New MailScanner install w/ClamAV not taking action
Richard Alloway
ralloway at WINBEAM.COM
Tue Nov 18 19:50:17 GMT 2003
Hello everyone!
I'm not sure if I'm missing something or if there is an issue with ClamAV
0.65 and MailScanner 4.25-5.
In order to test a new MailScanner installation on a new box, I quarantined
an infected message as queuefiles from an existing, working MailScanner
installation.
I copy the qf* and df* files into the /var/spool/mqueue.in dir on the new
box and get the following output in /var/spool/maillog:
Nov 18 11:16:38 penguin MailScanner[10694]: New Batch: Scanning 1 messages,
160672 bytes
Nov 18 11:16:38 penguin MailScanner[10694]: Spam Checks: Starting
Nov 18 11:16:44 penguin MailScanner[10694]: Virus and Content Scanning: Starting
Nov 18 11:16:44 penguin MailScanner[10694]:
/raid/spool/MailScanner/incoming/10694/./hAIEuS1C023555/installer956.exe:
Worm.Gibe.F FOUND
Nov 18 11:16:44 penguin MailScanner[10694]: Virus Scanning: ClamAV found 1
infections
Nov 18 11:16:44 penguin MailScanner[10694]: Virus Scanning: Found 1 viruses
Nov 18 11:16:44 penguin MailScanner[10694]: Uninfected: Delivered 1 messages
Nov 18 14:17:01 penguin sendmail[11705]: hAIEuS1C023555:
to=<ralloway at xxxxxxx.net>, delay=04:20:32, xdelay=00:00:17, mailer=smtp,
pri=120893, relay=mail.xxxxxxxx.net. [111.222.333.444], dsn=2.0.0, stat=Sent
(ok 1069183023 qp 31970)
The email is delivered to the recipient with the virus still attached and
the following headers:
X-xxxxxxx-MailScanner: Found to be clean
Also, the subject line does not have {Virus?} prepended.
I'm not looking for MailScanner to "clean" the virus from the file and
reattach, I'd just like MailScanner to remove the infected attachment.
Does anyone have any thoughts?
Thanks!
-Rich
More information about the MailScanner
mailing list