On 3/7/11 5:36 PM, "Chris" <cpollock@xxxxxxxxxxxxxx> wrote: > Received a spam today that had an attachment that had an .html extension > which in reality was a javascript file. When running the attachment > through clamdscan it was tagged as Sanesecurity.Malware.14565.UNOFFICIAL > FOUND. Shouldn't the malware have been picked up along with the phishing > or instead of? That's one of the clamav limitations - it only records one match. And there is no priority system for "more important" matches, so if a file will hit multiple signatures, a random one will be reported. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281