w_c: primary Content-Type of text/plain found
Fri, 23 Apr 2004 22:08:08 EDT:97814: c_a_g: found hidden MIME attachment
This was covered in depth a month or so ago, check archives.
Bottom line is that the message is _plain text_ - there is no "attachment" per se since there are no legit MIME boundary _header_ - the MIME parts you see are in the _text body_ of the message. Therefore, there no real way for the message to -show- the user anything harmful (e.g. it isn't "available" as an attachment from the MUA.
Note the diff between the 2 debugs of the 2 versions. 1.22 has a way to flag the "hidden MIME attachment"
------------------------------------------------------- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
