ClamAV sends infected attachments

Drew Marshall drew at THEMARSHALLS.CO.UK
Wed Sep 29 15:31:42 IST 2004 

On Wed, September 29, 2004 15:08, Mister PO said:
> Sorry for the previous post, it was made by mistake.
>
> I have upgraded clamav ot release 0.80rc3 and postfix to release 2.1.5.
>
> Problem with postfix startup is fixed but MailScanner behaves the same.
>
> Do I need to install the Mail::ClamAV perl module ? Is there any option
> before compiling ClamAV ?

No and looking at the errors others are seeing at the moment, it won't
complile against 0.8rc3.

>
> Sep 29 15:52:21 mx postfix/smtpd[12409]: > unknown[192.168.1.10]: 250 Ok:
> queued as 3EE3764124
> Sep 29 15:52:21 mx postfix/smtpd[12409]: watchdog_pat: 0x807efd0
> Sep 29 15:52:22 mx postfix/smtpd[12409]: smtp_get: EOF
> Sep 29 15:52:22 mx postfix/smtpd[12409]: disconnect from unknown
> [192.168.1.10]
> Sep 29 15:52:22 mx postfix/smtpd[12409]: master_notify: status 1
> Sep 29 15:52:22 mx postfix/smtpd[12409]: connection closed
> Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_stop: 0x807efd0
> Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_start: 0x807efd0

You are still getting these?? What is connecting and holding your smtpd
process open (It will be further up the log file).
Could you check your master.cf file.

> Sep 29 15:52:23 mx MailScanner[12322]: New Batch: Scanning 1 messages,
> 5056
> bytes
> Sep 29 15:52:23 mx MailScanner[12322]: Spam Checks: Starting
> Sep 29 15:52:27 mx MailScanner[12322]: Virus and Content Scanning:
> Starting
> Sep 29 15:52:30 mx MailScanner
> [12322]:
> /usr/var/spool/MailScanner/incoming/12322/./3EE3764124/8ball.a.zip:
>  Gen.8ball.a FOUND
> Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: ClamAV found 1
> infections
> Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: Found 1 viruses
> Sep 29 15:52:30 mx MailScanner[12322]: Requeue: 3EE3764124 to 85C8564127
> Sep 29 15:52:30 mx postfix/qmgr[12299]: 85C8564127: from=<spam at alpha-
> mos.com>, size=5016, nrcpt=1 (queue active)
> Sep 29 15:52:30 mx MailScanner[12322]: Uninfected: Delivered 1 messages
>

Have you checked for sym link directories in /var/spool?

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list