ClamAV and MailScanner Bug
Julian Field
MailScanner at ecs.soton.ac.uk
Wed May 4 21:57:45 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Julian Field wrote:
> Chris Stone wrote:
>
>> On Wednesday 04 May 2005 02:04 am, Julian Field wrote:
>>
>>
>>> On 4 May 2005, at 00:16, Chris Stone wrote:
>>>
>>>
>>>> I am seeing problems under OSX:
>>>>
>>>> May 3 18:56:29 g5
>>>> MailScanner[1898]: /private/var/spool/MailScanner/incoming/
>>>> 1898/./9F050BA0A85C/error-mail_info.zip:
>>>> Worm.Sober.P FOUND
>>>> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1
>>>> infections
>>>> May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at
>>>> 37432 bytes
>>>> per second
>>>> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to
>>>> C3AB7BA0A920
>>>> May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages
>>>> May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at
>>>> 74864
>>>> bytes per second
>>>> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at
>>>> 74864 bytes
>>>> per second
>>>> Seems to only still deliver the Sober viruses - all the others are
>>>> caught as
>>>> above, but not delivered. This client is running MS 4.34.8 and
>>>> ClamAV 0.83.
>>>> Am going to have them update to the latest MS stable release and
>>>> see if they
>>>> still have this issue.
>>>>
>>>>
>>> Can someone send me one of the troublesome messages please?
>>> Easiest way is to put it on the web and mail me the URL.
>>>
>>>
>>
>> I'll see if I can get one and do that. Since MS is not blocking them,
>> I don't
>> have the full messages on the server to pull - only the headers (using
>> MailWatch).
>>
>> But, while other viruses are being properly blocked by MS, it's only
>> these
>> Worm.Sober.P viruses that ClamAV is detecting, MS is seeing that, but
>> stating
>> it's disinfected and queuing it up for delivery.
>>
>>
> Aha! It's only the Worm.Sober.P viruses that are causing the problem.
> That's useful news.
> If you can get one, please do send it to me.
I just tried it with 2 Worm.Sober.P messages from my own servers, and
neither of them caused any problem whatsoever. Both caught just fine.
Worked with Maximum Archive Depth = 0 and with = 2.
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list