MailScanner, ClamAV, and Sanesecurity
Chris Stone
axisml at gmail.com
Thu Jun 7 23:35:40 IST 2007
On Thu, 2007-06-07 at 12:17 -0500, Ryan Weaver wrote:
> I've started using the Sanesecurity signatures that have been mentioned on
> the list. I also use Vispan for its reporting and blocking features.
>
> The problem I have run into is that in the maillog, when the Sanesecurity
> signatures are matched the following is the output:
>
> Jun 7 12:07:30 c01 MailScanner[7634]: Infected message
> l57H05nK007460.header came from
> Jun 7 12:07:30 c01 MailScanner[7634]: Infected message
> l57H19sG007620.header came from
Not picked up by MailWatch.pm and shown as viruses in MailWatch either.
I only note it though for the Email.Hdr.Sanesecurity* signatures - all
the rest report just fine, just not these - e.g.:
Jun 7 16:32:49 smtp1
MailScanner[5919]: /var/spool/MailScanner/incoming/5919/./l57MWISF012136.header: Email.Hdr.Sanesecurity.07012400 FOUND
Jun 7 16:32:50 smtp1 MailScanner[5919]: Virus Scanning: ClamAV found 1
infections
Jun 7 16:32:51 smtp1 MailScanner[5919]: Infected message
l57MWISF012136.header came from
Jun 7 16:32:51 smtp1 MailScanner[5919]: Virus Scanning: Found 1 viruses
Jun 7 16:32:51 smtp1 MailScanner[5919]: Logging message l57MWISF012136
to SQL
Jun 7 16:32:51 smtp1 MailScanner[6700]: l57MWISF012136: Logged to
MailWatch SQL
And even though MailWatch is logged as adding to SQL, when I look in the
database table, the message is not logged.......
Chris
More information about the MailScanner
mailing list