|Main Archive Page > Month Archives > clamav-users archives|
I saw an interesting behavior related with for example with Email.Trojan-234.
Configuration amavisd + ClamAV.
When a message arrive with content as follow (some parts of original content has been removed):
The XXX transaction (ID: xxxxxxxxxxxx), recently initiated from your bank account (by you or any other person), was rejected by the other financial institution.
Transaction ID: xxxxxxxxxxxx
Reason of rejection See details in the report below
report_xxxxxxxxxx.pdf.exe (self-extracting archive, Adobe PDF)
Please click here to download report:
Message is passed.
But if the same message is sent to an unknown user and an NDR with attached original mail is generated, then NDR with attached original message is blocked properly.
I just wondering why original message passed, but NDR (with attached original message) was blocked.
Thank you in advance!