Klez not silent?

Julian Field mailscanner at ecs.soton.ac.uk
Mon Apr 14 12:09:29 IST 2003

At 11:36 14/04/2003, you wrote:
>I am using ClamAV with MailScanner v.4.13-3 and I am having trouble with
>Klez viruses not being blocked.  Here's what my log shows:
>Apr 13 03:07:44 host MailScanner[9374]:
>Exploit.IFrame.HTML FOUND
>Apr 13 03:07:44 host MailScanner[9374]:
>/xxx/MailScanner/incoming/9374/./h3B87cbA009544/TO TOP.exe: Worm/Klez.H FOUND
>Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: clamav found 2
>Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: Found 2 viruses
>Apr 13 03:07:44 host MailScanner[9374]: HTML IFrame tag found in message
>from xxx at xxx.xxx
>Apr 13 03:07:45 host MailScanner[9374]: Uninfected: Delivered 1 messages
>This is the relevant lines from my config:
>Silent Viruses = Klez Klez.H Worm/Klez.H Yaha-E Bugbear Braid-A WinEvar
>Still Deliver Silent Viruses = no
>Allow IFrame Tags = yes
>Log IFrame Tags = yes
>Shouldn't MailScanner just delete that message?  I'm not sure why it's
>still getting delivered.

Can you confirm that the batch of messages was only 1 message? If it was 2
messages then the log lines would match what I expect. Otherwise there
might be a bug in the Clam output parser. It was written by
<adrian at smop.co.uk>.
Julian Field
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list