Viruses noted by scanner, delivered anyway
Greyhair
greyhair at GREYHAIR.NET
Sat Sep 13 00:52:02 IST 2003
Clam only detects.
----- Original Message -----
From: "Mike Kercher" <mike at CAMAROSS.NET>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Friday, September 12, 2003 6:47 PM
Subject: Re: Viruses noted by scanner, delivered anyway
> This may be a stupid question, but does Clam disinfect or just detect?
>
> Mike
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf
> Of Nicholas Esborn
> Sent: Friday, September 12, 2003 3:40 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Viruses noted by scanner, delivered anyway
>
>
> Hello,
>
> I've been comparing logs between my MailScanner instance and a WebShield
> E500 which scans mail after MailScanner is done with it. I've noticed a
few
> viruses in the E500's logs. That is even stranger, the viruses are noted
by
> MailScanner, but then delievered anyway!
>
> For example, this one got through and was later caught by the E500:
>
> Sep 12 06:38:01 mailscanner1 MailScanner[16264]: New Batch: Scanning 2
> messages, 123570 bytes
> Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Spam Checks: Starting
> Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Virus and Content
Scanning:
> Starting
> Sep 12 06:38:02 mailscanner1 MailScanner[16264]:
>
/var/spool/filter/MailScanner/incoming/16264/./h8CDbwCE026065/AutoText.com:
> W32/Magistr.B5 FOUND
> Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: ClamAV
> found 1 infections
> Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: Found 1
> viruses Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Uninfected:
> Delivered 2 messages
>
> Note that I'm not able to deny .com and .exe attachments, as a matter of
> policy. I do block .pifs and .scrs.
>
> Some relevant settings:
>
> Virus Scanners = clamav
> Deliver Disinfected Files = no
> Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Sobig Still Deliver
> Silent Viruses = no Quarantine Infections = yes Quarantine Whole Message =
> yes Quarantine Whole Messages As Queue Files = yes Deliver Cleaned
Messages
> = yes
>
> Thanks for any help,
>
> -nick
>
> --
> Nicholas Esborn
> Affymetrix, Inc.
>
> 510/428.8505
>
> Every message PGP signed
>
More information about the MailScanner
mailing list