Whoa!! "Virus Scan failed" What?
Jeff A. Earickson
jaearick at COLBY.EDU
Thu Sep 11 18:34:39 IST 2003
Julian,
I had these two interesting cases today (grepped from my email
syslogs):
(16)> grep h8BGdlAn026143 0
Sep 11 12:39:52 basalt sendmail[26143]: [ID 801593 mail.info]
h8BGdlAn026143: from=<LiliA at jazo.org.il>, size=210808, class=0, nrcpts=1,
msgid=<001301c37883$3f382980$a56fa8c0 at aliyahpc3>, proto=ESMTP, daemon=MTA,
relay=server.jazo.org.il [194.90.65.90]
Sep 11 12:40:07 basalt <22>MailScanner[17224]: ERROR:: Virus scan failed
(514):: ./h8BGdlAn026143/.pdf
Sep 11 12:40:08 basalt sendmail[26278]: [ID 801593 mail.info]
h8BGdlAn026143: to=<oimenzin at colby.edu>, delay=00:00:21, xdelay=00:00:00,
mailer=local, pri=120593, dsn=2.0.0, stat=Sent
Sep 11 12:40:08 basalt sendmail[26278]: [ID 801593 mail.info]
h8BGdlAn026143: done; delay=00:00:21, ntries=1
[basalt:root:/var/adm/syslog]
(17)> grep h8BGgEAn027104 0
Sep 11 12:42:19 basalt sendmail[27104]: [ID 801593 mail.info]
h8BGgEAn027104: from=<LiliA at jazo.org.il>, size=210808, class=0, nrcpts=1,
msgid=<000501c37883$3f3395a0$a56fa8c0 at aliyahpc3>, proto=ESMTP, daemon=MTA,
relay=server.jazo.org.il [194.90.65.90]
Sep 11 12:42:31 basalt <22>MailScanner[17224]: ERROR:: Virus scan failed
(514):: ./h8BGgEAn027104/.pdf
Sep 11 12:42:32 basalt sendmail[27239]: [ID 801593 mail.info]
h8BGgEAn027104: to=<oimenzin at colby.edu>, delay=00:00:18, xdelay=00:00:00,
mailer=local, pri=120593, dsn=2.0.0, stat=Sent
Sep 11 12:42:32 basalt sendmail[27239]: [ID 801593 mail.info]
h8BGgEAn027104: done; delay=00:00:18, ntries=1
Whoa... The virus scan failed, so the email got delivered? This seems
like a Bad Thing (tm). Setup: SunFire V1280, Solaris 9, MS 4.23-11,
SA 2.60, Razor. Using sophossavi (sophos 3.72), clamav 0.60.
Is this something to worry about? Searching my syslogs, this has happened
a few time over the past week+, meaning both MS 4.23-11 and 4.22-5.
--- Jeff
More information about the MailScanner
mailing list