I'm seeing this:
./17/3c/173c81da2aab91f225f8eb5e8fcc87119be4eff0-b38d990442316a54a90c00008f4649af:
SecuriteInfo.com.TR.Kryptik.180736.5155.16748.22498.UNOFFICIAL FOUND
./17/3c/173c81da2aab91f225f8eb5e8fcc87119be4eff0-bc70851b03216a54483f00008f4649af:
SecuriteInfo.com.TR.Kryptik.180736.5155.16748.22498.UNOFFICIAL FOUND
When scanning the "attachments" directory of my mdbox. How can I find
out WHICH EMAIL these two attachments belong to?
mail_location = mdbox:~/mdbox
mail_plugins = zlib fts fts_lucene
mdbox_rotate_size = 128M
mdbox_rotate_interval = 0
mail_attachment_dir = /some/path/attachments
mail_attachment_min_size = 128k
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen
Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Ralf Hildebrandt skrev den 2015-12-08 13:49:> When scanning the "attachments" directory of my mdbox. How can I find > out WHICH EMAIL these two attachments belong to?clamscan --copy /tmp/ why do you show dovecot settings for clamav ? if its not maildir+ you need perl to read email via imap protocol and scan with clamscan there, here i keep one file pr email for performance reasons
On 08 Dec 2015, at 14:49, Ralf Hildebrandt <r at sys4.de> wrote:> > I'm seeing this: > > ./17/3c/173c81da2aab91f225f8eb5e8fcc87119be4eff0-b38d990442316a54a90c00008f4649af: > SecuriteInfo.com.TR.Kryptik.180736.5155.16748.22498.UNOFFICIAL FOUND > > ./17/3c/173c81da2aab91f225f8eb5e8fcc87119be4eff0-bc70851b03216a54483f00008f4649af: > SecuriteInfo.com.TR.Kryptik.180736.5155.16748.22498.UNOFFICIAL FOUND > > When scanning the "attachments" directory of my mdbox. How can I find > out WHICH EMAIL these two attachments belong to?Not easily. grep 173c81da2aab91f225f8eb5e8fcc87119be4eff0 in all the users' all m.* files. There is no reverse mapping for these files. (The SIS redesign actually makes this somewhat easier - you'll only need to use "find" instead of "grep".)