Logwatch being marked as virus
MailScanner at ecs.soton.ac.uk
Mon Aug 17 21:11:13 IST 2009
On 17/08/2009 19:52, Jim Wirtz wrote:
> Thanks Gleen....
> That fixed it!.. took a couple trys before I realized this was where I
> wanted NO as the final option.
> That No I didn't want it scanned, but yes to the default action.
> FromOrTo: root at thismachine.com no
> From0rTo: reports at anothermachine.com no
> FromOrTo: default yes
Doing it by email address it dangerous. If some attacker sends you mail
with the envelope sender address set as root at thismachine.com then it
won't get scanned, regardless of where it came from.
A sender can set the sender address to anything they like, it has no
effect on the delivery of the message.
So don't do this, do it by IP address, such as
From: 127.0.0.1 no
so you don't scan mail originating from the localhost itself.
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of dnsadmin
> Sent: Monday, August 17, 2009 1:03 PM
> To: MailScanner discussion
> Subject: RE: Logwatch being marked as virus
> At 01:54 PM 8/17/2009, you wrote:
>> The logwatch reports are coming from the localhost (same machine) and 3
>> other machines.
>> MailScanner is not allowing them to send the logwatch report, just marks it
>> as a virus.
>> FromOrTo: root at thismachine.com yes
>> From0rTo: reports at anothermachine.com yes
>> FromOrTo: default no
>> I'm generating the logwatch report on "thismachine.com" and attempting
>> To send to " reports at anothermachine.com".
>> I have clamav as the virus program. The virus it is finding is part of the
>> phising report info.
> You are using the spam.whitelist rules, which are behaving themselves
> just fine. Use the virus scanning rules to whitelist. I had the same
> problem. Fixed!
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner