Virus scanning disabled, but MailScanner still runs clamscan. Why?

Carles Xavier Munyoz Baldó carles at unlimitedmail.org
Thu Oct 26 09:02:26 IST 2006 

Hi,
I have MailScanner 4.56.8-1 installed on my e-mail server.
The Linux distribution installed on the server is Fedora Core 4.

I have enabled the virus scanning only for some of my domains. 
For this I have setup a filename of a ruleset:
Virus Scanning = %rules-dir%/virus_scanning.rules
with a content like this:
To:             *@domain1.com                yes
To:             *@domain2.com             yes
FromOrTo:       default                 no
in order to make the virus scanning only available for the e-mails messages 
destinated to mailboxes under domains domain1.com and domain2.com.

The only virus scanning package is ClamAV:
Virus Scanners = clamav

Recently I have disabled the virus scanning for all my domains, leaving the 
ruleset file content this way:
# To:             *@domain1.com                yes
# To:             *@domain2.com             yes
FromOrTo:       default                 no

I have verified that no more virus scanning is made for any of my domains 
sending e-mail messages with virus infected files to several mailboxes of 
diferent domains.

The problem is that MailScanner is still running the clamscan command.
I have seen that, periodically, every 4-5 minutes, MailScanner runs several 
instances of the clamscan process consuming the 100% of my server CPU during 
1-2 minutes.
You can see it in this sample output of the pstree command:
[...]
init,1
  ├─MailScanner,14803
  │   ├─MailScanner,14804
  │   │   └─MailScanner,16357
  │   ├─MailScanner,14941
  │   │   
└─clamav-wrapper,16381 /usr/lib/MailScanner/clamav-wrapper /usr/local -r 
--disable-summary --stdout ...
  │   │       └─clamscan,16387 --unzip --jar --tar --tgz --deb --max-ratio=500 
--tempdir=/tmp/clamav.16381 -r --disable-summary ...
  │   ├─MailScanner,15127
  │   │   └─MailScanner,16394
  │   │       └─pyzor,16400 /usr/bin/pyzor check
  │   ├─MailScanner,15218
  │   │   
└─clamav-wrapper,16405 /usr/lib/MailScanner/clamav-wrapper /usr/local -r 
--disable-summary --stdout ...
  │   │       └─clamscan,16409 --unzip --jar --tar --tgz --deb --max-ratio=500 
--tempdir=/tmp/clamav.16405 -r --disable-summary ...
[...]

If I have disabled virus scanning for all my domains and verified that no 
virus scanning is made for any mailbox, then why is MailScanner running this 
CPU consuming clamscan processes?
How can I know the sender and recipient of the e-mail message that MailScanner 
is analyzing in search of virus infection?
How can I get more information about for what is running MailScanner the 
clamscan processes?

Thank you very much for your time and your help.
Greetings.
---
Carles Xavier Munyoz Baldó
cmunyoz at unlimitedmail.net
http://www.unlimitedmail.net/
---

More information about the MailScanner mailing list