With 0.84: clamscan -ri --exclude=/home/peter/Mail/Infected/* --exclude=/home/peter/Mail/.SPAM.directory/* --remove /home/peter/Mail LibClamAV Error: TNEF - unknown level 182 With 0.85: LibClamAV Warning: TNEF - unknown level 182 tag 0xa9b8 This happens on 2 of my 3 x86 machines. $ emerge info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 AMD Athlon(tm) XP 3200+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.2.3-r5,dev-lang/python-2.3.5 [2.3.5 (#1, Apr 28 2005, 03:53:26)] dev-lang/python: 2.2.3-r5, 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks emergemail fixpackages nostrip notitles sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/ http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LANG="en_GB.utf8" LINGUAS="en_GB" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow 4kstacks S3TC X aac aalib acpi acpi4linux alsa apm arts artswrappersuid audiofile avi bash-completion berkdb bitmap-fonts bzlib calendar cddb cdparanoia cdr codecs cscope cups curl curlwrappers dbase devmap divx4linux dmx doc dv dvd dvdr dvdread emboss encode escreen esd exif faac faad fam fbcon ffmpeg flac foomaticdb ftp gd ggi gif gimp gimpprint gphoto2 gpm gs gstreamer gtk gtk2 gtkhtml imagemagick imlib innodb interbase iodbc java javascript jbig joystick jp2 jpeg jpeg2k junit kde kdexdeltas libg++ libwww live lzw-tiff mad maildir mbox mikmod mime mmx mmx2 mng monkey mono motif mozcalendar moznocompose moznoirc mp3 mpeg mysql mysqli ncurses network nls no_wxgtk1 nocardbus nomac nptl odbc ogg oggvorbis ooo-kde opengl oss pcre pdflib perl png posix postgres ppds python qt quicktime readline rtc samba scanner sdl slang slp smartcard sox speex spell sqlite sqlite3 sse ssl svg tcltk tcpd tetex tga theora tiff timidity truetype truetype-fonts type1-fonts unicode usb vanilla videos vim-with-x vorbis win32 wmf wxwindows xbase xine xml2 xmms xpm xprint xv xvid yv12 zlib linguas_en_GB userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS
Can you please attach a sample file which causes this, so I can contact upstream developers?
Created attachment 58899 [details] The guilty mail
Well, isn't that because Noro stripped the attachment, leaving only first line of encoded part? <quote> ------_=_NextPart_001_01C49030.D7092FF0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+IjQOAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy *** hundreds of crappy lines striped here *** </quote>
Could well be. I only bugged it because I upgraded from 0.83, which didn't have the tnef check and didn't report this error.