ClamAV response not interpreted
jens at huenerberg.net
Fri Jan 29 22:09:51 GMT 2010
I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0.
For the installation, I've used the install script for MailScanner and
the latest easy install package for ClamAV and SpamAssassin (which by
the way failed to build an RSA module but nevertheless completed
As I'm using CentOS 5.x, I skipped the installation of ClamAV from that
package and installed the RPM packages for version 0.95.3 from
instead. All this worked out fine.
In the end, MailScanner seemed to operate the way it should.
Headers are marked and Spam is classified. Great.
As I was unsure, whether ClamAV was working, I've sent an EICAR
signature in an email from a remote system to my new mail server.
I expected to get a reject or at least a warning. But no:
"X-myorg-MailScanner: Found to be clean"
No warnings, nothing. Surprise, surprise. In a next step, I've performed
some tests with ClamAV. And ClamAV always detects the virus signature.
Ok. So I adjusted the clamav-wrapper script:
$ClamScan $ExtraScanOptions $ScanOptions "$@"
#Log command and results
echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan
echo $retval >>/tmp/scanlog
What I found, was a virus positive return value (1):
Obviously, ClamAV had been asked to scan the email, found it to contain
a virus and reported this back to MailScanner. But MailScanner did not
complain in any way.
Have I missed some special option to let MailScanner do something with a
positive answer? Or am I completely misled and wrong?
Any hint or help is very much appreciated ...
Thanks and kind regards
More information about the MailScanner