[英]Can Clamd be relied upon to unpack RFC-822 format .eml files? It seems to do it
I'm using ClamAV, communicating via a Unix socket a la https://github.com/Elycin/php-clamav/ . 我正在使用ClamAV,并通过Unix套接字与https://github.com/Elycin/php-clamav/进行通信。 All working so far.
到目前为止所有工作。
My app picks up files from a folder. 我的应用程序从文件夹中拾取文件。 Each file contains RFC822-compliant content (sometimes you see these with extension .eml).
每个文件都包含符合RFC822的内容(有时您会看到扩展名为.eml的内容)。
I was going to write code to unpack the .eml file into separate body text and multiple attachment(s). 我打算编写代码以将.eml文件解压缩为单独的正文和多个附件。 However a quick test showed that if I just write the whole .eml file to the
clamd
socket, eg the EICAR test file as an attachment, clamd
scans and reports the "infected" file. 然而一个快速测试表明,如果我只是写了整个.eml文件的
clamd
插座,如EICAR测试文件作为附件, clamd
扫描和报告的“感染”文件。
I was wondering if this can be relied upon, ie does clamd always unpack and check embedded MIME-part email attachments thoroughly, or did I just "get lucky" with my tests? 我想知道是否可以依靠它,即clamd是否总是打开包装并彻底检查嵌入式MIME部分的电子邮件附件,还是我只是通过测试“幸运”了? I don't want to trust to luck.
我不想相信运气。
I think I answered my own question. 我想我回答了我自己的问题。 Documentation https://github.com/Cisco-Talos/clamav-faq states
文档https://github.com/Cisco-Talos/clamav-faq指出
1/ Supports almost all mail file formats
1 /支持几乎所有的邮件文件格式
and 和
6/ Libclamav provides an easy and effective way to add a virus protection into your software.
6 / Libclamav提供了一种简单有效的方法来在软件中添加病毒防护。 The library is thread-safe and transparently recognizes and scans within archives, mail files, MS Office document files, executables and other special formats.
该库是线程安全的,可以透明地识别和扫描存档,邮件文件,MS Office文档文件,可执行文件和其他特殊格式。
[Libclamav is used by clamd]. [蛤b使用Libclamav]。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.