Viruses noted by scanner, delivered anyway

Fri Sep 12 21:40:11 IST 2003

Hello,

I've been comparing logs between my MailScanner instance and a WebShield
E500 which scans mail after MailScanner is done with it.  I've noticed a
few viruses in the E500's logs.  That is even stranger, the viruses are
noted by MailScanner, but then delievered anyway!

For example, this one got through and was later caught by the E500:

Sep 12 06:38:01 mailscanner1 MailScanner[16264]: New Batch: Scanning 2 messages, 123570 bytes 
Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Spam Checks: Starting 
Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Virus and Content Scanning: Starting 
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: /var/spool/filter/MailScanner/incoming/16264/./h8CDbwCE026065/AutoText.com: W32/Magistr.B5 FOUND 
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: ClamAV found 1 infections 
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: Found 1 viruses
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Uninfected: Delivered 2 messages

Note that I'm not able to deny .com and .exe attachments, as a matter of
policy.  I do block .pifs and .scrs.

Some relevant settings:

Virus Scanners = clamav
Deliver Disinfected Files = no
Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Sobig
Still Deliver Silent Viruses = no
Quarantine Infections = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
Deliver Cleaned Messages = yes

Thanks for any help,

-nick

-- 
Nicholas Esborn
Affymetrix, Inc.

510/428.8505

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030912/e057055e/attachment.bin