ClamAV and MailScanner Bug

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Thu May 5 13:47:45 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rose, Bobby wrote:
> When I posted this issue others jumped on the thread about zip files and
> have taken this into another direction involving sober.p.  The issue
> that I was reporting was with "Virus Scanners = clamav" and it didn't
> matter what the virus was.  My tests was using eicar.doc which was
> eicar.com just renamed to avoid filename checks.  I included log
> excerpts in my original message when using "Virus Scanners = clamav" and
> when "Virus Scanners = clamavmodule".   If I use "Virus Scanners =
> clamavmodule", then everything works both detection and action.  If I
> use "Virus Scanners = clamav" then the only thing that works is
> detection.  It's not clamav since the virus is being detected and
> MailScannner is logging the detection.  But it's what MailScanner is
> doing after detection when using clamav versus clamavmodule.  If using
> clamavmodule, it's dropping, quarantining, warning, or whatever the
> actions may be.  If using clamav, it's not doing anything.  It says a
> the message is infected and then states 1 uninfected message was
> delivered.
>
> Bobby Rose
> Senior Systems Administrator
> MSIS Network Operations
> Wayne State University School of Medicine
>

Bobby

not specific to MS, also been seen with exim calling clamav without MS
anywhere....if you can trap the thing please submit it to
http://cgi.clamav.net/sendvirus.cgi


--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list