virus scan / filename check

Julian Field mailscanner at ecs.soton.ac.uk
Mon May 3 14:59:16 IST 2004


Check your
Incoming Work Dir
setting. As the comment above it says, this must include no links at all, 
but must be the genuine absolute path to the incoming directory. This is 
almost certainly where you have gone wrong.

At 14:41 03/05/2004, you wrote:
>On Mon, May 03, 2004 at 02:05:01PM +0100, Julian Field wrote:
> > At 13:50 03/05/2004, you wrote:
> > >Hello.
> > >
> > >My MailScanner+ClamAV simple installation is working fine but I'm
> > >experiencing a minor problem: MS is quarantining attachments with
> > >viruses (like Document.pif) based on their filenames and sending
> > >notifications to the users (by my setup)
> >
> > Check that you are seeing the ClamAV reports as well as the filename check
> > reports. It should treat them as "silent" if ClamAV found them.
>
>I sent myself a infected attachment (ZZZZZ.scr):
>
>$ clamscan ZZZZZ.scr
>ZZZZZ.scr: Worm.SomeFool.P FOUND
>
>'SomeFool' is in my Silent Viruses definition.
>
>Then I received the cleaned email and MS reported just:
>
>'Windows Screensavers are often used to hide viruses (ZZZZZ.scr)'
>
>I think the relevant log entries are:
>
>May  3 10:29:41 truta MailScanner[8235]: 
>/opt/MailScanner-4.30.3/var/incoming/82 35/./i43DTexO002867/ZZZZZ.scr: 
>Worm.SomeFool.P FOUND
>May  3 10:29:41 truta MailScanner[8235]: Virus Scanning: Found 1 viruses
>May  3 10:29:41 truta MailScanner[8235]: Filename Checks: Possible virus 
>hidden in a screensaver (i43DTexO002867 ZZZZZ.scr)
>May  3 10:29:41 truta MailScanner[8235]: Other Checks: Found 1 problems
>May  3 10:29:41 truta MailScanner[8235]: Saved entire message to 
>/dump/MailScanner/var/quarant/20040503/i43DTexO002867
>May  3 10:29:41 truta MailScanner[8235]: Saved infected "ZZZZZ.scr" to 
>/dump/Mai
>lScanner/var/quarant/20040503/i43DTexO002867
>May  3 10:29:41 truta MailScanner[8235]: Cleaned: Delivered 1 cleaned 
>messages
>May  3 10:29:42 truta MailScanner[8235]: Notices: Warned about 1 messages
>
>
>Thanks again.
>
> >
> > > but since they contain
> > >viruses listed in my Silent Viruses definition, I´d like that MS
> > >take action based first on the antivirus check before the
> > >filename rules check.
> > >
> > >Is that possible or I'm doing something wrong?
> > >
> > >Thanks and please excuse my bad English.
> > >
> > >Marcelo.
> > >
>
>--
>
>Marcelo Zacarias da Silva  -  CIAGRI/USP  /  Fone: (19)3429-4532
>GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc
>
>--
>Mensagem verificada contra vírus (Ciagri::MailScanner)
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html




More information about the MailScanner mailing list