MailScanner, ClamAV, and Sanesecurity
Ryan Weaver
ryanw at falsehope.com
Fri Jul 27 15:11:30 IST 2007
Ryan Weaver Wrote on Monday, June 11, 2007 11:42 AM
> Chris Stone Wrote on Thursday, June 07, 2007 5:36 PM
> >
> > On Thu, 2007-06-07 at 12:17 -0500, Ryan Weaver wrote:
> > > I've started using the Sanesecurity signatures that have been
mentioned on
> > > the list. I also use Vispan for its reporting and blocking features.
> > >
> > > The problem I have run into is that in the maillog, when the
Sanesecurity
> > > signatures are matched the following is the output:
> > >
> > > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message
> > > l57H05nK007460.header came from
> > > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message
> > > l57H19sG007620.header came from
> >
> > Not picked up by MailWatch.pm and shown as viruses in MailWatch either.
> > I only note it though for the Email.Hdr.Sanesecurity* signatures - all
> > the rest report just fine, just not these - e.g.:
> >
> > Jun 7 16:32:49 smtp1 MailScanner[5919]:
/var/spool/MailScanner/incoming/5919/./l57MWISF012136.header:
Email.Hdr.Sanesecurity.07012400 FOUND
> > Jun 7 16:32:50 smtp1 MailScanner[5919]: Virus Scanning: ClamAV found 1
infections
> > Jun 7 16:32:51 smtp1 MailScanner[5919]: Infected message
l57MWISF012136.header came from
> > Jun 7 16:32:51 smtp1 MailScanner[5919]: Virus Scanning: Found 1 viruses
> > Jun 7 16:32:51 smtp1 MailScanner[5919]: Logging message l57MWISF012136
to SQL
> > Jun 7 16:32:51 smtp1 MailScanner[6700]: l57MWISF012136: Logged to
MailWatch SQL
> >
> > And even though MailWatch is logged as adding to SQL, when I look in the
> > database table, the message is not logged.......
>
> Anyone have any ideas about this ??
>
> Thanks,
> Ryan
Any movement on this front?
Thanks,
Ryan
More information about the MailScanner
mailing list