MailScanner And Mailwatch no Virus detected ?
glenn.steen at gmail.com
Thu Feb 9 09:34:48 GMT 2006
On 09/02/06, Dhawal Doshy <dhawal at netmagicsolutions.com> wrote:
> Glenn Steen writes:
> > On 09/02/06, sysadm <jorgen at giversen.net> wrote:
> >> Ishukor skrev:
> >> > Hi,
> >> >
> >> > I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and
> >> > Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses
> >> > was detected by mailwatch, I noticed that previously virus was mark
> >> > spam+virus but now just spam thats its why no viruses log appeared on
> >> > mailwatch is it a new feature? I really need the virus to be logged so
> >> > I can view the report.
> >> >
> >> > Thanks N Brgds.
> >> I have the exact same problem using RHEL4 exim 4.43, MailScanner
> >> 4.50.15-1 Mailwatch 1.03
> >> Regards Jørgen Giversen
> > Have you checked the setting of "Keep Spam And MCP Archive Clean" in
> > /etc/MailScanner/MailScanner.conf?
> > I presume that if you run (manually) an AV-scanner on the spam
> > quarantine, you get some virus hits? If the above is set to no, and
> > the quarantined messages aren't delivered anywhere (by a deliver of
> > forward Action), MailScanner will just keep them as spam...
> > And you have another situation, where "timing" might be responsible
> > for viruses residing in the spam quarantine... (A message is scanned
> > for viruses/spam, found to be spam and thus quarantined.... and later
> > an AV update pops in a new signature for the virus it contains, so a
> > subsequent scan of the spam quarantine will then detect the virus the
> > message actually contains....).
> > Cheers,
> i think that they are getting detected but not displayed in Mailwatch due to
> the new Virus Scanners = Auto setting.. looks like you'll need to redefine
> the Virus Regex in Mailwatch
> - dhawal
True. Another thing would eb to be explicit about the AVs used in
MailScanner.conf ... Until Steve finds the time to implement a similar
"auto-detect" thing. But I guess that'll have to wait untill version
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner