New MailScanner install w/ClamAV not taking action

Julian Field mailscanner at
Tue Nov 18 19:55:15 GMT 2003

At 19:50 18/11/2003, you wrote:
>Hello everyone!
>I'm not sure if I'm missing something or if there is an issue with ClamAV
>0.65 and MailScanner 4.25-5.
>In order to test a new MailScanner installation on a new box, I quarantined
>an infected message as queuefiles from an existing, working MailScanner
>I copy the qf* and df* files into the /var/spool/ dir on the new
>box and get the following output in /var/spool/maillog:
>Nov 18 11:16:38 penguin MailScanner[10694]: New Batch: Scanning 1 messages,
>160672 bytes
>Nov 18 11:16:38 penguin MailScanner[10694]: Spam Checks: Starting
>Nov 18 11:16:44 penguin MailScanner[10694]: Virus and Content Scanning:
>Nov 18 11:16:44 penguin MailScanner[10694]:
>Worm.Gibe.F FOUND
>Nov 18 11:16:44 penguin MailScanner[10694]: Virus Scanning: ClamAV found 1
>Nov 18 11:16:44 penguin MailScanner[10694]: Virus Scanning: Found 1 viruses
>Nov 18 11:16:44 penguin MailScanner[10694]: Uninfected: Delivered 1 messages
>Nov 18 14:17:01 penguin sendmail[11705]: hAIEuS1C023555:
>to=<ralloway at>, delay=04:20:32, xdelay=00:00:17, mailer=smtp,
>pri=120893, [111.222.333.444], dsn=2.0.0, stat=Sent
>(ok 1069183023 qp 31970)
>The email is delivered to the recipient with the virus still attached and
>the following headers:
>X-xxxxxxx-MailScanner: Found to be clean
>Also, the subject line does not have {Virus?} prepended.
>I'm not looking for MailScanner to "clean" the virus from the file and
>reattach, I'd just like MailScanner to remove the infected attachment.
>Does anyone have any thoughts?

In your MailScanner.conf, if you haven't got
   Incoming Work Dir = /raid/spool/MailScanner/incoming
then it should be.
Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list