tons of infected files getting though???

Desai, Jason jase at SENSIS.COM
Tue Jan 27 19:26:57 GMT 2004

I've noticed that ClamAV has not been finding SCO.A when they are inside of
a mail delivery failure message.  McAfee however does find it (calling it

I can take the email and scan it with ClamAV, but it will not find anything.
But if I decode the attachment and scan it with ClamAV, ClamAV will find

Could it be that the ones that are getting through are delivery failure
notifications?  I don't know if it's a bug in ClamAV or if it could be fixed
with updating the virus definitions, but I don't think it's a MailScanner


> -----Original Message-----
> From: Chris Yuzik [mailto:chris at FRACTALWEB.COM]
> Sent: Tuesday, January 27, 2004 2:23 PM
> Subject: [MAILSCANNER] tons of infected files getting though???
> Hi everyone,
> I was having a hard look through my logs and such and also looking
> though MailWatch. I see quite a few emails that definitely contain the
> virus that were only tagged as spam. I can see nothing in
> /var/log/maillog that indicates why this message would not have been
> marked as infected. I've even forwarded a couple of them to myself and
> there's no doubt about's the SCO.A or Navarg or whatever. If I
> save the attachment, then scp it to my mailserver and run clamscan on
> it, everything works great and ClamAV correctly identifies the virus.
> For yesterday alone, my system saw 106 messages that it found infected
> with the virus, and an additional 80 that slipped by. WTF???
> Is it possible that MailScanner isn't getting clamav to scan all the
> attachments? How do I go about troubleshooting this? Urgent help would
> be appreciated.
> Cheers,
> Chris

More information about the MailScanner mailing list