clamscan vs. clamscan with mb2md
Running clamscan over a PDC/BDC with roaming profiles will (obviously)
generate sporadic alerts on mbox files assoicated with assorted mail
clients, icedove/tbird in this case. In order to track down the specific
message, I've used mbox2maildir (in the past) and mb2md presently to
convert them into a "broken out" situation, i.e. a structure where each
message is its own file. I now have a case where the clamscan on the
Inbox gives a positive and clamscan on the mb2md (or mbox2maildir)
directory of messages gives a negative. Is this case known? I believe it
has occurred for me in the past (forgotten exactly how long ago) and so
it seems to be a neglected bug. However, I'm not sure which package (or
support package) is responsible here. Is clamscan giving a false
positive/false negative or is mb2md changing the message in question so
that clamscan misses it? It is a user's mailbox and therefore not
properly public for debugging purposes.
The clamscan alert is ".../Inbox: Email.Phishing.Webmail-37 FOUND".