Thoughts about finding viruses in email inboxes
Chris Mohler
cr33dog at gmail.com
Sun Mar 29 19:25:25 UTC 2009
On Sun, Mar 29, 2009 at 2:13 PM, David M. Karr
<davidmichaelkarr at gmail.com> wrote:
> Ok, I can see that there's one detail that I didn't specifically say
> here. I thought it was obvious, so I didn't mention it. I think it
> wasn't obvious to some of you.
>
> I'm not having trouble with clamav telling me what FILE a virus is in.
> The report is clear on that. The problem is that the IMAP INBOX file is
> a formatted file containing many email messages. What I'm looking for
> is some sort of ability to introspect into the mailbox format in the
> clamav report so that I can tell which email message contains the
> virus. I certainly am not going to run clamav in "auto-remove" mode, as
> it would remove my entire inbox.
Well, when I use IMAP, I have it deliver in maildir format - which
would help you in this case. But I also set up the IMAP server
(dovecot) to route all inbound messages through clamscan (via
procmail), and if a virus was found reroute the message to a "Virus"
folder, tag it, and edit the subject - which would catch the message
before you could ever view it. Of course, it sounds like you may not
have control over either of those things? you haven't exactly given a
whole lot of specifics regarding your mail setup :)
Chris
More information about the ubuntu-users
mailing list