> So, from here, it seems:
>
> 1. clamdscan is faster, but doesn't do --mbox at all (no surprise, not
> on manpage).
Use clamav.conf, and set the:
ScanMail
directive. This does what --mbox does for clamscan
> 2. clamscan does --mbox, though the manpage warns against it.
Make sure you're running the latest 0.67, or try the latest devel version.
> 3. Other variations reading stdin without --mbox don't seem to work. On
> the procmail list, we went through several variations on procmail with
> :0 wWhb etc. in varying combinations.
clamdscan uses the "ScanMail" directive. You should also enable
"ScanArchive" and "StreamSaveToDisk". With these enabled, and calling
clamdscan from procmail, I seem to get very good results in catching
viruses, both encoded and un-encoded.
Here's what I use:
:0
* multipart
{
VIRUS=`/usr/local/bin/clamdscan --disable-summary --stdout -`
:0 Di
* VIRUS ?? FOUND
/dev/null
}
YMMV
Rob Mangiafico
>
> 1. clamdscan is faster, but doesn't do --mbox at all (no surprise, not
> on manpage).
Use clamav.conf, and set the:
ScanMail
directive. This does what --mbox does for clamscan
> 2. clamscan does --mbox, though the manpage warns against it.
Make sure you're running the latest 0.67, or try the latest devel version.
> 3. Other variations reading stdin without --mbox don't seem to work. On
> the procmail list, we went through several variations on procmail with
> :0 wWhb etc. in varying combinations.
clamdscan uses the "ScanMail" directive. You should also enable
"ScanArchive" and "StreamSaveToDisk". With these enabled, and calling
clamdscan from procmail, I seem to get very good results in catching
viruses, both encoded and un-encoded.
Here's what I use:
:0
* multipart
{
VIRUS=`/usr/local/bin/clamdscan --disable-summary --stdout -`
:0 Di
* VIRUS ?? FOUND
/dev/null
}
YMMV
Rob Mangiafico