MailScanner & SA results

Jules Field MailScanner at ecs.soton.ac.uk
Sat Jan 16 14:20:13 GMT 2010 


On 15/01/2010 21:53, Dudi Goldenberg wrote:
>
> Hello list,
>
> I have MS v4.78.17 installed on a BlueQuartz server.
>
> Also installed are ClamAV 0.95.3 and SA 3.2.5.
>
> I have MailScanner set to "Virus Scanners = none" and I have SA setup 
> with the ClamAV scoring plugin.
>
> What happens is that the SA milter detects fine:
>
> Jan 15 21:52:44 puppy spamd[32447]: spamd: identified spam (12.4/5.0) 
> for dudi:502 in 4.6 seconds, 336 bytes.
>
> Jan 15 21:52:44 puppy spamd[32447]: spamd: result: Y 12 - 
> CLAMAV,CLAMAV_VIRUS,MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUBJE
>
> CT,RCVD_IN_SORBS_WEB,SPF_PASS,TVD_SPACE_RATIO 
> scantime=4.6,size=336,user=dudi,uid=502,required_score=5.0,rhost=localhost,raddr=127.0
>
> .0.1,rport=36275,mid=(unknown),autolearn=failed
>
> But MailScanner fails to see all the test results, from MailWatch:
>
> -0.79   AWL                                       From: address is in 
> the auto white-list
>
> 1.58    MISSING_HEADERS          Missing To: header
>
> 1.28    MISSING_SUBJECT            Missing Subject: header
>
> 1.12    RCVD_IN_SORBS_WEBSORBS:            sender is a abuseable web 
> server
>
> 2.90    TVD_SPACE_RATIO
>
> I'd expect the results to be close, if not identical, which is not the 
> case.
>
> Another issue I see is that although I have "Virus Scanners = none" in 
> MS conf, log shows that MS is still running its ClamAV update  which 
> IMHO it should not.
>
MailScanner will update *all* the virus scanners it finds installed, 
regardless of whether they are currently in use or not. Otherwise if you 
changed your configured virus scanners, for the first entire hour they 
would be utterly useless as they would be out of date, and that would be 
a disaster!

So it's "behaviour by design" as M$ put it. :-)

Jules.
>
> Pointers appreciated.
>
> Dudi Goldenberg
> CTO
> Kolcore Ltd.
> Registered Linux user #79506
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list