MailScanner, ClamAV, and Sanesecurity

Ryan Weaver ryanw at falsehope.com
Mon Jun 11 17:41:51 IST 2007


Chris Stone Wrote on Thursday, June 07, 2007 5:36 PM
> 
> On Thu, 2007-06-07 at 12:17 -0500, Ryan Weaver wrote:
> > I've started using the Sanesecurity signatures that have been mentioned
on
> > the list. I also use Vispan for its reporting and blocking features.
> > 
> > The problem I have run into is that in the maillog, when the
Sanesecurity
> > signatures are matched the following is the output:
> > 
> > Jun  7 12:07:30 c01 MailScanner[7634]: Infected message
> > l57H05nK007460.header came from  
> > Jun  7 12:07:30 c01 MailScanner[7634]: Infected message
> > l57H19sG007620.header came from  
> 
> Not picked up by MailWatch.pm and shown as viruses in MailWatch either.
> I only note it though for the Email.Hdr.Sanesecurity* signatures - all
> the rest report just fine, just not these - e.g.:
> 
> Jun  7 16:32:49 smtp1 MailScanner[5919]:
/var/spool/MailScanner/incoming/5919/./l57MWISF012136.header:
Email.Hdr.Sanesecurity.07012400 FOUND
> Jun  7 16:32:50 smtp1 MailScanner[5919]: Virus Scanning: ClamAV found 1
infections
> Jun  7 16:32:51 smtp1 MailScanner[5919]: Infected message
l57MWISF012136.header came from
> Jun  7 16:32:51 smtp1 MailScanner[5919]: Virus Scanning: Found 1 viruses
> Jun  7 16:32:51 smtp1 MailScanner[5919]: Logging message l57MWISF012136 to
SQL
> Jun  7 16:32:51 smtp1 MailScanner[6700]: l57MWISF012136: Logged to
MailWatch SQL
> 
> And even though MailWatch is logged as adding to SQL, when I look in the
> database table, the message is not logged.......

Anyone have any ideas about this ??

Thanks,
Ryan



More information about the MailScanner mailing list