Have not seen any changes in quite some time.  I did have some 
permissions issues with a recent Clam update however, which resulted 
from the user clamd ran under changing from clam to clamav or 
something similar.





>
> --- Original message ---
> Subject: [SurgeMail List] SCAVS issue
> From: Lyle Giese HIDDEN@crcomputer.info>
> To: <surgemailHIDDEN@etwinsite.com>,  <support@netwinsite.com>
> Date: Wednesday, 03/14/2012  7:32 PM
>
> I am using SCAVS.pl with clamav and have for a while.  Starting to see 
> some false positives using it.  Not sure where the issue is, but I am 
> getting hits against data in the headers.  I would presume that we 
> should only be using clamav against the body and attachments only.
>
> I do use addon signatures and am seeing hits against a defination 
> hitting on covad.net.  The only reference to covad.net is in the 
> headers on the reverse lookup of the end users ip address.  In other 
> words, if they are on a covad.net ip address, this setup is tagging 
> it.
>
> Just want to know if sometime in the last year(I really don't know if 
> it's always been that way or if something changed) has changed or if I 
> am doing something wrong and if anyone has some insight into this.
>
> I want to look into all angles.
>
> 1) did the format on what is passed by Surgemail to SCAVS change?
>
> 2) Am I doing something wrong with ClamAV?  (a setting inside Clam?)
>
> 3) I have not changed SCAVS.pl nor updated it recently.  Is this the 
> way it is using this method and it has taken several years for this 
> issue to show itself?
>
> I do keep current on clamav and the associated definations that I am 
> using, btw.
>
> Lyle Giese
> LCR Computer Services, Inc.
>