Whitelisting doesn't appear to work

Tony Stocker akostocker at gmail.com
Tue Aug 15 23:04:06 IST 2006 

Hello All,

I've set some entries in /etc/MailScanner/rules/spam.whitelist.rules
because I have had several messages marked as spam that were actually
the MailScanner "Virus Detected" messages.  I'm modifying the
addresses slightly to protect myself, but let's say that my
mailserver's address is "197.100.235.132", this then is the entry that
I have in the spam.whitelist.rules file:

From:           197.100.235.    yes

However, I am still getting "Virus Detected" messages marked as spam,
(see slightly munged example below) even with this entry.  What am I
doing wrong?

--------------------------------------------------------------------------------------------------------------------------
Return-Path: <postmaster at pps-mail.example.com>
X-Original-To: postmaster
Delivered-To: tony.stocker at pps-mail.example.com
Received: by pps-mail.example.com (Postfix, from userid 89)
    id 82E008EA9A; Tue, 15 Aug 2006 17:49:21 -0400 (EDT)
From: "MailScanner" <postmaster at pps-mail.example.com>
To: postmaster at pps-mail.example.com
Subject: { SPAM } Virus Detected
Content-type: text/plain; charset=ISO-8859-1
Message-Id: <20060815214921.82E008EA9A at pps-mail.example.com>
Date: Tue, 15 Aug 2006 17:49:21 -0400 (EDT)
MIME-Version: 1.0
X-PPS-MailScanner-Information: Please contact the ISP for more information
X-PPS-MailScanner: Found to be clean
X-PPS-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=3.723,
    required 3, BAYES_50 0.00, INFO_TLD 1.27, NO_RELAYS -0.00,
    SPOOF_COM2COM 2.45)
X-PPS-MailScanner-SpamScore: sss
X-PPS-MailScanner-From: postmaster at pps-mail.example.com
X-Spam-Status: Yes

The following e-mails were found to have: Virus Detected

    Sender: supprefnum48150724253494id at 53.com
IP Address: 197.100.235.38
 Recipient: john.smithson at pps-mail.example.com
   Subject: Important Banking Mail From Fifth Third Bank
 MessageID: 86EEE8EA30.069FE
Quarantine:
    Report: ClamAV Module: msg-30327-71.html was infected:
HTML.Phishing.Bank-627

--------------------------------------------------------------------------------------------------------------------------

More information about the MailScanner mailing list