You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Replace this text with a clear and concise description of the bug or feature request.
See the attached email. When scanning it, it is not recognized as an email. The attachment is ignored. Strangely, removing one line of the headers, or adding one, and it's recognized correctly again.
LibClamAV debug: Checking realpath of /scandir/eicar.eml
LibClamAV debug: Recognized ASCII text
LibClamAV debug: clean_cache_check: 738769125b5cd2a1ac228c0229c04e5b is negative
LibClamAV debug: Descriptor[3]: Continuing after file scan resulted with: No viruses detected
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Descriptor[3]: Continuing after file scan resulted with: No viruses detected
LibClamAV debug: in cli_scanscript()
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Descriptor[3]: Continuing after file scan resulted with: No viruses detected
LibClamAV debug: cli_magic_scan: returning 0 at line 5027
LibClamAV debug: clean_cache_add: 738769125b5cd2a1ac228c0229c04e5b (level 0)
LibClamAV debug: Descriptor[3]: Continuing after file scan resulted with: No viruses detected
/scandir/eicar.eml: OK
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
removing the header X-REPORT-ABUSE-TO: Message sent by Mailjet please report to abuse@mailjet.com with a copy of the message of the mail, and scanning again:
LibClamAV debug: Checking realpath of /scandir/eicar.eml
LibClamAV debug: Recognized ASCII text
LibClamAV debug: clean_cache_check: a24d59edca618d10a984cbb965984fda is negative
LibClamAV debug: Descriptor[3]: Continuing after file scan resulted with: No viruses detected
LibClamAV debug: Matched signature for file type MHTML file
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: MHTML signature found at 2566
LibClamAV debug: Starting cli_scanmail()
LibClamAV debug: in mbox()
or, adding the header Return-Path: <postmaster@example.org> as the first line also helped detection:
zip file get detected, extracted, and signature hits.
Is there's something wrong in the structure of that mail or is it a ClamAV issue? Should we add a Return-Path header as first line systematically in order to be sure all the mails we scan are recognized as emails?
The text was updated successfully, but these errors were encountered:
Describe the bug
Replace this text with a clear and concise description of the bug or feature request.
See the attached email. When scanning it, it is not recognized as an email. The attachment is ignored. Strangely, removing one line of the headers, or adding one, and it's recognized correctly again.
How to reproduce the problem
crudeeicar.ndb:
CRUDE.EICAR:0:*:58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482aclamscan -d crudeeicar.ndb /scandir/eicar.eml
removing the header
X-REPORT-ABUSE-TO: Message sent by Mailjet please report to abuse@mailjet.com with a copy of the messageof the mail, and scanning again:or, adding the header
Return-Path: <postmaster@example.org>as the first line also helped detection:zip file get detected, extracted, and signature hits.
Attachments
Here's the email in question:
eicar.txt
Tested on 0.103.11 or 1.1.1 with same result.
Is there's something wrong in the structure of that mail or is it a ClamAV issue? Should we add a Return-Path header as first line systematically in order to be sure all the mails we scan are recognized as emails?
The text was updated successfully, but these errors were encountered: