Virus alarm when scanning amavisd-new package
This document (7015679) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 11
Situation
The amavisd-new package, released in SLES10 and SLES11, is a package used for anitspam. It contains several sample files.
If scanned by antivirus software, a virus alarm might be reported for sample files such as:
/usr/share/doc/packages/amavisd-new/test-messages/sample-42-mail-bomb.txt
/usr/share/doc/packages/amavisd-new/test-messages/sample-virus-simple.txt
Resolution
A. Files in path /usr/share/doc/packages/amavisd-new/test-messages/
These files are shipped in SLES as part of a testing suite used to prove the non vulnerability of a machine. On there own, these files do not constitute any problem. As described in the README file, the files must be used in a specific way. (Refer to the README for further details) If the testing suite is not of interest, the files can be removed, or simply ignored. Any user able to create text files on the system can create files with the same content, resulting in the same antivirus reports.
B. Scanning the installation media
Users will get same virus alarm for the amavisd-new rpm package, since the antivirus software will unpack the rpm and scan the same files. This alarm can be ignored when scanning installation media.
Cause
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015679
- Creation Date: 19-Sep-2014
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
