Why mailscanner fails recognizing a forwarded infected.
Remco Barendse
mailscanner at BARENDSE.TO
Tue Sep 7 08:14:46 IST 2004
<x-flowed>
On Tue, 7 Sep 2004, Mirko Bovati wrote:
> On Monday 06 September 2004 17:46, you wrote:
>> At 12:39 06/09/2004, you wrote:
>>> I will send the sendmail' s pair to Nai and wait for news.
>>> have you got any other hints?
>>
>> Have you checked that the path to /var/spool/MailScanner/incoming contains
>> no symlinks at all? The fact that your qf and df files you are checking
>
> Yes, I checked. No symlinks at all. I moved qf and df only for convenience.
> This is the only case I found. All other infected email I try to forward
> MailScanner finds a virus. I think if it's a symlinks problem MailScanner
> fails with all forward. Is not it?
No, when I had symlinks on my box *some* (old) virii managed to slip by
while others were detected properly, even in the same batch. I guess you
could say symlinks can cause unexpected/random behaviour of mcafee.
These kind of problems are hard to sort out especially because you cannot
trace if there are any symlinks in places where you would not expect them.
I assume you are using the latest version of mcafee?
Why not install clamav 'on the side', it's free and imho a lot better than
mcafee which is always slow with their updates?
> In this hours I tested the same situation on a fedora core 1
> mailscanner-4.32.5-1
> uvscan 4.3.20
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list