[clamav-users] Any way to force scan as mail?
Carlos Velasco
carlos.velasco at nimastelecom.com
Tue Feb 28 10:02:41 UTC 2017
Hi,
Is there any way to force clamscan to treat the file passed as a mail?
Some days ago I stepped into a problem where ClamAV was not detecting a virus attached in an email.
I narrowed the problem to Clam not detecting the file passed as a mail. I think this is because mail file has too many headers.
Not detected as mail:
http://pastebin.com/LCipWJaQ
===
...
LibClamAV debug: No bytecodes loaded, not running builtin test
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized ASCII text
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: in cli_scanscript()
LibClamAV debug: cli_magic_scandesc: returning 0 at line 2559
test.eml: OK
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
...
===
Detected as mail (same mail, just removing "x-microsoft-exchange-diagnostics" header):
http://pastebin.com/ZvmST7Xh
===
...
LibClamAV debug: No bytecodes loaded, not running builtin test
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Matched signature for file type Mail file
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Starting cli_scanmail(), recursion = 1
LibClamAV debug: in mbox()
LibClamAV debug: parseEmailFile
...
===
Regards,
Carlos Velasco
More information about the clamav-users
mailing list