Forwarded mails are not scanned

Benny Pedersen me at
Wed Mar 11 18:54:38 CET 2015

Thomas M Steenholdt skrev den 2015-03-11 18:38:

>> if its blocked where is the problem then ?
> What I meant was; Files that should otherwise have been blocked, are 
> let
> through.

so far so good

> Let me try to get a log snippet...


>> first step if possible try foxhole signatures in clamav, did that
>> solve it ?
> ClamAV should not be involved in blocking filetypes, right?

i did not say block, but only detect, then amavisd-new can make better 
desision later

>> you say forwarded, is it forwarded localy or remote forwarded ?
> Forwarded in the MUA. E.g. thunderbird, right click e-mail and forward
> as attachment. Results in a new e-mail, with an .eml file attached. 
> This
> .eml file is a complete mail including .zip, .exe, .scr, .whatnot.
> ClamAV actually scans the .eml file and finds infected files. Problem 
> is
> when a new outbreak occur, stuff like .scr and .exe files are let
> through this way (before ClamAV's signature detects it's infected).

thats why i say foxhole signature

>> is the malware detected if you ripmime emails that contains it ?

> In that case, the individual attachments (inside the .eml attchment) is
> found just fine. The problem is with the .eml file not being processed
> properly.

yes this is a feature of amavisd-new not a problem in clamav with 
foxhole sigs

>> i have more silly questions if it helps :=)
> Bring 'em on :-)

how old are you ?

More information about the amavis-users mailing list