ClamAV response not interpreted

[Jens Huenerberg]

Hi,

I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0.

For the installation, I've used the install script for MailScanner and 
the latest easy install package for ClamAV and SpamAssassin (which by 
the way failed to build an RSA module but nevertheless completed 
successfully).

As I'm using CentOS 5.x, I skipped the installation of ClamAV from that 
package and installed the RPM packages for version 0.95.3 from

http://packages.sw.be/clamav/

instead. All this worked out fine.

In the end, MailScanner seemed to operate the way it should.
Headers are marked and Spam is classified. Great.

As I was unsure, whether ClamAV was working, I've sent an EICAR 
signature in an email from a remote system to my new mail server.

I expected to get a reject or at least a warning. But no:

"X-myorg-MailScanner: Found to be clean"

No warnings, nothing. Surprise, surprise. In a next step, I've performed 
some tests with ClamAV. And ClamAV always detects the virus signature. 
Ok. So I adjusted the clamav-wrapper script:

--->

$ClamScan $ExtraScanOptions $ScanOptions "$@"

retval=$?

#Log command and results
echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan
echo $retval >>/tmp/scanlog

<----

What I found, was a virus positive return value (1):

/usr/bin/clamscan --tempdir=/tmp/clamav.22701
1

Obviously, ClamAV had been asked to scan the email, found it to contain 
a virus and reported this back to MailScanner. But MailScanner did not 
complain in any way.

Have I missed some special option to let MailScanner do something with a 
positive answer? Or am I completely misled and wrong?

Any hint or help is very much appreciated ...

-- 
Thanks and kind regards

Jens