Thoughts about finding viruses in email inboxes
bsilver at chrononomicon.com
Sun Mar 29 01:11:48 UTC 2009
> On Sat, 28 Mar 2009 13:38:38 -0700
> "David M. Karr" <davidmichaelkarr at gmail.com> wrote:
>> If I have clamav running an automated scan each night, and it finds
>> a virus in my IMAP inbox, what good does that do me? I have 156
>> messages in my Inbox currently, and no way to know which one has
>> the virus (although it's pretty likely it was one of the messages
>> I've received in the last 24 hours). It seems like it would be
>> useful for clamav to have some sort of integration/knowledge with
>> the mail system, so it can provide better information about which
>> email message has a virus. Is there any practical way to do this?
>> Has this ever been considered?
> I don't know what your specific situation is. However, on my mail
> server, running Debian Lenny, clamav discards anything with a virus
> in it.
On a mail server, you're scanning mail individually as they pass through
the server. On their systems, it sounds like the virus is a piece of
encoding in the middle of a big mailbox file, so they can't tell where
in that file the virus is actually located and the mail program...the
reader...separates messages by formatting codes in the mailbox file.
More information about the ubuntu-users