[clamav-users] clamdscan mail file

[TBits.net, Mailinglists]

On 2017-02-13 14:39, Reindl Harald wrote:
> Am 13.02.2017 um 14:33 schrieb TBits.net, Mailinglists:
>> On 2017-02-13 13:19, Reindl Harald wrote:
>>> Am 13.02.2017 um 13:05 schrieb TBits.net, Mailinglists:
>>>> Hi @all,
>>>> 
>>>> clamav-milter identify an email as infected by
>>>> Heuristics.Phishing.Email.SSL-Spoof.
>>>> 
>>>> This is correct, but when I scan this file in the quarantine with
>>>> clamdscan or clamscan the file is clean.8154
>>>> It seams that the clamscan or clamdscan do not scan this file for
>>>> Phishing.
>>>> Is it possible to scan a text file as a mail to identify with 
>>>> phishing?
>>> 
>>> clamdscan is using clamd the same way as "clamav-milter" and so if
>>> it's the same clamd configuration it behaves identically
>> 
>> clamav-milter identify it as Heuristics.Phishing.Email.SSL-Spoof but 
>> in
>> clamdscan it is clean.
>> And I think the result should be the same
> 
> they are - proven by a webinterface where i upload eml files at pass
> them through spamd and clamdscan using two different clamd-instances
> which are used by clamav-milter and/or spamassassin
> 
> are you 100% certain that clamdscan is using the identical clamd
> instance with identical configuration?

Yes only one instance of clamd is running.
I scan only the quarantined mail which was hold by clamav-milter before.

Tested under different servers, on all servers are the same result.

----------------------------------------------------------------
Diese Nachricht wurde versandt mit Webmail von www.tbits.net.
This message was sent using webmail of www.tbits.net.