New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?`

Thu May 15 19:37:16 IST 2003

Is there a similar option to remove the trailing folder from a f-prot
"Report: /var/spool/MailScanner/incoming/16812/./h4FI3NQ17326/FOLLOWUP.pif
Infection: W32/Fizzer.A"

Only the portion after the dot is shown in sophos reports.

Also I had brought up in the past the ability to set blacklisted items to
the highscore value so that they would be treated like highscore spam, any
chance of that option in the next stable release?


>file NOT a virus.
>May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: McAfee found 1
>May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: Found 1 viruses
>May 15 12:07:05 mail MailScanner[27539]: Uninfected: Delivered 1 messages
>And the "Uninfected" message is forwarded on to the recipient with the bad
>attachment intact and
>mail headers proclaiming that it was not infected!
>The path to the MailScanner "incoming" directory must be the *real* path,
>not a path including links. Otherwise it cannot parse the McAfee output as
>it doesn't know what directories to strip off the front of the report.
>It's in the comments in the MailScanner.conf file:
># Note for McAfee users: do not use any symlinks with McAfee at all. It is
>#                        very strange but may not detect all viruses when
>#                        started from a symlink or scanning a directory
>#                        including symlinks.

More information about the MailScanner mailing list