mailscanner at ecs.soton.ac.uk
Thu Mar 4 18:39:42 GMT 2004
You almost certainly have your "Incoming Work Directory" set wrong. The
path set in there must be the absolute path to the directory, not a path
that follows any links. Yours should be set to
and I expect you have something like
At 18:33 04/03/2004, you wrote:
>I just upgraded my Clamav from .60 to .67 and I see in the logs it is being
>detected now. However it appears that mailscanner is ignoring it and
>delivering the message anyway?
>Mar 4 10:22:44 ruth MailScanner:
>Mar 4 10:22:44 ruth MailScanner: Virus Scanning: ClamAV found 1
>Mar 4 10:22:44 ruth MailScanner: Virus Scanning: Found 1 viruses
>Mar 4 10:22:45 ruth MailScanner: Uninfected: Delivered 1 messages
>I sent the test message and it came right through with no problems. I have
>mailscanner setup to not deliver disenfected messages. So I should have
>gotten an attachment indicating it had been removed. No such luck. I am
>temporarily blocking ZIP files till I can find a fix.
>I am running F-PROT and CLAMAV. F-Prot is not detecting at all.
>----- Original Message -----
>From: "Dan Williamson" <danw at NORCOMCABLE.CA>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Thursday, March 04, 2004 8:46 AM
>Subject: Re: W32/Bagle-Zip
> > ClamAV is getting them.
> > I had .60 installed, it wasn't catching them, however after upgrading to
> > it is now catching them.
> > I would suggest adding a second virus scanner if you can.
> > regards,
> > -dan
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Of Ryan Pitt
> > Sent: March 4, 2004 10:48 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: W32/Bagle-Zip
> > Hirsh, Joshua wrote:
> > >Looks like Sophos is now matching against the passworded zip's for the
> > >Bagle
> > >strains:
> > >
> > >http://www.sophos.com/virusinfo/analyses/w32baglezip.html
> > >
> > >-Joshua
> > >
> > This baglezip ide was downloaded automatically, so I temporarily
> > *allowed* .zip files to pass through MailScanner and sent a copy of
> > through and Sophos still does not detect it.
> > I'm not sure exactly what this definition is supposed to do thats
> > Still waiting for the next stable release of MailScanner to be released
> > before I upgrade.
> > I have gone back to *denying* all .zip files for the time being.
> > -Ryan Pitt
> > --
> > This message has been scanned for viruses and dangerous content by
> > MailScanner, and is believed to be clean.
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner