Thoughts about finding viruses in email inboxes
Bart Silverstrim
bsilver at chrononomicon.com
Sun Mar 29 01:11:48 UTC 2009
Raquel wrote:
> On Sat, 28 Mar 2009 13:38:38 -0700
> "David M. Karr" <davidmichaelkarr at gmail.com> wrote:
>
>> If I have clamav running an automated scan each night, and it finds
>> a virus in my IMAP inbox, what good does that do me? I have 156
>> messages in my Inbox currently, and no way to know which one has
>> the virus (although it's pretty likely it was one of the messages
>> I've received in the last 24 hours). It seems like it would be
>> useful for clamav to have some sort of integration/knowledge with
>> the mail system, so it can provide better information about which
>> email message has a virus. Is there any practical way to do this?
>> Has this ever been considered?
>>
>
> I don't know what your specific situation is. However, on my mail
> server, running Debian Lenny, clamav discards anything with a virus
> in it.
On a mail server, you're scanning mail individually as they pass through
the server. On their systems, it sounds like the virus is a piece of
encoding in the middle of a big mailbox file, so they can't tell where
in that file the virus is actually located and the mail program...the
reader...separates messages by formatting codes in the mailbox file.
-Bart
More information about the ubuntu-users
mailing list