[milters] Archive

Lists Index Date Thread Search

Article: 1044
From: Michael Grinnell
Date: 2006-07-18 11:48:15 -0400
Subject: Re: milter-clamc help (was Re: Re: milter suggestion/request)

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

On Jul 18, 2006, at 9:55 AM, Anthony Howe wrote:

> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
>
> Michael Grinnell wrote:
>> Hmm, no love.  Trace shows it talking to milter-clamc, but no  
>> header is added.  Does it only add headers to mail with  
>> attachments?  Any ideas?
>
> Ah. What is your test case?

eicar.com and eicar.zip sent via thunderbird as attachments.  Does  
milter-clamc only add headers if clamd sees something?  I was under  
the assumption that it would add X headers like milter-sender does.

>
> Someone else asked a similar question recently. From what I've  
> observed of clamd, it looks at the whole message, the text portions  
> for phish, the attachments for executables. This makes sense since  
> an executable can never be part of the readable message portion, it  
> would never trigger in text/plain and only in text/html via a cid:  
> inline attachment block.
>
> So if you are pasting the EICAR test virus into your message body,  
> it will not be found (possibly because its consists of all ASCII  
> characters), where as if you include it as an attachment with any  
> name you choose, it will be caught.
>
>> # A comma separated word list of what to write to the mail log:
>> verbose=trace
>
> verbose=info,trace,db,dialog
>
> is more interesting.  Info and trace for general progress. Db for  
> access.db B/W lookups. Dialog for milter/clamd I/O summary.

Ok, thanks for the tip.

Michael Grinnell
Network Security Administrator
The American University



Lists Index Date Thread Search