Question about Spam and Virus Checks.

Michael H. Martel martelm at QUARK.VSC.EDU
Tue Jan 3 15:49:28 GMT 2006 

Greetings!

I've got a question about how MailScanner handles Spam Scoring and Anti 
Virus Checks. We're running MailScanner 4.48.4 on RedHat Linux 7.3 
(MailScanner -v output below).

I believe that Spam checks are done before the Anti virus checks yes ?

I've got the folowing settings.

	Required SpamAssassin Score = 5
	High SpamAssassin Score = 10

I've got my Spam Actions" set to:

	Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules

Where the spam.action.rules file contains :

	To:     default         store deliver

I've also set "High Scoring Spam Actions" :

	High Scoring Spam Actions = 
/opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules

Where the high.scoring.spam.actions.rules file contains :

	To:    default                  store


For completeness, I have "Non Spam Actions" set to :

	Non Spam Actions = deliver


I've been seeing messages come in that are a virus, with an infected file, 
but they are tagged as high scoring spam (>10) .  So it looks like 
MailScanner never scans them for viruses because they're stored.  Is that 
how it's supposed to work ?

Messages that score between 5 and 10, are identified as Spam and hgaving a 
virus (if in fact they have a virus).


Thanks for any thoughts!


[root at hemlock /]# /opt/MailScanner/bin/MailScanner -v
Running on
Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 
i686 unknown
This is Red Hat Linux release 7.3 (Valhalla)
This is Perl version 5.008006 (5.8.6)

This is MailScanner version 4.48.4
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.16    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.811   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
0.44    Inline
missing Mail::ClamAV
3.001000        Mail::SpamAssassin
1.997   Mail::SPF::Query
0.15    Net::CIDR::Lite
0.48    Net::DNS
0.32    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
1.2     Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.35    URI



Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel at vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list