This is somewhat of an odd issue, and I'm not sure "whose fault" it is. After digging through Procmail configurations and trying to understand your Perl code for about two hours now :), it seems that ClamAV has some problems, and due to the way VMin is using it, it fails to scan emails properly, hence I'm inclined to label this as a bug - even though VMin is probably not the culprit, and I'm a bit stumped that I did not notice this earlier.
Anyway, I have a freshly installed Ubuntu 10.04 and am testing scanning emails for spam and viruses. Spam scanning works all okay, so Procmail is set up properly and all. Virus scanning is properly set up as well, all the settings are okay, the Procmail config file looks good.
Test emails containing EICAR though get through all untouched. After checking various options multiple times and suspecting Procmail of not calling the virus scanner, my investigation results boil down to an independant strange behavior of
clamdscan: it fails to recognize viruses in streaming mode.
I created a file
/tmp/test containing the EICAR signature. When I do
clamdscan /tmp/test, it correctly reports the file as infected.
But when I do
cat /tmp/test | clamdscan -, which is - as far as I understand your code - analogous to the way that
clam-wrapper.pl calls the scanner, it does not recognize the file as infected.
clamdscan -V says:
ClamAV 0.96.3/12210/Fri Nov 5 16:06:13 2010
Any insight on this with the info so far?