clamav-users: [Clamav-users] Email malware type detection and am
[Clamav-users] Email malware type detection and amavis
From: Frederic Goudal <goudal_at_nospam>
Date: Tue Aug 28 2007 - 10:17:16 GMT To: firstname.lastname@example.org
I had a problem of not detecting Email.Faketube on our configuration, using clamav with amavisd-new.
I finally found that the problem seems to be the following :
when I directly scan the email file, clamav finds that it's an email file which correspond to type 4 in the signature database.
when amavisd-new calls clamd, it just gives the inside of the mail, which does not correspond to type 4 in the signature database, and than Email.Faketube is NOT detected. I have added a simple signature file replacing the email type with anyfile type (0), and than the Faketube is detected.
I wonder what is to be done there :
- should amavisd-new send the original file and not the parts to clamav (that's an amavis problem).
should clamav change the type of the signature ?
should I build local data base for all the Email type signatures ?