| Main Archive Page > Month Archives > clamav-users archives |
Re: [Clamav-users] RFC: Recognize mbox format
From: Karsten Bräckelmann <guenther_at_nospam>Date: Mon Oct 08 2007 - 18:36:35 GMT
To: clamav-users@lists.clamav.net
On Mon, 2007-10-08 at 09:15 -0700, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
> >>> Another downside of this approach, together with ClamAV treating mbox
> >>> format files as text/plain is, that only the first hit will be reported.
> >> That was made to improve performance, the Changelog say so.
> >
> > Thanks for clarifying this, René.
> >
> > Anyway, that whole last paragraph was a heads up to those who advocated
> > re-scanning after delivery (see the recent threads). They do not get
> > what they believe they do.
>
> Unless you separate the mbox file(s) into maildir files and then you get exactly what
> you expect. It is, however, an annoying additional step one must take to ensure
> systems are as secure as possible.
Of course. However, I got the impression that neither of the recent reporters does this additional step. Also, this gets even more annoying (and maybe impossible) when dealing with PST files (which one of the OPs does).
guenther -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html