> "frank" <[EMAIL PROTECTED]> wrote: > Just today I installed clamav and I'm having problems with it too. In my > case, I finally tracked it down to SPF. The SPF plugin adds a > "Received-SPF:" header to the top of the message and I believe clamav is > choking on it because it wants to read a plain "Received:" header. I > haven't checked clamav sources but experimentation shows this to be the > case. I guess I could add an extra blank "Received:" inside the plugin > code for a quick fix.
Yep, you've got it. I can reproduce with a sample virus message (with full headers). I put a Received-SPF header on top of the message in file "virus-bug-clamav-withspf" and I put the exact same message without the Received-SPF header in virus-bug-clamav-nospf. [EMAIL PROTECTED]:~$ head -n 2 virus-bug-clamav-nospf Received: from wifi-d9148176.obudanet.hu (HELO netvision.net.il) (217.20.129.118) by baba.logidac.com (qpsmtpd/0.27-dev) with ESMTP; Wed, 28 Jan 2004 15:20:07 +0000 [EMAIL PROTECTED]:~$ head -n 2 virus-bug-clamav-withspf Received-SPF: unknown (domain of sender [EMAIL PROTECTED] does not designate mailers) Received: from wifi-d9148176.obudanet.hu (HELO netvision.net.il) (217.20.129.118) [EMAIL PROTECTED]:~$ clamscan --mbox --disable-summary virus-bug-clamav-withspf virus-bug-clamav-withspf: OK [EMAIL PROTECTED]:~$ clamscan --mbox --disable-summary virus-bug-clamav-nospf virus-bug-clamav-nospf: Worm.SCO.A FOUND I'm crossposting this on the SPF mailing list where it's sure to spark interest. Thanks a lot for finding that out, GFK's -- Guillaume Filion, ing. jr Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/
