R: Re: Infected message Requeued

topper at libero.it topper at libero.it
Thu Jul 10 11:19:30 IST 2008 

Yes of course I've installed MailScanner 4.70.7 with no progession.

But I've found that all messages (and not only Sanesecurity's one) are 
delivered also if marked as Infected. The only difference is that I can't see 
them in the quarantine directory. So actually it seems that MailScanner is only 
reporting Infected messages but requeue all them and I can't understand why.

>----Messaggio originale----
>Da: list-mailscanner at linguaphone.com
>Data: 10/07/2008 11.42
>A: "MailScanner discussion"<mailscanner at lists.mailscanner.info>
>Ogg: Re: Infected message Requeued
>
>Dont use the debian stable version of Mailscanner it is not kept up to
>date and version 4.55 is very old and may not work with with some latter
>postfix and perl module versions.
>
>On Thu, 2008-07-10 at 10:28, topper at libero.it wrote:
>> Hello,
>> 
>> I have a trouble using SaneSecurity signature for Phishing and Scam.
>> 
>> My installation is Debian Etch with:
>> 
>> Postfix 2.3.8-2+b1
>> Clamav 0.93.1.dfsg-volatile1
>> MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-
4.70.7-
>> 1 from tar.gz.
>> 
>> This is the trouble:
>> 
>> Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.
x.
>> x]
>> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header 
>> Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) 
with 
>> ESMTP id 478BC4C245??for <com at xx.it>; Thu, 10 Jul 2008 11:22:39 +0200 
(CEST) 
>> from unknown[x.x.x.x]; from=<Dunning-updm at FA-WHV.NIEDERSACHSEN.DE> 
to=<com at xx.
>> it> proto=ESMTP helo=<x.x.x.x]>
>> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-
id=<21CD3BE3.
>> 51%Dunning-updm at FA-WHV.NIEDERSACHSEN.DE>
>> Jul 10 11:23:36 mx1 MailScanner[22482]: 
>> /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.
Spam.
>> Gen2986.Sanesecurity.08041408 FOUND
>> Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.
36DF1.
>> message came from
>> Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to 
>> C207D4C264
>> 
>> As you can see the message is recognized as infected, but MailScanner 
Requeue 
>> the message. This occur only when is recognized infected with the 
Sanesecurity 
>> signature. When the message in recognized infected by a virus it is 
quarantined 
>> and not delivered as expected.
>> 
>> The same thing occurs with del default package of MailScanner in Debian 
>> Stable and with the latest stable versione fro tar.gz.

More information about the MailScanner mailing list