virus detected but still delivered

Stephen Lee lee at SJU.EDU
Thu Feb 5 22:43:10 GMT 2004 

Hello,

MailScanner-4.25-14
Mail-SpamAssassin-2.63
Solaris 9
McAfee engine 4.3.20 and DAT 4322

        McAfee stopped running some time ago for me. My file extension rules
were keeping out so many viruses I never realized it stopped until
today. I got it running again but still have a problem. Below is a log
snippet that shows the virus in this batch of three messages being
detected but still delivered. What confinguration setting did I screw
up?


Feb  5 17:27:38 mailhost MailScanner[9732]: New Batch: Found 408
messages waiting
Feb  5 17:27:38 mailhost MailScanner[9732]: New Batch: Scanning 3
messages, 49642 bytes
Feb  5 17:27:38 mailhost MailScanner[9732]: Spam Checks: Starting
Feb  5 17:27:38 mailhost MailScanner[9732]: RBL checks: i15MGrbt004289
found in spamhaus.org
Feb  5 17:27:40 mailhost MailScanner[9732]: Message i15MGrbt004289 from
64.253.207.198 (6-5567031-sju.edu?jh127389 at stderr.emarketmachine2.com)
to sju.edu is spam, spamhaus.org, SpamAssassin (score=6.7, required 6,
BAYES_80 2.86, BigEvilList_159 3.00, CLICK_BELOW 0.00, HTML_50_60 0.10,
HTML_FONT_COLOR_GRAY 0.10, HTML_FONT_FACE_ODD 0.32, HTML_IMAGE_RATIO_06
0.23, HTML_WEB_BUGS 0.10)
Feb  5 17:27:41 mailhost MailScanner[9732]: RBL checks: i15MEDbd001213
found in spamhaus.org
Feb  5 17:27:43 mailhost MailScanner[9732]: Message i15MEDbd001213 from
69.56.42.89 (bounce-rllrwsssgvrewz at jaadvjjjc.planetaryorbitz.com) to
sju.edu is spam, spamhaus.org, SpamAssassin (score=8, required 6,
BANG_MONEY 1.72, BAYES_60 1.10, BigEvilList_49 3.00, CLICK_BELOW_CAPS
0.50, HTML_60_70 0.10, HTML_FONT_BIG 0.22, HTML_FONT_COLOR_BLUE 0.10,
HTML_FONT_COLOR_GRAY 0.10, HTML_FONT_COLOR_RED 0.10,
HTML_FONT_COLOR_UNSAFE 0.10, HTML_IMAGE_RATIO_06 0.23,
HTML_LINK_CLICK_HERE 0.10, MAILTO_TO_SPAM_ADDR 0.68)
Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Checks: Found 2 spam
messages
Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Actions: message
i15MGrbt004289 actions are striphtml,deliver
Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Actions: message
i15MEDbd001213 actions are striphtml,deliver
Feb  5 17:27:44 mailhost MailScanner[9732]: Virus and Content Scanning:
Starting
Feb  5 17:27:46 mailhost MailScanner[9732]:
/datavol15/incoming/9732/i15MM5bV010213/readme.zip2        Found the
W32/Mydoom.a at MM virus !!!
Feb  5 17:27:46 mailhost MailScanner[9732]: Virus Scanning: McAfee found
1 infections
Feb  5 17:27:46 mailhost MailScanner[9732]: Infected message datavol15
came from
Feb  5 17:27:46 mailhost MailScanner[9732]: Virus Scanning: Found 1
viruses
Feb  5 17:27:46 mailhost MailScanner[9732]: Content Checks: Detected and
will convert HTML message to plain text in i15MGrbt004289
Feb  5 17:27:46 mailhost MailScanner[9732]: Content Checks: Detected and
will convert HTML message to plain text in i15MEDbd001213
Feb  5 17:27:46 mailhost MailScanner[9732]: Uninfected: Delivered 3
messages

Regards,
Steve
--
Stephen J. Lee                  Saint Joseph's University
Senior Systems Administrator    5600 City Avenue
Networking & Telecommunications Philadelphia, PA 19131-1395
E-mail: lee at sju.edu             Voice: (610) 660-1679
                                Fax: (610) 660-1573

More information about the MailScanner mailing list