MailScanner cant detect virus

Ugo Bellavance ugob at CAMO-ROUTE.COM
Wed Jun 22 14:22:35 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Meshbah Uddin Ahmed wrote:
> yes, u right, my scanner doesnt detect virus. pls
> advice me what can i do. here is my settings-
> 
> in my virus.scanners.conf  file, it is-
> clamav  /etc/MailScanner/wrapper/clamav-wrapper  /usr
> 
> I have install all pkg like this
> apt-get install postfix mailscanner spamassassin
> 
> but download clamav manually. then install it.
> my freshclam.conf is in- /usr/local/etc/
> and *.cvd files are in- /var/lib/clamav/
> 
> in MailScanner.conf file-
> Virus Scanning = yes
> Virus Scanner = clamav

Where is clamscan?

> 
> 
> Here is log, where an attach file eicar.com.txt which
> contains virus-
> 
> Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]:
> 1ABB3D6BC4: client=unknown[192.168.200.70]
> Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]:
> 1ABB3D6BC4: message-id=<42B95C5F.7070908 at myserver.com>
> Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
> 1ABB3D6BC4: from=<meshbah at myserver.com>, size=1037,
> nrcpt=1 (queue active)
> Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
> 1ABB3D6BC4: to=<meshbah at myserver.com>,
> relay=none, delay=0, status=deferred (delivery
> temporarily suspended: deferred transport)
> Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
> Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt
> Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
> Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt
> Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue:
> 1ABB3D6BC4.D76FB to 5036F7F405
> 
> 
> Please help me to resolve it.
> 
> Thanks
> Meshbah
> 
> --- Glenn Steen <glenn.steen at GMAIL.COM> wrote:
> 
> 
>>On 6/21/05, Meshbah Uddin Ahmed
>><meshbahuddin at yahoo.com> wrote:
>>
>>>In MailScannerc.onf, it was
>>>Maximum Archive Depth = 2
>>>
>>>i set it 0. then zip files sent. But if i attach
>>
>>zip
>>
>>>file, which contains virus, it also sent, clamav
>>
>>didnt
>>
>>>chk it.
>>>
>>>where as if i set Maximum Archive Depth = 2,
>>>MailScanner block all attach file which ext is
>>
>>.zip
>>
>>>pls, advice.
>>>
>>>
>>>
>>>
>>>--- Glenn Steen <glenn.steen at GMAIL.COM> wrote:
>>>
>>>
>>>>On 6/21/05, Meshbah Uddin Ahmed
>>>><meshbahuddin at yahoo.com> wrote:
>>>>
>>>>>Hi,
>>>>>
>>>>>I use Postfix + MailScanner + ClamAV +
>>>>
>>>>SpamAssassin in
>>>>
>>>>>Debian. All are works fine. I faced a problem,
>>>>
>>>>when i
>>>>
>>>>>want to send mail with zip attach included
>>
>>.exe,
>>
>>>>>mailscanner blocks it. But if i create that
>>
>>folder
>>
>>>>>with tgz extension then it successfully send.
>>>>>
>>>>>In my filenames.rules.conf file, both /.zip
>>
>>and
>>
>>>>>/.t?gz
>>>>>are allowed.
>>>>>
>>>>>Plaese advice me, what should i do to recover
>>
>>it.
>>
>>>>>Reagrds
>>>>>Meshbah
>>>>>
>>>>
>>>>Hm, shouldn't the tgz-ball have been stoped too?
>>>>Anyway, if you read
>>>>the comments just above
>>>>Maximum Archive Depth =
>>>>you'll see that you should perhaps set it to 0.
>>>>
>>>>--
>>>>-- Glenn
>>>>email: glenn < dot > steen < at > gmail < dot >
>>
>>com
>>
>>>>work: glenn < dot > steen < at > ap1 < dot > se
>>>>
>>
>>Would clamscan find that virus *outside* of MS? As
>>it says in the
>>comments, this should have nothing to do with
>>whether clamav can find
>>a virus or not. Look at virus.scanners.conf,  use
>>the second and third
>>column for clamav like this:
>>/usr/lib/MailScanner/clamav-wrapper /usr/local -r
>>--disable-summary
>>--stdout /path/to/file.with.virus.zip
>>(all on one line, in case that got wrapped:).
>>Does that detect it?
>>
>>-- 
>>-- Glenn
>>email: glenn < dot > steen < at > gmail < dot > com
>>work: glenn < dot > steen < at > ap1 < dot > se
>>
>>------------------------ MailScanner list
>>------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with
>>the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki
>>(http://wiki.mailscanner.info/) and
>>the archives
>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off
>>the website!
>>
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list