ClamAV and MailScanner Bug
Rose, Bobby
brose at MED.WAYNE.EDU
Wed May 4 12:15:12 IST 2005
Julian,
I'm using sendmail 8.13.3. All I did to duplicate it was send a test
message with an EICAR attachment. If I used clamav by itself, then the
virus is detected but MS still says it's clean and delivers it. If I
switch to clamavmodule, then the virus is detected and MS removes the
message id from it's array of ones to be deliverer. If I used a sophos
as a secondary scanner to clamav then virus is also detected and stopped
but I think that is because it's acting on the sophos detection and not
the clamav.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Wednesday, May 04, 2005 4:19 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ClamAV and MailScanner Bug
Also, is it specific to one MTA?
Looks like you are using Postfix. What is anyone else with this problem
running?
On 4 May 2005, at 09:04, Julian Field wrote:
> On 4 May 2005, at 00:16, Chris Stone wrote:
>
>
>> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote:
>>
>>
>>> Scott Silva wrote:
>>>
>>>
>>>> Rose, Bobby wrote:
>>>>
>>>>
>>>>> So no one else is seeing this problem? I'm talking about onlying
>>>>> clamav as the scanner....no others and not clamavmodule.
>>>>>
>>>>>
>>>>
>>>> Maybe only a Solaris 8 problem.
>>>>
>>>>
>>>
>>> No. I'm using Solaris with Clam and I'm not having any problems.
>>>
>>>
>>
>> I am seeing problems under OSX:
>>
>> May 3 18:56:29 g5
>> MailScanner[1898]: /private/var/spool/MailScanner/incoming/
>> 1898/./9F050BA0A85C/error-mail_info.zip:
>> Worm.Sober.P FOUND
>> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1
>> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning
>> completed at
>> 37432 bytes
>> per second
>> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to
>> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected:
>> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus
>> Processing completed at
>> 74864
>> bytes per second
>> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at
>> 74864 bytes
>> per second
>>
>> Seems to only still deliver the Sober viruses - all the others are
>> caught as above, but not delivered. This client is running MS 4.34.8
>> and ClamAV 0.83.
>> Am going to have them update to the latest MS stable release and see
>> if they still have this issue.
>>
>>
>
> Can someone send me one of the troublesome messages please?
> Easiest way is to put it on the web and mail me the URL.
>
> --
> Julian Field
> jkf at ecs.soton.ac.uk
> Teaching Systems Manager
> Electronics & Computer Science
> University of Southampton
> SO17 1BJ, UK
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
--
Julian Field
jkf at ecs.soton.ac.uk
Teaching Systems Manager
Electronics & Computer Science
University of Southampton
SO17 1BJ, UK
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list