[clamav-users] Messages with multiple infections, was CL_SCAN_ALLMATCHES (or --allmatch or -z)
Alessandro Vesely
vesely at tana.it
Thu Dec 29 10:24:21 UTC 2016
How does one find out if there are multiple viruses in a single file?
The problem is to avoid a possibly harmless virus to mask severe infections.
Another problem, for users of older library versions, is how to know if the
pointer returned is an array of strings or a single string. Is this the right
list to ask this question?
Thank you
Ale
On Fri 23/Dec/2016 13:49:34 +0100 I wrote:
> Hi all!
>
> There used to be a hack in libclamav, whereby function cli_append_virus() added
> the virus name to an array when SCAN_ALL was true. It was a hack because a
> caller argument had different types according to that flag.
>
> The hack was temporary, and it seems to be gone in recent versions.
>
> What is now the behavior if multiple virus are found? I have an email filter
> that can be configured to take different action according to virus names. How
> do I update it? (Filter actions are "none", "pass", "reject", "drop", in that
> order. A message with multiple viruses gets the rightmost action.)
>
> Thanks for any idea
> Ale
More information about the clamav-users
mailing list