|
Duncan Mac Leod
| Joined: 12 May 2008 |
| Posts: 0 |
|
|
|
 Posted: Mon May 12, 2008 11:50 pm |
|
 |
 |
|
|
i have a mail file on disc with multiple attachments.
there are two different viruses in different attachments but only the first is reported via command-line scanner! why ?
if i send the viruses separately (one in each mail) they are detected correctly, so the scanner works...
but why is the report of infections limited to one for multiple infected attachments ?
can this be fixed soon ?
thank you in advance,
Duncan
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue May 13, 2008 12:44 am |
|
|
|
|
|
Shortly after I started using ClamWin, I heard that it quit scanning a file after it found the first infection. I have not heard anything about changing this. I suspect this is the way the Clam AV scanning engine used by ClamWin works, and, if that is the case, there's probably not much the ClamWin developers can do about it.
It might be interesting to see how this scan logic compares with other AVs. Is there any chance you could upload the attachment to Jotti at https://virusscan.jotti.org/ on the Web or Virus Total at https://www.virustotal.com/ on the Web and see if they find multiple infections. I suspect they will not.
Regards,
|
|
|
|
alch
Site Admin
| Joined: 27 Nov 2005 |
| Posts: 0 |
|
|
|
| Posted: Tue May 13, 2008 4:20 pm |
|
|
|
|
|
Clamwin uses ClamAV engine which is an email gateway scanner. Therefore ClamAV is targeted at efficiently removing infected emails and does not disinfect files files or individual attachments.
If a container file such as zip archive or rfc822 email file contain more than one virus, then detecting the first virus is sufficient for the purpose of marking the whole file as infected.
I understand you might want to delete the attachments manually from the email message, but my advise is to delete the whole message if at least one file is infected.
I hope it does make sense
|
|
|
