Hacked in virus scanner, now it won't clean

Thomas DuVally thomas_duvally at BROWN.EDU
Wed Dec 4 16:01:44 GMT 2002

I may not understand some of the options in v4, so bare with me:

I've looked into the archives and found no real help on this one, so
here's my problem.

I've added support for Symantec Carrier Scanner, which is working great
in 3.22-14 in production (200K messages per day)

I've gotten 4.10-1 patched and it DOES scan, but the infected messages
still get delivered.  Here is what the log shows:

mailscanner[5744]: New Batch: Scanning 1 messages, 121180 bytes
mailscanner[5744]: Spam Checks: Starting
mailscanner[5744]: Virus and Content Scanning: Starting
mailscanner[5744]: Infected:
mailscanner[5744]: Info:      W32.Klez.H at mm
mailscanner[5744]: Virus Scanning: symcmd found 1 infections
mailscanner[5744]: Virus Scanning: Found 1 viruses
mailscanner[5744]: Uninfected: Delivered 1 messages

It looks like mailscanner did recognize that the virus scanner (called
symcmd here) found a virus, but the last line seems to show it regards
it uninfected and sends it along as such.

The received messages has the infected file attached and mailscanner has
tagged the messages as "Found to be clean".

If this is a simple conf file issue, I'll feel stupid, but thankful.

Thomas J. DuVally
Lead Systems Prog.
CIS, Brown Univ.

More information about the MailScanner mailing list