Mailing List Archive

Replacement mbox.c
> So, here's my new "mbox.c" :-
>
> --------------------------------------------------------------
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
>
> #define RIPMIME "/usr/local/bin/ripmime"
>
> int cl_mbox(const char *dir, int desc)
> {
> int ret,stat;
>
> ret = fork();
> if (ret==-1) return -1;
> if (ret==0)
> {
> if (desc) dup2(desc,0);
> execlp(RIPMIME,RIPMIME,"-d",dir,"-i","-",NULL);
> exit(-1);
> }
> waitpid(ret,&stat,0);
> return 0;
> }

Ok, so I decided to give this a try just to see if it made a difference
to the clamd crashes I'm seeing. No crashes, but I don't think it's catching
any viri either. Without the '--mailbox' argument to ripmime, all I get is
one large text file, it doesn't actually pull apart the mail message. You
can't add the --mailbox because that requires a file argument, not STDIN.

Are you sure this is really doing what you think it's doing?
Re: Replacement mbox.c [ In reply to ]
> Are you sure this is really doing what you think it's doing?
>
I tested this setup with eicar and compressed eicar. Whilst it picked up the
eicar test, zipped version went un-noticed. It did not appear to pick up
SoBig.
Change to 20030831 snapshot brought about stability, so fix no longer needed
in my case.
--
Craig