MailScanner cant detect virus

Meshbah Uddin Ahmed meshbahuddin at YAHOO.COM
Wed Jun 22 14:11:06 IST 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

yes, u right, my scanner doesnt detect virus. pls
advice me what can i do. here is my settings-

in my virus.scanners.conf  file, it is-
clamav  /etc/MailScanner/wrapper/clamav-wrapper  /usr

I have install all pkg like this
apt-get install postfix mailscanner spamassassin

but download clamav manually. then install it.
my freshclam.conf is in- /usr/local/etc/
and *.cvd files are in- /var/lib/clamav/

in MailScanner.conf file-
Virus Scanning = yes
Virus Scanner = clamav


Here is log, where an attach file eicar.com.txt which
contains virus-

Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]:
1ABB3D6BC4: client=unknown[192.168.200.70]
Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]:
1ABB3D6BC4: message-id=<42B95C5F.7070908 at myserver.com>
Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
1ABB3D6BC4: from=<meshbah at myserver.com>, size=1037,
nrcpt=1 (queue active)
Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
1ABB3D6BC4: to=<meshbah at myserver.com>,
relay=none, delay=0, status=deferred (delivery
temporarily suspended: deferred transport)
Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt
Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt
Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue:
1ABB3D6BC4.D76FB to 5036F7F405


Please help me to resolve it.

Thanks
Meshbah

--- Glenn Steen <glenn.steen at GMAIL.COM> wrote:

> On 6/21/05, Meshbah Uddin Ahmed
> <meshbahuddin at yahoo.com> wrote:
> > In MailScannerc.onf, it was
> > Maximum Archive Depth = 2
> > 
> > i set it 0. then zip files sent. But if i attach
> zip
> > file, which contains virus, it also sent, clamav
> didnt
> > chk it.
> > 
> > where as if i set Maximum Archive Depth = 2,
> > MailScanner block all attach file which ext is
> .zip
> > 
> > pls, advice.
> > 
> > 
> > 
> > 
> > --- Glenn Steen <glenn.steen at GMAIL.COM> wrote:
> > 
> > > On 6/21/05, Meshbah Uddin Ahmed
> > > <meshbahuddin at yahoo.com> wrote:
> > > > Hi,
> > > >
> > > > I use Postfix + MailScanner + ClamAV +
> > > SpamAssassin in
> > > > Debian. All are works fine. I faced a problem,
> > > when i
> > > > want to send mail with zip attach included
> .exe,
> > > > mailscanner blocks it. But if i create that
> folder
> > > > with tgz extension then it successfully send.
> > > >
> > > > In my filenames.rules.conf file, both /.zip
> and
> > > > /.t?gz
> > > > are allowed.
> > > >
> > > > Plaese advice me, what should i do to recover
> it.
> > > >
> > > > Reagrds
> > > > Meshbah
> > > >
> > > Hm, shouldn't the tgz-ball have been stoped too?
> > > Anyway, if you read
> > > the comments just above
> > > Maximum Archive Depth =
> > > you'll see that you should perhaps set it to 0.
> > >
> > > --
> > > -- Glenn
> > > email: glenn < dot > steen < at > gmail < dot >
> com
> > > work: glenn < dot > steen < at > ap1 < dot > se
> > >
> Would clamscan find that virus *outside* of MS? As
> it says in the
> comments, this should have nothing to do with
> whether clamav can find
> a virus or not. Look at virus.scanners.conf,  use
> the second and third
> column for clamav like this:
> /usr/lib/MailScanner/clamav-wrapper /usr/local -r
> --disable-summary
> --stdout /path/to/file.with.virus.zip
> (all on one line, in case that got wrapped:).
> Does that detect it?
> 
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off
> the website!
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list