> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Ted Cabeen > Yep. Some scanners are now able to detect the virus like > this, but they have to scan the entire message in order to do > so. I've written a two line patch that copies the email.txt > file into the parts directory so that the mail itself gets > scanned and the virus is detected. Here it is, if you want it: > > *** amavisd Sun Jan 4 17:00:19 2004 > --- /usr/local/sbin/amavisd Tue Mar 2 10:54:52 2004 > *************** > *** 4785,4790 **** > --- 4785,4791 ---- > use Digest::MD5; > use Net::Server 0.83; > use Net::Server::PreForkSimple; > + use File::Copy; > > BEGIN { > import Amavis::Conf qw(:platform :confvars :notifyconf :sa); > *************** > *** 5305,5310 **** > --- 5306,5312 ---- > $msginfo->mime_entity(mime_decode($fh,$tempdir)); > prolong_timer($which_section); > } > + copy("$tempdir/email.txt", > "$tempdir/parts/email.txt"); > $which_section = "virus_scan"; > # some virus scanners behave badly if interrupted, > # so for now just turn off the timer > > --
All though I had to make the 2nd part of this patch by hand it seems to be working well. This morning clamd caught 4 messages that amavisd quarantined and identified as (Worm.Bagle.F-zippwd-3) Virus scanner output: /var/amavisd/tmp/amavis-20040303T081020-01279/parts/email.txt: Worm.Bagle.F-zippwd-3 FOUND The message has been quarantined as: /var/amavisd/quarantine/virus-20040303-082055-01279-08 Good work and Thanks! Thanks to the clamav folks as well. They have been working hard to stay ahead of this. L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.67-1 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
