Infected messages requeued - clamav, postfix, v4.70.7
David Greenstein
dgreenstein at stillsecure.com
Fri Jul 11 20:36:23 IST 2008
I've seen a bunch of similar posts
but no resolution to my problem. Simply,
clamav detects a virus/worm and MailScanner
simply requeues the message. I have
all MailScanner.conf "Quarantine*"
variables set to yes and "Deliver*" set to
no. It appears to me that there is a
coding error, but I'm no perl expert.
Here is the log:
Jul 11 14:19:52 utm MailScanner[17527]: New Batch:
Scanning 1 messages, 2178 bytes
Jul 11 14:19:54 utm MailScanner[17527]: Virus and
Content Scanning: Starting
Jul 11 14:20:01 utm MailScanner[17527]:
/var/spool/MailScanner/incoming/17527/./5DF2686B12.AEF01.message:
Eicar-Test-Signature FOUND
Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning:
ClamAV found 1 infections
Jul 11 14:20:01 utm MailScanner[17527]: Infected message
5DF2686B12.AEF01.message came from
Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: Found 1 viruses
Jul 11 14:20:01 utm MailScanner[17527]:
MESSAGE virusinfected: 0, 5DF2686B12.AEF01
Jul 11 14:20:02 utm MailScanner[17527]:
Requeue: 5DF2686B12.AEF01 to 63BCA86B16
Jul 11 14:20:02 utm MailScanner[17527]: Uninfected: Delivered 1 messages
I've tried this with a real virus rather
than eicar as well with the same
result. I added the log message
"MESSAGE virusinfected: 0". From what I can
MessageBatch.pm only quarantines
messages that have the virusinfected flag set
to 1. This is set only in SweepViruses.pm.
SweepViruses.pm modifies a local copy
of the Message object though and by the
time control returns to MessageBatch.pm
the original Message object is used
which has the virusinfected flag set to 0.
Like I said, I'm no perl expert and perhaps
I'm missing something. Has anyone
else experienced this problem?
I hope I am missing something!
Thanks in advance,
Dave
More information about the MailScanner
mailing list