Virus scanning questions

Steve Evans sevans at FOUNDATION.SDSU.EDU
Thu May 6 17:40:16 IST 2004 

>>> I intend to notify senders of viruses.

Please don't.  I really don't want to hear about every virus headed your
way that I didn't send.


Steve Evans
SDSU Foundation


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Robin, Rob
Sent: Thursday, May 06, 2004 9:34 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Virus scanning questions

Hello all,

        This bugs me for almost the entire morning. Appreciate some
help.

Problems:
---------
        I intend to notify senders of viruses. I checked the log files
(posted below), the clamav does the scanning and logged that it found
viruses. However, sender never gets notified. The recipient still
receives the message (w/ virus attachment) unaltered in anyway. 

        The header of the received message contradicts the log message.
The log message says that it has detected a virus, but the header says
that it's clean.

        Header of the scanned message:
        X-greenapple.com-MailScanner-Information: Please contact the ISP
for more information
        X-greenapple.com-MailScanner: Found to be clean

        My entire etc/ config can be found at
www.greenapple.com/~rrobin/mailscanner/etc [.dist files are the
unmodified original config files ]

Platform
--------
Sendmail 8.12.10
MailScanner v. 4.30.3
Clamav 0.70
Fedora


Related MailScanner.conf
------------------------
Virus Scanning = yes
Virus Scanners = clamav
Deliver Disinfected Files = no
Notify Senders = yes
Notify Senders Of Viruses = yes
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = yes
Virus Subject Text = {Virus?}
[ filename checking is disabled, both set to empty string ] Filename
Rules = Filetype Rules =


--- Related Log--
May  6 12:23:19 mailtest MailScanner[1895]: New Batch: Scanning 1
messages, 1576 bytes May  6 12:23:22 mailtest MailScanner[1895]: Virus
and Content Scanning: Starting May  6 12:23:27 mailtest
MailScanner[1909]: MailScanner E-Mail Virus Scanner version 4.30.3
starting...
May  6 12:23:29 mailtest MailScanner[1897]: Using locktype = flock May
6 12:23:31 mailtest MailScanner[1895]:
/usr/local/MailScanner/4.30.3/var/spool/incoming/1895/./i46GNG2o001896/e
icar.com: Eicar-Test-Signature FOUND May  6 12:23:32 mailtest
MailScanner[1895]: Virus Scanning: ClamAV found 1 infections May  6
12:23:32 mailtest MailScanner[1895]: Virus Scanning: Found 1 viruses May
6 12:23:33 mailtest MailScanner[1895]: Uninfected: Delivered 1 messages
May  6 12:23:33 mailtest sendmail[1912]: gethostbyaddr(192.168.186.200)
failed: 1 May  6 12:23:38 mailtest MailScanner[1909]: Using locktype =
flock
-----------------

        What went wrong ?

Thanks,
Rob

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list