Virus scanning questions

Robin, Rob rrobin at GREENAPPLE.COM
Thu May 6 17:33:35 IST 2004 

Hello all,

        This bugs me for almost the entire morning. Appreciate some help.

Problems:
---------
        I intend to notify senders of viruses. I checked the log files (posted below), the clamav does the scanning and logged that it found viruses. However, sender never gets notified. The recipient still receives the message (w/ virus attachment) unaltered in anyway. 

        The header of the received message contradicts the log message. The log message says that it has detected a virus, but the header says that it's clean.

        Header of the scanned message:
        X-greenapple.com-MailScanner-Information: Please contact the ISP for more information
        X-greenapple.com-MailScanner: Found to be clean

        My entire etc/ config can be found at www.greenapple.com/~rrobin/mailscanner/etc [.dist files are the unmodified original config files ]

Platform
--------
Sendmail 8.12.10
MailScanner v. 4.30.3
Clamav 0.70
Fedora


Related MailScanner.conf
------------------------
Virus Scanning = yes
Virus Scanners = clamav
Deliver Disinfected Files = no
Notify Senders = yes
Notify Senders Of Viruses = yes
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = yes
Virus Subject Text = {Virus?}
[ filename checking is disabled, both set to empty string ]
Filename Rules =
Filetype Rules =


--- Related Log--
May  6 12:23:19 mailtest MailScanner[1895]: New Batch: Scanning 1 messages, 1576 bytes
May  6 12:23:22 mailtest MailScanner[1895]: Virus and Content Scanning: Starting
May  6 12:23:27 mailtest MailScanner[1909]: MailScanner E-Mail Virus Scanner version 4.30.3 starting...
May  6 12:23:29 mailtest MailScanner[1897]: Using locktype = flock
May  6 12:23:31 mailtest MailScanner[1895]: /usr/local/MailScanner/4.30.3/var/spool/incoming/1895/./i46GNG2o001896/eicar.com: Eicar-Test-Signature FOUND
May  6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: ClamAV found 1 infections
May  6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: Found 1 viruses
May  6 12:23:33 mailtest MailScanner[1895]: Uninfected: Delivered 1 messages
May  6 12:23:33 mailtest sendmail[1912]: gethostbyaddr(192.168.186.200) failed: 1
May  6 12:23:38 mailtest MailScanner[1909]: Using locktype = flock
-----------------

        What went wrong ?

Thanks,
Rob

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list