ClamAV + MS + Solaris=problem!!!!

Grzegorz Staleñczyk scs at uwb.edu.pl
Fri Mar 5 14:18:53 GMT 2004 

Hey There!

I've got a  problem with viri on attachments in e-mails!

when I scan file.zip by hand clamscan find virus, but e-mail with this infected files
in atachment can go (IT IS NOT STOPED!) It's  run on Solaris 8,  Clam AntiVirus Scanner 0.67 ,
MailScanner  4.26.8


----------log---------------------------------------
[dask at mail ~]$/usr/local/bin/clamscan freaky.zip
freaky.zip: Worm.SomeFool.B.2 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 20366
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 10.594 sec (0 m 10 s)


Mar  3 14:53:55 mail MailScanner[11494]: /export/home2/mail/incoming/11494/./i23Dps113333/portmoney.zip: Worm.SomeFool.B FOUND
Mar  3 14:53:56 mail MailScanner[11494]: Virus Scanning: ClamAV found 1 infections
Mar  3 14:53:56 mail MailScanner[11494]: Virus Scanning: Found 1 viruses
Mar  3 14:53:59 mail MailScanner[11494]: Filetype Checks: Allowing i23Dps113333 portmoney.zip
Mar  3 14:54:00 mail MailScanner[11494]: Virus Scanning completed at 934 bytes per second
Mar  3 14:54:01 mail MailScanner[11517]: Virus Scanning completed at 86 bytes per second



Next I install  Mailscanner + ClamAv + Sendmail the same versions on
on my second mail serverto taste it (Linux Slackware), and

Mar  3 20:52:59 dask-xp MailScanner[16052]: Saved entire message to
/var/spool/quarantine/20040303/i23Jqixu016730
Mar  3 20:52:59 dask-xp MailScanner[16052]: Saved infected "freaky.zip" to
/var/spool/quarantine/20040303/i23Jqixu016730
Mar  3 20:52:59 dask-xp MailScanner[16052]: Cleaned: Delivered 1 cleaned 
messages
                                           ^^^^^^^^^

On  my first mail serever (Solaris) with the same versions Clam and MS was:

Mar  3 21:35:18 mail MailScanner[21453]: New Batch: Scanning 1 messages, 75503 
bytes
Mar  3 21:35:19 mail MailScanner[21453]: MCP Checks completed at 75503 bytes 
per second
Mar  3 21:35:19 mail MailScanner[21453]: Spam Checks: Starting
Mar  3 21:35:28 mail MailScanner[21453]: Spam Checks completed at 8389 bytes 
per second
Mar  3 21:35:29 mail MailScanner[21453]: Virus and Content Scanning: Starting
Mar  3 21:37:05 mail MailScanner
[21453]: /export/home2/mail/incoming/21453/./i23KTFD21834/freaky.zip:
Worm.SomeFool.Gen-2 FOUND
Mar  3 21:37:08 mail MailScanner[21453]: Virus Scanning: ClamAV found 1 infections
Mar  3 21:37:08 mail MailScanner[21453]: Virus Scanning: Found 1 viruses
Mar  3 21:37:10 mail MailScanner[21453]: Filename Checks: Allowing i23KTFD21834msg-21453-3.txt
Mar  3 21:37:10 mail MailScanner[21453]: Filename Checks: Allowing i23KTFD21834freaky.zip
                                                          ^^^^^^^^
Mar  3 21:37:11 mail MailScanner[21453]: Filetype Checks: Allowing i23KTFD21834msg-21453-3.txt
Mar  3 21:37:11 mail MailScanner[21453]: Filetype Checks: Allowing i23KTFD21834freaky.zip
Mar  3 21:37:12 mail MailScanner[21453]: Virus Scanning completed at 75 bytes  per second


Why it is? Why server "dask-xp - Linux" stop mail with attachment "freaky.zip" ,
and "mail -Solaris" server  not stop it!
Configurations are the same!
Thank for your help

-- 
Pozdrawiam. Miłego dnia. 
____________________________________________________________________________

Grzesiek                                scss at poczta.of.pl lub scs at uwb.edu.pl

More information about the MailScanner mailing list