Question about Spam and Virus Checks.

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 3 16:04:17 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----

The Spam archive is not kept clean of viruses unless you specify
Keep Spam And MCP Archive Clean = yes

Otherwise the version that is archived in the quarantine is an exact  
copy of the original message.

On 3 Jan 2006, at 15:49, Michael H. Martel wrote:

> Greetings!
>
> I've got a question about how MailScanner handles Spam Scoring and  
> Anti Virus Checks. We're running MailScanner 4.48.4 on RedHat Linux  
> 7.3 (MailScanner -v output below).
>
> I believe that Spam checks are done before the Anti virus checks yes ?
>
> I've got the folowing settings.
>
> 	Required SpamAssassin Score = 5
> 	High SpamAssassin Score = 10
>
> I've got my Spam Actions" set to:
>
> 	Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules
>
> Where the spam.action.rules file contains :
>
> 	To:     default         store deliver
>
> I've also set "High Scoring Spam Actions" :
>
> 	High Scoring Spam Actions = /opt/VSC-MailScanner/rules/ 
> high.scoring.spam.actions.rules
>
> Where the high.scoring.spam.actions.rules file contains :
>
> 	To:    default                  store
>
>
> For completeness, I have "Non Spam Actions" set to :
>
> 	Non Spam Actions = deliver
>
>
> I've been seeing messages come in that are a virus, with an  
> infected file, but they are tagged as high scoring spam (>10) .  So  
> it looks like MailScanner never scans them for viruses because  
> they're stored.  Is that how it's supposed to work ?
>
> Messages that score between 5 and 10, are identified as Spam and  
> hgaving a virus (if in fact they have a virus).
>
>
> Thanks for any thoughts!
>
>
> [root at hemlock /]# /opt/MailScanner/bin/MailScanner -v
> Running on
> Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST  
> 2003 i686 unknown
> This is Red Hat Linux release 7.3 (Valhalla)
> This is Perl version 5.008006 (5.8.6)
>
> This is MailScanner version 4.48.4
> Module versions are:
> 1.00    AnyDBM_File
> 1.14    Archive::Zip
> 1.03    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.73    File::Basename
> 2.08    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.16    File::Temp
> 1.29    HTML::Entities
> 3.45    HTML::Parser
> 2.30    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.123   IO::Pipe
> 1.50    Mail::Header
> 3.05    MIME::Base64
> 5.417   MIME::Decoder
> 5.417   MIME::Decoder::UU
> 5.417   MIME::Head
> 5.417   MIME::Parser
> 3.03    MIME::QuotedPrint
> 5.417   MIME::Tools
> 0.10    Net::CIDR
> 1.08    POSIX
> 1.77    Socket
> 0.05    Sys::Syslog
> 1.02    Time::localtime
>
> Optional module versions are:
> 0.17    Convert::TNEF
> 1.811   DB_File
> 1.08    Digest
> 1.01    Digest::HMAC
> 2.33    Digest::MD5
> 2.10    Digest::SHA1
> 0.44    Inline
> missing Mail::ClamAV
> 3.001000        Mail::SpamAssassin
> 1.997   Mail::SPF::Query
> 0.15    Net::CIDR::Lite
> 0.48    Net::DNS
> 0.32    Net::LDAP
> 1.94    Parse::RecDescent
> missing SAVI
> 1.2     Sys::Hostname::Long
> 2.42    Test::Harness
> 0.47    Test::Simple
> 1.95    Text::Balanced
> 1.35    URI
>
>
>
> Michael
>
> --
>
>  --------------------------------o---------------------------------
>   Michael H. Martel              | Systems Administrator
>   michael.martel at vsc.edu         | Vermont State Colleges
>   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ7qgg/w32o+k+q+hAQFTCwf8C/ET2bC640yF2sFMMOPjZixBfXT/IJRV
6w6pYu1bA22pqu4UShV1aWBZVQM6n+bNHhDzG9vXacFcHwopCfVsN7G6Z3F62Pi2
wz3ZcnABrIBsj/tyukIWPL+0I1ekZ5Ms6sKID2SJitBLNBb9EtvxgHcXK7PTzUPg
oNj/5/KR5TKVuYW7CVa1cP4KRCpm9B/34jZHCcg58fPioulCmL4AlP5HRoH+9kv8
u7KvcesW4JWCM15Jn4CIpVmi8syXpguZzbL3FoflquNYU6clh+Y/dO/VHycTMV3C
5UHIEcOns8+fiG18GX4jaU2CozU8MI1FPT6hMVUS8vMQxjYQWtarvA==
=Hntk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list