Forwarded mails are not scanned
Benny Pedersen
me at junc.eu
Wed Mar 11 18:54:38 CET 2015
Thomas M Steenholdt skrev den 2015-03-11 18:38:
>> if its blocked where is the problem then ?
> What I meant was; Files that should otherwise have been blocked, are
> let
> through.
so far so good
> Let me try to get a log snippet...
+1
>> first step if possible try foxhole signatures in clamav, did that
>> solve it ?
> ClamAV should not be involved in blocking filetypes, right?
i did not say block, but only detect, then amavisd-new can make better
desision later
>> you say forwarded, is it forwarded localy or remote forwarded ?
> Forwarded in the MUA. E.g. thunderbird, right click e-mail and forward
> as attachment. Results in a new e-mail, with an .eml file attached.
> This
> .eml file is a complete mail including .zip, .exe, .scr, .whatnot.
>
> ClamAV actually scans the .eml file and finds infected files. Problem
> is
> when a new outbreak occur, stuff like .scr and .exe files are let
> through this way (before ClamAV's signature detects it's infected).
thats why i say foxhole signature
>> is the malware detected if you ripmime emails that contains it ?
> In that case, the individual attachments (inside the .eml attchment) is
> found just fine. The problem is with the .eml file not being processed
> properly.
yes this is a feature of amavisd-new not a problem in clamav with
foxhole sigs
>> i have more silly questions if it helps :=)
> Bring 'em on :-)
how old are you ?
More information about the amavis-users
mailing list