Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.

Alex Broens ms-list at alexb.ch
Thu Sep 4 11:26:56 IST 2008


On 9/4/2008 11:33 AM, Julian Field wrote:
> 
> 
> Alex Broens wrote:
>> Good day All,
>>
>> Mailscanner Version 4.71.10-1 / ClamAV 0.94 using ClamD
>>
>>
>> MailScanner --lint:
>>
>> Virus and Content Scanning: Starting
>> ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/
>> ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>> Virus Scanning: Clamd found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>> Filename Checks:  (1 eicar.com)
>>
>> Doesn't seem right/elegant to me.
>>
>> It causes Mailwatch 1.x to report:
>>
>> Clamd: message was infected: Trojan.Fakealert-532 FOUND
>> Clamd: Late.Night.rar was infected: Trojan.Fakealert-532
>>
>>
>> Can anybody reproduce running "MailScanner --lint"
>>
>> Jules?
> The "./1/" line is caused by "ClamAV Full Message Scan = yes".
> I believe it is the correct output.
> Can anyone contradict me?

If that would be the case, is the logging is slightly borked?
imo, only the infected file is relevant.

Alex



More information about the MailScanner mailing list