clamscan vs. clamscan with mb2md

To: debian-user@lists.debian.org
Subject: clamscan vs. clamscan with mb2md
From: "Jeffrey B. Green" <jeff@kikisoso.org>
Date: Fri, 16 Jul 2010 10:28:16 -0400
Message-id: <[🔎] 4C406C80.9050605@kikisoso.org>

Hi,

Running clamscan over a PDC/BDC with roaming profiles will (obviously)generate sporadic alerts on mbox files assoicated with assorted mailclients, icedove/tbird in this case. In order to track down the specificmessage, I've used mbox2maildir (in the past) and mb2md presently toconvert them into a "broken out" situation, i.e. a structure where eachmessage is its own file. I now have a case where the clamscan on theInbox gives a positive and clamscan on the mb2md (or mbox2maildir)directory of messages gives a negative. Is this case known? I believe ithas occurred for me in the past (forgotten exactly how long ago) and soit seems to be a neglected bug. However, I'm not sure which package (orsupport package) is responsible here. Is clamscan giving a falsepositive/false negative or is mb2md changing the message in question sothat clamscan misses it? It is a user's mailbox and therefore notproperly public for debugging purposes.


The clamscan alert is ".../Inbox: Email.Phishing.Webmail-37 FOUND".

-jeff

Reply to:

Follow-Ups:
- Re: clamscan vs. clamscan with mb2md
  - From: "Jeffrey B. Green" <jeff@kikisoso.org>

Prev by Date: How to reread changed udev rules without rebooting?
Next by Date: Re: OT:Video Capture From Camcorder
Previous by thread: Re: Re: How to reread changed udev rules without rebooting?
Next by thread: Re: clamscan vs. clamscan with mb2md
Index(es):
- Date
- Thread