Problems with qmail: viruses not blocked

Maurizio M. Munafo' munafo at polito.it
Wed Jul 20 19:24:27 IST 2005 

I recently started using Mailscanner with Qmail (after using it a long
time on another system with sendmail).
I installed the openprotect extension and everything seemed to work,
i.e. spam, HTML, phishing identification and extention blocking are
working fine, but I did not received any virus notification as an
administrator. 
I investigated further the problem and I just realized that the system
seems not to block viruses (and if a virus is blocked is actually
because of the extension filtering). ClamAV identifies the virus, the
log contains messages like 

> Jul 20 19:28:14 mysystem MailScanner[3669]: New Batch: Scanning 1
messages, 2247 bytes
> Jul 20 19:28:14 mysystem MailScanner[3669]: Spam Checks: Starting
> Jul 20 19:28:18 mysystem MailScanner[3669]: Virus and Content
Scanning: Starting
> Jul 20 19:28:18 mysystem MailScanner[3669]:
/mnt/drbd0/var/spool/MailScanner/incoming/3669/./12386487/eicar.cam:
Eicar-Test-Signature FOUND
> Jul 20 19:28:18 mysystem MailScanner[3669]: Virus Scanning: ClamAV
found 1 infections
> Jul 20 19:28:18 mysystem MailScanner[3669]: Virus Scanning: Found 1
viruses
> Jul 20 19:28:18 mysystem MailScanner[3669]: Uninfected: Delivered 1
messages

but the message is delivered completely without any filtering and the
header is "X-MySys-MailScanner: Found to be clean"

MailScanner.conf contains: 
> Virus Scanning = yes
> Virus Scanners = clamav
> Virus Scanner Timeout = 300
> Deliver Disinfected Files = yes
> Silent Viruses = HTML-IFrame HTML-Codebase All-Viruses
> Still Deliver Silent Viruses = yes
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

Deliver Disinfected Files used to be "no", but I have been experimenting
with the configuration to try to solve the problem.

I do not know if this a problem of qmail configuration or it is due to
some combination of directives in my Mailscanner.conf file.

Thanks for your help.
Maurizio

-- 
______
     / Maurizio M. Munafo'                         / dMMMMMMMMb  dMMMMb
    / Dip. di Elettronica - Politecnico di Torino / dMP"dMP"dMP    "dMP
   / Corso Duca degli Abruzzi 24                 / dMP dMP dMP   dMMK"
  / I-10129 Torino (Italia)                     / dMP dMP dMP     dMF
 / Tel: +39 011 5644128  Fax: +39 011 5644099  / dMP dMP dMP dMMMMP"
/ E-mail: munafo at polito.it                    /________________________

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  196bytes. ]
    [ Unable to print this part. ]

More information about the MailScanner mailing list