ClamAV and MailScanner Bug
Rose, Bobby
brose at MED.WAYNE.EDU
Thu May 5 14:58:12 IST 2005
Confused by that
My Incoming Work Dir = /var/spool/MailScanner/incoming
Why would that have an effect if all I do is change the virus scanner
from clamav to clamavmodule to get it to work?
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Thursday, May 05, 2005 9:35 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ClamAV and MailScanner Bug
What is your Incoming Work Directory set to?
Is it set to /export/home/root/a
If not, then it should be.
On 5 May 2005, at 14:08, Rose, Bobby wrote:
> The issue is not with "detection" nor is it with Sober.P or any
> particular virus. As I keep saying my testing is using EICAR. The
> virus is being detected my clamav and logged by MailScanner but when
> the virus scanners=clamav, MailScanner is just logging that a virus
> was detected and then turns around and delivers it as an uninfected
> messages. If all I change in MailScanner.conf is the the scanner to
> clamavmodule, the MailScanner works properly.
>
> People are associating my report with their own issues with Sober.P
> and
> is diluting my report. Check the archives of my first message on
> this
> thread, it has the log excerpts. Also, I'm not down because of this
> because all I'm doing now is using clamavmodule instead of clamav as
> the virusscanner, but I'm just reporting the problem and my findings.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Thursday, May 05, 2005 8:48 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: ClamAV and MailScanner Bug
>
> Rose, Bobby wrote:
>
>> When I posted this issue others jumped on the thread about zip files
>> and have taken this into another direction involving sober.p. The
>> issue that I was reporting was with "Virus Scanners = clamav" and it
>> didn't matter what the virus was. My tests was using eicar.doc which
>> was eicar.com just renamed to avoid filename checks. I included log
>> excerpts in my original message when using "Virus Scanners = clamav"
>>
> and
>
>> when "Virus Scanners = clamavmodule". If I use "Virus Scanners =
>> clamavmodule", then everything works both detection and action. If I
>> use "Virus Scanners = clamav" then the only thing that works is
>> detection. It's not clamav since the virus is being detected and
>> MailScannner is logging the detection. But it's what MailScanner is
>> doing after detection when using clamav versus clamavmodule. If
>> using
>>
>
>
>> clamavmodule, it's dropping, quarantining, warning, or whatever the
>> actions may be. If using clamav, it's not doing anything. It says a
>> the message is infected and then states 1 uninfected message was
>> delivered.
>>
>> Bobby Rose
>> Senior Systems Administrator
>> MSIS Network Operations
>> Wayne State University School of Medicine
>>
>>
>
> Bobby
>
> not specific to MS, also been seen with exim calling clamav without MS
> anywhere....if you can trap the thing please submit it to
> http://cgi.clamav.net/sendvirus.cgi
>
>
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic Ltd
> tel: +44 (0)1865 842300
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store PGP footprint:
EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list