MailScanner 4.13-3 not cleaning mesages

Rennie deGraaf rdegraaf at VERANO.COM
Wed Mar 26 16:28:07 GMT 2003


I'm using MailScanner 4.13-3 with clamav 0.54 and Exim 4.14 on a Red Hat
7.3 box.  Mail gets through, but MailScanner does not clean viruses that
clamav finds.

The following log segment was generated by me sending a copy of the Klez
worm to myself.  Unfortunately, I don't have any other viruses lying
around to test.

Mar 25 14:46:24 permafrost exim[22818]: 2003-03-25 14:46:24
18xwFU-0005w2-2Z <=rdegraaf at verano.com H=(verano.com) [192.168.3.175]
P=esmtp S=59908 id=3E80CDB0.2080305 at verano.com
Mar 25 14:46:24 permafrost exim[22819]: 2003-03-25 14:46:24
18xwFU-0005w2-2Z == rdegraaf at verano.com R=defer_router defer (-1):
remote host address is the local host
Mar 25 14:46:28 permafrost MailScanner[22817]: New Batch: Scanning
messages, 60221 bytes
Mar 25 14:46:28 permafrost MailScanner[22817]: Spam Checks: Starting
Mar 25 14:46:29 permafrost MailScanner[22817]: Virus and Content
Scanning: Starting
Mar 25 14:46:29 permafrost MailScanner[22817]:
/home/mqueue/tmp/22817/./18xwFU-0005w2-2Z/this.pif.gz: Worm/Klez.H FOUND
Mar 25 14:46:29 permafrost MailScanner[22817]: Virus Scanning: clamav
found 1 infections
Mar 25 14:46:29 permafrost MailScanner[22817]: Virus Scanning: Found 1
viruses
Mar 25 14:46:29 permafrost MailScanner[22817]: Uninfected: Delivered 1
messages
Mar 25 14:46:29 permafrost exim[22827]: 2003-03-25 14:46:29
18xwFU-0005w2-2Z => rdegraaf <rdegraaf at verano.com> R=localuser
T=local_delivery
Mar 25 14:46:29 permafrost exim[22827]: 2003-03-25 14:46:29
18xwFU-0005w2-2Z Completed


It appears that clamscan correctly identified the virus, but MailScanner
failed to take action.  The relevant options in MailScanner.conf are:
Virus Scanning = yes
Virus Scanners = clamav
Virus Scanner Timeout = 300
Deliver Disinfected Files = yes
Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar
Still Deliver Silent Viruses = yes
Block Encrypted Messages = no
Block Unencrypted Messages = no


If I understand MailScanner correctly, I should have recieved a warning
message instead of the virus, but I recieved the original message back,
complete with an "X-MailScanner: Found to be clean" header.

Is this a problem with MailScanner, or did I fubar my setup somewhere?


Rennie deGraaf
System Administrator
Verano <www.verano.com>



More information about the MailScanner mailing list