ClamAV only scanning message headers
mailscanner_list at phisch.ca
Tue Sep 29 21:23:36 IST 2009
Greetings, MailScanner community,
I have been using MailScanner with Postfix and ClamAV for several years
now and it has been an extremely effective system for combating spam and
malware for my users. I have just refreshed our system to bring the
relevant software up to a reasonable rev as well as putting it on much
more capable hardware.
Everything seems to be working with the exception of my virus scanning.
Here’s the situation:
My ‘Incoming Work Dir’ is set to /tmp (as it’s in RAM rather than on
disk for speed). As mail comes in, I can see that a MailScanner child
creates a subdirectory of /tmp with its PID, and then calls the ClamAV
wrapper to scan that directory. My expectation is that MailScanner
decodes all MIME parts and decodes Base64 for the AV engine to troll and
will leave them in that temporary directory.
The problem is that the only file being written out into those
directories is the message header – no other MIME parts (or even a
plain-text part, for that matter) ever make it into the directory. As a
result, ClamAV is unable to detect infections because it will never see
I have confirmed that ClamAV is able to detect viruses (by using an
EICAR test file) when run from the command line and/or the MailScanner
wrapper script, and that Clam is only being “fed” files like
Is there something that I’m missing in my install? Do I have a
fundamental misunderstanding of how MailScanner interacts with ClamAV
via the wrapper? I have tried running MailScanner in debug mode, but
there’s really no useful information in there.
Any guidance would be very much appreciated!
SunOS ***** 5.10 Generic_141414-08 sun4v sparc SUNW,SPARC-Enterprise-T5220
This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.56.8
Module versions are:
Optional module versions are:
More information about the MailScanner