简体繁体 English

可以依靠Clamd来解压缩RFC-822格式的.eml文件吗？好像做到了

[英]Can Clamd be relied upon to unpack RFC-822 format .eml files? It seems to do it

原文 2018-06-26 23:11:22 6 1 sockets/ rfc822/ clam

I'm using ClamAV, communicating via a Unix socket a la https://github.com/Elycin/php-clamav/ . 我正在使用ClamAV，并通过Unix套接字与https://github.com/Elycin/php-clamav/进行通信。 All working so far. 到目前为止所有工作。

My app picks up files from a folder. 我的应用程序从文件夹中拾取文件。 Each file contains RFC822-compliant content (sometimes you see these with extension .eml). 每个文件都包含符合RFC822的内容（有时您会看到扩展名为.eml的内容）。

I was going to write code to unpack the .eml file into separate body text and multiple attachment(s). 我打算编写代码以将.eml文件解压缩为单独的正文和多个附件。 However a quick test showed that if I just write the whole .eml file to the clamd socket, eg the EICAR test file as an attachment, clamd scans and reports the "infected" file. 然而一个快速测试表明，如果我只是写了整个.eml文件的clamd插座，如EICAR测试文件作为附件， clamd扫描和报告的“感染”文件。

I was wondering if this can be relied upon, ie does clamd always unpack and check embedded MIME-part email attachments thoroughly, or did I just "get lucky" with my tests? 我想知道是否可以依靠它，即clamd是否总是打开包装并彻底检查嵌入式MIME部分的电子邮件附件，还是我只是通过测试“幸运”了？ I don't want to trust to luck. 我不想相信运气。

1 个解决方案

I think I answered my own question. 我想我回答了我自己的问题。 Documentation https://github.com/Cisco-Talos/clamav-faq states 文档https://github.com/Cisco-Talos/clamav-faq指出

1/ Supports almost all mail file formats 1 /支持几乎所有的邮件文件格式

and 和

6/ Libclamav provides an easy and effective way to add a virus protection into your software. 6 / Libclamav提供了一种简单有效的方法来在软件中添加病毒防护。 The library is thread-safe and transparently recognizes and scans within archives, mail files, MS Office document files, executables and other special formats. 该库是线程安全的，可以透明地识别和扫描存档，邮件文件，MS Office文档文件，可执行文件和其他特殊格式。

[Libclamav is used by clamd]. [蛤b使用Libclamav]。