[Maia-users] virus scan fails when it shouldn't
Robert LeBlanc
rjl at renaissoft.com
Mon Aug 6 14:46:48 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg Woods wrote:
> There's nothing in the parts directory. If I run clamscan on the
> email.txt file, it does find the phishing "virus":
By default, only attachments are scanned, not the body of the email
itself, which seems to be the issue here. You can, however, have the
entire body virus-scanned by tweaking your @keep_decoded_original_maps
setting in amavisd.conf to add the '^MAIL$' token to that array, e.g.
@keep_decoded_original_maps = (new_RE(
qr'^MAIL$', # retain full original message for virus checking (can
be slow)
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));
You may find that you already have a '^MAIL$' token in there, but
commented out by default. Uncomment it, restart amavisd-maia, and the
full, undecoded body of the email will be scanned in addition to the
attachments.
- --
Robert LeBlanc <rjl at renaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamailguard.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGt5bIGmqOER2NHewRAvS6AKCSPcVPWSl9vJl28yYhGMn63jWUXQCfQYWn
9/JlPhm3WR/GOzd035CxOEw=
=DrSv
-----END PGP SIGNATURE-----
More information about the Maia-users
mailing list