Inbound doesn't catch SaneSecurity signature, Outbound does

francis picabia fpicabia at
Fri Nov 16 19:28:47 CET 2012

On Fri, Nov 16, 2012 at 1:11 PM, Noel Jones <njones at> wrote:

> Without any evidence, we can only guess the problem.  My guess is
> still that your various .ftm files don't match the headers on the
> original file as presented to clamav, preventing clamav from
> recognizing the file as an email message.  That's just a guess and
> could be wrong, but the eyewitness accounts you've shared support this.

I don't know anything about ftm files.

This could be a little off topic for this list, but Redhat
clamav has a :

ls -l  /var/clamav/
-rw-r--r-- 1 amavis amavis 5642 May  1  2008 /var/clamav/

Whereas Debian has :

 ls -l /var/lib/clamav/daily.ftm
-rw-r--r-- 1 root root 8098 Nov 16 14:00 /var/lib/clamav/daily.ftm

It looks like the Redhat one isn't getting updated or is cruft
left behind from some upgrade.  Everything under
is dated 2008.  I'd think it could be deleted.  On Redhat
there is a daily.cld updated today.  Debian has a dozen or more
files starting with "daily." in /var/lib/clamav.  I do not know why
they are different.  I leave it to the freshclam scripts to manage
this on each platform.

> You'll need to do some debugging and tracing to VERIFY what clamav
> is seeing and detecting.  Looks as if you're on your own from here.

Maybe I can move this discussion to the clamav list?

More information about the amavis-users mailing list