ClamAV response not interpreted
MailScanner at ecs.soton.ac.uk
Sun Jan 31 11:55:55 GMT 2010
Please post all the output from your call to clamscan on this message.
Also test that "MailScanner --lint" successfully reports ClamAV finding
the EICAR in the "lint test" message that it uses.
On 29/01/2010 22:09, Jens Huenerberg wrote:
> I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0.
> For the installation, I've used the install script for MailScanner and
> the latest easy install package for ClamAV and SpamAssassin (which by
> the way failed to build an RSA module but nevertheless completed
> As I'm using CentOS 5.x, I skipped the installation of ClamAV from
> that package and installed the RPM packages for version 0.95.3 from
> instead. All this worked out fine.
> In the end, MailScanner seemed to operate the way it should.
> Headers are marked and Spam is classified. Great.
> As I was unsure, whether ClamAV was working, I've sent an EICAR
> signature in an email from a remote system to my new mail server.
> I expected to get a reject or at least a warning. But no:
> "X-myorg-MailScanner: Found to be clean"
> No warnings, nothing. Surprise, surprise. In a next step, I've
> performed some tests with ClamAV. And ClamAV always detects the virus
> signature. Ok. So I adjusted the clamav-wrapper script:
> $ClamScan $ExtraScanOptions $ScanOptions "$@"
> #Log command and results
> echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan
> echo $retval >>/tmp/scanlog
> What I found, was a virus positive return value (1):
> /usr/bin/clamscan --tempdir=/tmp/clamav.22701
> Obviously, ClamAV had been asked to scan the email, found it to
> contain a virus and reported this back to MailScanner. But MailScanner
> did not complain in any way.
> Have I missed some special option to let MailScanner do something with
> a positive answer? Or am I completely misled and wrong?
> Any hint or help is very much appreciated ...
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner