clamav-users August 2007 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: [Clamav-users] Email malware type detection and am

[Clamav-users] Email malware type detection and amavis

From: Frederic Goudal <goudal_at_nospam>
Date: Tue Aug 28 2007 - 10:17:16 GMT
To: goudal@enseirb.fr


Hello again,

I had a problem of not detecting Email.Faketube on our configuration, using clamav with amavisd-new. I finally found that the problem seems to be the following :

  • when I directly scan the email file, clamav finds that it's an email file which correspond to type 4 in the signature database.
  • when amavisd-new calls clamd, it just gives the inside of the mail, which does not correspond to type 4 in the signature database, and than Email.Faketube is NOT detected. I have added a simple signature file replacing the email type with anyfile type (0), and than the Faketube is detected.

I wonder what is to be done there :
- should amavisd-new send the original file and not the parts to clamav (that's an amavis problem).

  • should clamav change the type of the signature ?
  • should I build local data base for all the Email type signatures ?

f.g.



Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html