Viruses noted by scanner, delivered anyway

Julian Field mailscanner at ecs.soton.ac.uk
Sat Sep 13 02:15:48 IST 2003 

Have you put in a path for the Incoming Queue Dir that includes a symlink?
You need to put in the real path to it.

At 00:47 13/09/2003, you wrote:
>This may be a stupid question, but does Clam disinfect or just detect?
>
>Mike
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
>Of Nicholas Esborn
>Sent: Friday, September 12, 2003 3:40 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Viruses noted by scanner, delivered anyway
>
>
>Hello,
>
>I've been comparing logs between my MailScanner instance and a WebShield
>E500 which scans mail after MailScanner is done with it.  I've noticed a few
>viruses in the E500's logs.  That is even stranger, the viruses are noted by
>MailScanner, but then delievered anyway!
>
>For example, this one got through and was later caught by the E500:
>
>Sep 12 06:38:01 mailscanner1 MailScanner[16264]: New Batch: Scanning 2
>messages, 123570 bytes
>Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Spam Checks: Starting
>Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Virus and Content Scanning:
>Starting
>Sep 12 06:38:02 mailscanner1 MailScanner[16264]:
>/var/spool/filter/MailScanner/incoming/16264/./h8CDbwCE026065/AutoText.com:
>W32/Magistr.B5 FOUND
>Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: ClamAV
>found 1 infections
>Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: Found 1
>viruses Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Uninfected:
>Delivered 2 messages
>
>Note that I'm not able to deny .com and .exe attachments, as a matter of
>policy.  I do block .pifs and .scrs.
>
>Some relevant settings:
>
>Virus Scanners = clamav
>Deliver Disinfected Files = no
>Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Sobig Still Deliver
>Silent Viruses = no Quarantine Infections = yes Quarantine Whole Message =
>yes Quarantine Whole Messages As Queue Files = yes Deliver Cleaned Messages
>= yes
>
>Thanks for any help,
>
>-nick
>
>--
>Nicholas Esborn
>Affymetrix, Inc.
>
>510/428.8505
>
>Every message PGP signed

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list