Problem with still deliver silent viruses

Josh Malone jmalone at
Mon Apr 5 22:24:50 IST 2010


It seems that as of MailScanner 4.79, still deliver silent viruses = yes
has changed and mailscanner now sends the message without stripping the
infected attachment if a virus scanner actually finds a virus. What I'm
seeing is that, for example, *.exe that doesn't contain a virus identified
by our scanner (sophos) is being stripped out, but if sophos finds a virus,
mailscanner goes through the motions, "quarantines" the file but then fails
to strip the actually infected exe out of the message. If I completely turn
off the virus scanning (Virus Scanning = no) then all exe files get removed
from messages and the stripped message is delivered to users like I want.

I have confirmed this behaviour on 2 systems, both RedHat Enterprise, one
5.4 and one 5.5.

I really hope not to get bogged down in why we use "still deliver silent
viruses = yes" but we have a 2-layer system and a latter part of our filter
sorts virus-laden mail out of inboxes. According to this thread:

it seems like there may have been a specific change responsible for this
new behaviour. Does anybody have any insight on that?



       Joshua Malone       Systems Administrator
     (jmalone at    NRAO Charlottesville
        434-249-5699 (mobile)
BOFH excuse #426:

internet is needed to catch the etherbunny

More information about the MailScanner mailing list