MailScanner delivering mail with virus?

Vincent Verhagen vincent at zijnemail.nl
Thu Sep 4 16:35:34 IST 2008 

Using:
MailScanner 4.71.10
F-Prot-6 (not the daemon)

For some reason, MailScanner has passed some emails that were 
virusinfected according to F-Prot.
See this excerpt from the log:

Sep  4 14:51:29 mail2 MailScanner[21344]: New Batch: Scanning 1 
messages, 31790 bytes
Sep  4 14:51:29 mail2 MailScanner[21344]: Spam Checks completed at 90432 
bytes per second
Sep  4 14:51:29 mail2 MailScanner[21344]: Virus and Content Scanning: 
Starting
Sep  4 14:51:33 mail2 MailScanner[21344]: [Found possible security risk] 
<W32/Heuristic-200!Eldorado (not disinfectable)> 
./43E59D98828.C43D0.message->Fees_2007-2008.zip->Fees_2007-2008.doc.exe
Sep  4 14:51:33 mail2 MailScanner[21344]: Virus Scanning: F-Prot6 found 
1 infections
Sep  4 14:51:33 mail2 MailScanner[21344]: Infected message 
43E59D98828.C43D0.message->Fees_2007-2008.zip->Fees_2007-2008.doc.exe 
came from
Sep  4 14:51:33 mail2 MailScanner[21344]: Virus Scanning: Found 1 viruses
Sep  4 14:51:33 mail2 MailScanner[21344]: Virus Scanning completed at 
9003 bytes per second
Sep  4 14:51:33 mail2 MailScanner[21344]: Requeue: 43E59D98828.C43D0 to 
5ADD8D98829
Sep  4 14:51:33 mail2 MailScanner[21344]: Uninfected: Delivered 1 messages
Sep  4 14:51:33 mail2 MailScanner[21344]: Batch completed at 8160 bytes 
per second (31790 / 3)
Sep  4 14:51:33 mail2 MailScanner[21344]: Batch (1 message) processed in 
3.90 seconds
Sep  4 14:51:33 mail2 MailScanner[21344]: Logging message 
43E59D98828.C43D0 to SQL
Sep  4 14:51:33 mail2 MailScanner[21344]: "Always Looked Up Last" took 
0.00 seconds

A few minutes later, it does so again:

Sep  4 14:53:31 mail2 MailScanner[21344]: New Batch: Scanning 1 
messages, 32024 bytes
Sep  4 14:53:31 mail2 MailScanner[21344]: Spam Checks: Found 1 spam messages
Sep  4 14:53:31 mail2 MailScanner[21344]: Spam Checks completed at 87136 
bytes per second
Sep  4 14:53:31 mail2 MailScanner[21344]: Virus and Content Scanning: 
Starting
Sep  4 14:53:35 mail2 MailScanner[21344]: [Found possible security risk] 
<W32/Heuristic-200!Eldorado (not disinfectable)> 
./9D0DFD98829.A3D54.message->Fees_2007-2008.zip->Fees_2007-2008.doc.exe
Sep  4 14:53:35 mail2 MailScanner[21344]: Virus Scanning: F-Prot6 found 
1 infections
Sep  4 14:53:35 mail2 MailScanner[21344]: Infected message 
9D0DFD98829.A3D54.message->Fees_2007-2008.zip->Fees_2007-2008.doc.exe 
came from
Sep  4 14:53:35 mail2 MailScanner[21344]: Virus Scanning: Found 1 viruses
Sep  4 14:53:35 mail2 MailScanner[21344]: Virus Scanning completed at 
8846 bytes per second
Sep  4 14:53:35 mail2 MailScanner[21344]: Requeue: 9D0DFD98829.A3D54 to 
DE875D98828
Sep  4 14:53:35 mail2 MailScanner[21344]: Uninfected: Delivered 1 messages
Sep  4 14:53:35 mail2 MailScanner[21344]: Batch completed at 8002 bytes 
per second (32024 / 4)
Sep  4 14:53:35 mail2 MailScanner[21344]: Batch (1 message) processed in 
4.00 seconds
Sep  4 14:53:35 mail2 MailScanner[21344]: Logging message 
9D0DFD98829.A3D54 to SQL
Sep  4 14:53:35 mail2 MailScanner[21344]: "Always Looked Up Last" took 
0.00 seconds

MailScanner is not configured to deliver viruses in any way and has 
never done so before.
Anyone have an idea what causes this?

Regards,
Vincent

More information about the MailScanner mailing list