Mailing List Archive

This SoBig-F was missed because it has an invalid Content-type
I think the subject line says it all ... the content-type of the "scr"
attachment is declared as :-

Content-Type: chemical/x-rasmol;

Which means Clam fails to recognise it. Luckily we have a second line of
defense, we remove all ".scr" attachments !

I changed the content-type to "application/binary" and Clam picked it up
great.

We still have an old copy of RAV here, that works, and it sees the virus
without the content-type change. Perhaps Clam should default to
"application/binary" if the type is unknown ?

Or make some kind of intelligent guess based on the encoding or file name ?



James
Re: This SoBig-F was missed because it has an invalid Content-type [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 27 Aug 2003 4:35 pm, James Stevens wrote:
> Perhaps Clam should default to
> "application/binary" if the type is unknown ?

Good idea. I've tried that and see this with your message:
LibClamAV Warning: Unknown MIME type: `chemical' - set to Application
/home/njh/gateway/sobig-missed.eml: Worm.Sobig.F FOUND

I'll forward the change to Tomasz for his approval.

> James

- -Nigel

- --
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
njh@bandsman.co.uk http://www.bandsman.co.uk/music.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/TNgWOv/MqfDWaY8RApeIAJ4jy9kIUgBaBF/HhnhUH+7azRmw3gCgr2lC
eEfBOe4haplvqNcB4sfLyIQ=
=aQpg
-----END PGP SIGNATURE-----