ClamAV response not interpreted

Jens Huenerberg jens at
Fri Jan 29 22:09:51 GMT 2010


I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0.

For the installation, I've used the install script for MailScanner and 
the latest easy install package for ClamAV and SpamAssassin (which by 
the way failed to build an RSA module but nevertheless completed 

As I'm using CentOS 5.x, I skipped the installation of ClamAV from that 
package and installed the RPM packages for version 0.95.3 from

instead. All this worked out fine.

In the end, MailScanner seemed to operate the way it should.
Headers are marked and Spam is classified. Great.

As I was unsure, whether ClamAV was working, I've sent an EICAR 
signature in an email from a remote system to my new mail server.

I expected to get a reject or at least a warning. But no:

"X-myorg-MailScanner: Found to be clean"

No warnings, nothing. Surprise, surprise. In a next step, I've performed 
some tests with ClamAV. And ClamAV always detects the virus signature. 
Ok. So I adjusted the clamav-wrapper script:


$ClamScan $ExtraScanOptions $ScanOptions "$@"


#Log command and results
echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan
echo $retval >>/tmp/scanlog


What I found, was a virus positive return value (1):

/usr/bin/clamscan --tempdir=/tmp/clamav.22701

Obviously, ClamAV had been asked to scan the email, found it to contain 
a virus and reported this back to MailScanner. But MailScanner did not 
complain in any way.

Have I missed some special option to let MailScanner do something with a 
positive answer? Or am I completely misled and wrong?

Any hint or help is very much appreciated ...

Thanks and kind regards


More information about the MailScanner mailing list