MailScanner delivering mail with virus? - Addition

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 4 17:05:07 IST 2008


Please try this patch for SweepViruses.pm (in 
/usr/lib/MailScanner/MailScanner)

--- SweepViruses.pm.old    2008-09-04 10:10:36.000000000 +0100
+++ SweepViruses.pm    2008-09-04 17:03:03.000000000 +0100
@@ -1506,7 +1506,7 @@
     return 0;
   } else {
     # Must be an infection reports
-    MailScanner::Log::InfoLog("%s::%s", 'ClamAVModule', $logout);
+    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
 
     ($dot, $id, $part, @rest) = split(/\//, $filename);
     $report = $Name . ': ' if $Name;


Vincent Verhagen wrote:
> It seems that there is more wrong here.
> When Clamd detects an infection, MailScanner reports that both 
> ClamAVModule and F-Prot have found it... See below:
>
> Sep  4 17:39:20 mail2 MailScanner[26594]: New Batch: Scanning 1 
> messages, 3526 bytes
> Sep  4 17:39:20 mail2 MailScanner[26594]: Expired 1 records from the 
> SpamAssassin cache
> Sep  4 17:39:20 mail2 MailScanner[26594]: Spam Checks: Found 1 spam 
> messages
> Sep  4 17:39:20 mail2 MailScanner[26594]: Spam Checks completed at 
> 5695 bytes per second
> Sep  4 17:39:20 mail2 MailScanner[26594]: Virus and Content Scanning: 
> Starting
> Sep  4 17:39:22 mail2 MailScanner[26594]: ClamAVModule::INFECTED:: 
> Email.Spam.Gen1986.Sanesecurity.07113001 FOUND :: ./2B620D98826.EF262/
> Sep  4 17:39:22 mail2 MailScanner[26594]: Virus Scanning: Clamd found 
> 1 infections
> Sep  4 17:39:24 mail2 MailScanner[26594]: Virus Scanning: F-Prot6 
> found 1 infections
> Sep  4 17:39:24 mail2 MailScanner[26594]: Infected message 
> 2B620D98826.EF262 came from 117.64.193.63
> Sep  4 17:39:24 mail2 MailScanner[26594]: Virus Scanning: Found 1 viruses
> Sep  4 17:39:24 mail2 MailScanner[26594]: Virus Scanning completed at 
> 1029 bytes per second
> Sep  4 17:39:24 mail2 MailScanner[26594]: Saved entire message to 
> /var/spool/MailScanner/quarantine/20080904/2B620D98826.EF262
> Sep  4 17:39:24 mail2 MailScanner[26594]: Batch completed at 870 bytes 
> per second (3526 / 4)
> Sep  4 17:39:24 mail2 MailScanner[26594]: Batch (1 message) processed 
> in 4.05 seconds
> Sep  4 17:39:24 mail2 MailScanner[26594]: Logging message 
> 2B620D98826.EF262 to SQL
> Sep  4 17:39:24 mail2 MailScanner[26594]: "Always Looked Up Last" took 
> 0.00 seconds
> Sep  4 17:39:24 mail2 MailScanner[26728]: 2B620D98826.EF262: Logged to 
> MailWatch SQL
>
> More info will follow as needed.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list