MailScanner does not notify virus senders

Julian Field MailScanner at ecs.soton.ac.uk
Wed Jan 12 19:59:12 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It means that sender of viruses *only* get notified if either of the
following is true:
a) Silent Viruses contains All-Viruses and the virus is on the
Non-Forging Viruses list
or
b) Silent Viruses does not contain All-Viruses and does not list the
virus that was present in the email message.

Sorry for it being confusing, but I had to develop ways of forcing
people's installations to adopt the behaviour I wanted them to have,
without them having to change any settings they already had (and if
possible without them actually noticing I was changing the operation of
their system so they wouldn't change it back to doing it badly :-)

Jeff A. Earickson wrote:

> Hi,
>
> This sounds like the issue I just raised with Eicar not being listed
> in the "Non-Forging Viruses" list.  Try modifying your setting
> to:
>
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR
>
> Then make sure "Notify Senders Of Viruses" is set to yes.  I've been
> playing with this, and these settings got things working for me
> (MS 4.37.7).
>
> Julian,
>
> I've managed to get myself really confused on this "notify senders
> of viruses" thing.  My conf file has the following settings:
>
> Silent Viruses = HTML-IFrame All-Viruses
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR
> Notify Senders Of Viruses = yes
>
> Does this mean that senders of viruses *only* get notified if the
> virus is on the non-forging list?
>
> Jeff Earickson
> Colby College
>
> On Wed, 12 Jan 2005, Roel Schouten wrote:
>
>> Date: Wed, 12 Jan 2005 16:00:11 +0000
>> From: Roel Schouten <rs at FORTCONSULT.NET>
>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: MailScanner does not notify virus senders
>>
>> Hello,
>>
>> My installation of MailScanner does not notify senders of viruses even
>> though I told it to do so.
>> Otherwise my installation works fine (it both filters spam & virus).
>>
>> I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel
>> 2.4.21-27
>> with PostFix 2.0.16 as MTA.
>> Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2
>>
>> I use the following settings in /etc/MailScanner/MailScanner.conf (I
>> only
>> included the ones, I believe to be relevant):
>>
>> Run As User = postfix
>> Run As Group = postfix
>> Incoming Queue Dir = /var/spool/postfix/hold
>> Outgoing Queue Dir = /var/spool/postfix/incoming
>> MTA = postfix
>> Sendmail = /usr/sbin/sendmail
>> Virus Scanners = clamavmodule
>> Quarantine Infections = no
>> Quarantine Silent Viruses = no
>> Notify Senders = yes
>> Notify Senders Of Viruses = yes
>>
>> To test the virus scanning functionality, I use the EICAR test virus.
>> The log does not show any errors:
>> Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1
>> messages, 719
>> bytes
>> Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning:
>> Starting
>> Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED::
>> Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt
>> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV
>> Module found
>> 1 infections
>> Jan 12 16:46:36 mail MailScanner[15031]: Infected message
>> 2A34F581F5.4AD7B
>> came from 127.0.0.1
>> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses
>>
>>
>> MailScanner is able to send notifications to the system administrator by
>> setting "Send Notices = yes", so that works.
>> It also possible to use /usr/sbin/sendmail (Postfix' version of it)
>> to send
>> mails to external addresses from the command line.
>>
>> Any clue? Thanks!
>>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list