virus detected but still delivered

Stephen Lee lee at SJU.EDU
Fri Feb 6 14:05:41 GMT 2004 

Julian,
        I changed the path from a symbolic link to absolute path and the
viruses have been stopped.

Thanks very much,
Steve

Julian Field wrote:
>
> What do you have set as your incoming working dir (what was
> /var/spool/MailScanner/incoming)?
> You need to have the real absolute path to it in your MailScanner.conf, i.e.
> /datavol15/incoming
>
> At 22:43 05/02/2004, you wrote:
> >Hello,
> >
> >MailScanner-4.25-14
> >Mail-SpamAssassin-2.63
> >Solaris 9
> >McAfee engine 4.3.20 and DAT 4322
> >
> >         McAfee stopped running some time ago for me. My file extension rules
> >were keeping out so many viruses I never realized it stopped until
> >today. I got it running again but still have a problem. Below is a log
> >snippet that shows the virus in this batch of three messages being
> >detected but still delivered. What confinguration setting did I screw
> >up?
> >
> >
> >Feb  5 17:27:38 mailhost MailScanner[9732]: New Batch: Found 408
> >messages waiting
> >Feb  5 17:27:38 mailhost MailScanner[9732]: New Batch: Scanning 3
> >messages, 49642 bytes
> >Feb  5 17:27:38 mailhost MailScanner[9732]: Spam Checks: Starting
> >Feb  5 17:27:38 mailhost MailScanner[9732]: RBL checks: i15MGrbt004289
> >found in spamhaus.org
> >Feb  5 17:27:40 mailhost MailScanner[9732]: Message i15MGrbt004289 from
> >64.253.207.198 (6-5567031-sju.edu?jh127389 at stderr.emarketmachine2.com)
> >to sju.edu is spam, spamhaus.org, SpamAssassin (score=6.7, required 6,
> >BAYES_80 2.86, BigEvilList_159 3.00, CLICK_BELOW 0.00, HTML_50_60 0.10,
> >HTML_FONT_COLOR_GRAY 0.10, HTML_FONT_FACE_ODD 0.32, HTML_IMAGE_RATIO_06
> >0.23, HTML_WEB_BUGS 0.10)
> >Feb  5 17:27:41 mailhost MailScanner[9732]: RBL checks: i15MEDbd001213
> >found in spamhaus.org
> >Feb  5 17:27:43 mailhost MailScanner[9732]: Message i15MEDbd001213 from
> >69.56.42.89 (bounce-rllrwsssgvrewz at jaadvjjjc.planetaryorbitz.com) to
> >sju.edu is spam, spamhaus.org, SpamAssassin (score=8, required 6,
> >BANG_MONEY 1.72, BAYES_60 1.10, BigEvilList_49 3.00, CLICK_BELOW_CAPS
> >0.50, HTML_60_70 0.10, HTML_FONT_BIG 0.22, HTML_FONT_COLOR_BLUE 0.10,
> >HTML_FONT_COLOR_GRAY 0.10, HTML_FONT_COLOR_RED 0.10,
> >HTML_FONT_COLOR_UNSAFE 0.10, HTML_IMAGE_RATIO_06 0.23,
> >HTML_LINK_CLICK_HERE 0.10, MAILTO_TO_SPAM_ADDR 0.68)
> >Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Checks: Found 2 spam
> >messages
> >Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Actions: message
> >i15MGrbt004289 actions are striphtml,deliver
> >Feb  5 17:27:43 mailhost MailScanner[9732]: Spam Actions: message
> >i15MEDbd001213 actions are striphtml,deliver
> >Feb  5 17:27:44 mailhost MailScanner[9732]: Virus and Content Scanning:
> >Starting
> >Feb  5 17:27:46 mailhost MailScanner[9732]:
> >/datavol15/incoming/9732/i15MM5bV010213/readme.zip2        Found the
> >W32/Mydoom.a at MM virus !!!
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Virus Scanning: McAfee found
> >1 infections
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Infected message datavol15
> >came from
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Virus Scanning: Found 1
> >viruses
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Content Checks: Detected and
> >will convert HTML message to plain text in i15MGrbt004289
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Content Checks: Detected and
> >will convert HTML message to plain text in i15MEDbd001213
> >Feb  5 17:27:46 mailhost MailScanner[9732]: Uninfected: Delivered 3
> >messages
> >
> >Regards,
> >Steve
> >--
> >Stephen J. Lee                  Saint Joseph's University
> >Senior Systems Administrator    5600 City Avenue
> >Networking & Telecommunications Philadelphia, PA 19131-1395
> >E-mail: lee at sju.edu             Voice: (610) 660-1679
> >                                 Fax: (610) 660-1573
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

--
Stephen J. Lee                  Saint Joseph's University
Senior Systems Administrator    5600 City Avenue
Networking & Telecommunications Philadelphia, PA 19131-1395
E-mail: lee at sju.edu             Voice: (610) 660-1679
                                Fax: (610) 660-1573

More information about the MailScanner mailing list