Fwd: Store viruses only
Monis Monther
mmmm82 at gmail.com
Sun Nov 22 10:26:49 GMT 2009
> I have the clamavmodule and its working fine
How do you know this?
I knew because I see in the logs that it is catching stuff
Try sending an email through the machine with the EICAR attachment
(http://www.eicar.org/anti_virus_test_file.htm), and check:
I tried the test , thanks for the link
a) the mail system logs, to see whether MailScanner thinks it's detected a
virus
In the log , it found it and gave this
Virus and Content Scanning: Starting
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./A32B56E03A2.E8204/
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./A32B56E03A2.E8204/
eicar.com
....
.....
Requeue: A32B56E03A2.E8204 to E19D26E009C
....
....
Cleaned: Delivered 1 cleaned messages
b) the headers of the (presumably) received message, to see whether it tells
you that anti-virus scanning was performed (X-OrganisationName-
>
> Viruscheck)
>
> I only had these headers
X-MyDomain-MailScanner-ID: AA32E6E03B9.9919A
X-MyDomain-MailScanner: Found to be infected
X-MyDomain-MailScanner-SpamScore: ss
X-MyDomain-MailScanner-From: monis.monther at mediaintl.net
X-Spam-Status: No
X-RCPT-TO: <someone>
Status: U
X-UIDL: 548082981
So I conclude that it was not detected as spam but as infected , and I got
the notification attachment delivered saying call help desk... bal bla
But the attachment was not saved under quarantine, I want the attachments to
be saved.
> c) the output of /path/to/MailScanner --lint (to see whether it thinks the
> antivirus engine is correctly installed and available)
>
It showed that I have clamavmodule successfully installed
Conclusion: I was mistakes when I thought it was related to spam score, but
now I want the virus attachment to be stored in quarantine not deleted,
Thanks
On Thu, Nov 19, 2009 at 2:26 PM, Antony Stone <
Antony.Stone at mailscanner.open.source.it> wrote:
> On Thursday 19 November 2009, Monis Monther wrote:
>
> > I have the following
> >
> > Virus Scanning = yes
> > Virus Scanners = clamavmodule
> > Deliver Disinfected Files = no
> > Silent Viruses = HTML-IFrame All-Viruses
> > Still Deliver Silent Viruses = no
> >
> > I have the clamavmodule and its working fine
>
> How do you know this?
>
> > and when I set HighScore spam = store it started to quarantine virus that
> > get a high score spam and still delivers viruses that come with low spam
> > messages
>
> Are you saying that the quarantined messages (quarantined because they are
> detected as spam) still contain the virus attachments, or have these been
> cleaned?
>
> Try sending an email through the machine with the EICAR attachment
> (http://www.eicar.org/anti_virus_test_file.htm), and check:
>
> a) the mail system logs, to see whether MailScanner thinks it's detected a
> virus
>
> b) the headers of the (presumably) received message, to see whether it
> tells
> you that anti-virus scanning was performed (X-OrganisationName-Viruscheck)
>
> c) the output of /path/to/MailScanner --lint (to see whether it thinks the
> antivirus engine is correctly installed and available)
>
>
> Antony.
>
> --
> "Reports that say that something hasn't happened are always interesting to
> me,
> because as we know, there are known knowns; there are things we know we
> know.
> We also know there are known unknowns; that is to say we know there are
> some
> things we do not know. But there are also unknown unknowns - the ones we
> don't know we don't know."
>
> - Donald Rumsfeld, US Secretary of Defence
>
> Please reply to the
> list;
> please don't CC
> me.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091122/8712f517/attachment.html
More information about the MailScanner
mailing list