virus detection reporting wrong scanner

Paul Hutchings paul.hutchings at
Sun Aug 31 11:16:47 IST 2008

I'm using clamd, avg and vba32.

In maillog, I see the following:

Aug 31 02:11:56 relay MailScanner[22637]: Virus Scanning: vba32 found 1
Aug 31 02:11:56 relay MailScanner[22637]: Infected message
C5B321FC55.019F5 came from
Aug 31 02:11:56 relay MailScanner[22637]: Virus Scanning: Found 1
Aug 31 02:11:56 relay MailScanner[22637]: Virus Scanning completed at
1731 bytes per second

In the report I see this:

The following e-mails were found to have: Virus Detected

    Sender: at
IP Address:
 Recipient: someone at
   Subject: Security Message - Important System Notification.
 MessageID: C5B321FC55.019F5
    Report: Clamd: msg-22637-48.html was infected:

Any suggestions?  I know last week I had to modify one of the
MailScanner files to deal with the way that vba32 output changed since
the last MailScanner release.

Lint output:

Trying to setlogsock(unix)
Read 850 hostnames from the phishing whitelist
Read 5262 hostnames from the phishing blacklist
Checking version numbers...
Version number in MailScanner.conf (4.70.7) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
SpamAssassin temp dir =
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
I have found clamd avg vba32 scanners installed, and will use them all
by default.
Using locktype = posix
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd, vba32, avg
Virus and Content Scanning: Starting
ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/
Virus Scanning: Clamd found 1 infections
Avg: Virus identified EICAR_Test in
Virus Scanning: Avg found 1 infections
/var/spool/MailScanner/incoming/23308/1/ : infected
Virus Scanning: vba32 found 1 infections
Infected message 1 came from
Virus Scanning: Found 1 viruses
Virus Scanner test reports:
Clamd said " was infected: Eicar-Test-Signature"
Avg said "Found virus EICAR_Test in file"
vba32 said "Found virus EICAR-Test-File in"

If any of your virus scanners (clamd,vba32,avg)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its



Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

More information about the MailScanner mailing list