Sophos & ClamAV + Sanesecurity
Kai Schaetzl
maillists at conactive.com
Tue Jan 12 00:38:03 GMT 2010
Mike Wallace wrote on Mon, 11 Jan 2010 17:03:04 -0500:
> In older versions, it would scan the message for viruses with clamav
No. It would first spamscan and then viruscan the message. If it was found to be
spam and the action was to quarantine it, no further viruscan would happen at this
stage. Now it's the other way around.
> and if it's infected, remove the virus and insert the warning message
did it? Not by default I think. Default for viruses was/is to put the message in
quarantine. Full stop. There's no point in "disinfecting" virus laden messages,
because there are *no* messages that contain a virus *and* a legitimate message at the
same time.
> and then spam score it. Then based on the score either deliver it
> to the recipient or forward it to a specific mailbox for review. Now
> if clamav finds a virus, MailScanner just marks it as {Virus} and
> delivers it.
That's because you misconfigured your MS. Again, there is no point in delivering a
message with a virus, with the virus removed or not.
>
> It also seems that {Disarmed} and {Fraud} don't work the same. I see
> messages marked with {Disarmed}, but in the body I see "MailScanner
> has detected a possible fraud attempt from". So did it disarm a WebBug,
> is it phishing or is it both? In older versions the only time I saw
> {Disarmed} was when a WebBug was replaced with http://www.mailscanner.tv/1x1spacer.gif
> (which is still true).
Disarmed also removes objectionable HTML tags etc. That's why it is called
"disarmed". It has nothing to do with fraud or phishing, it can be a legitimate
mail.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list