Not quietly deleting (version 3.21-1)

Julian Field mailscanner at ecs.soton.ac.uk
Fri Jun 28 13:40:51 IST 2002 

At 13:29 28/06/2002, you wrote:
>Well, I accepted the explanation, whihc I assume means :
>
>postmaster get notified
>local recipient gets notified with the 'VriusWanring.txt' in place of the
>attachment
>sender does *not* get notified.
>
>Does this make sense ?

Correct. That's what it does. I've just tested this with the 3.21-1 code
and it is working fine.

I enabled the feature in mailscanner.conf (by uncommenting the "Viruses To
Quietly Delete" line) and put "EICAR" in the viruses.to.delete.conf file.

Then I sent myself 1 message containing the Eicar test file. This is what
my logs say:
Jun 28 13:40:26 sailor mailscanner[30972]: Scanning 1 messages, 1245 bytes
Jun 28 13:40:26 sailor mailscanner[30972]: >>> Virus 'EICAR-AV-Test' found
in file ./g5SCeKG30978/eicar.com
Jun 28 13:40:26 sailor mailscanner[30972]: Found 1 viruses in messages
g5SCeKG30978
Jun 28 13:40:26 sailor mailscanner[30972]: Scanned 1 messages, 1245 bytes
in 0 seconds
Jun 28 13:40:26 sailor mailscanner[30972]: Saved infections to
/var/spool/MailScanner/quarantine/20020628/g5SCeKG30978
Jun 28 13:40:26 sailor mailscanner[30972]: Deleted infected messages
g5SCeKG30978
Jun 28 13:40:27 sailor mailscanner[30972]: Notified postmaster about 1
infections

So, as you see, it is *not* notifying the sender, which is exactly right.

>On Fri, Jun 28, 2002 at 08:16:42AM -0400, John Goggan mentioned:
> > Just to note, I appear to be getting this same behavior.  I am also running
> > 3.21 and using f-protect.  And, I am fairly certain that it was working
> > properly before I upgraded, although I guess I am not absolutely positive.
> >
> > I double-checked that F-Prot was detecting them as "W32/Klez.H at mm" --
> and that
> > is what I have in my ignore file.
> >
> > Basically, people that email Klez to me (although they really didn't, of
> > course, since Klez fakes the from and that's why we want to ignore
> them) are
> > still getting emailed back that they sent a virus our way.
> >
> > (Note that someone else answered you and said that Julian already explained
> > this and that it is working properly -- I disagree.  You said that you're
> > still getting email notifications BESIDES postmaster -- which means
> that they
> > aren't being deleted quietly/properly.  I think he missed that.  Unless I'm
> > misunderstanding something...)
> >
> >  - John...

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list