Spam-Virus scoring not working any more for me
Michael Mansour
micoots at yahoo.com
Sun Sep 26 03:31:17 IST 2010
Hi Mark,
--- On Fri, 24/9/10, Mark Sapiro <mark at msapiro.net> wrote:
> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Re: Spam-Virus scoring not working any more for me
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Received: Friday, 24 September, 2010, 12:26 AM
> On Sept 22 at 7:00 PM, Michael
> Mansour wrote:
> >
> > --- On Thu, 23/9/10, Mark Sapiro <mark at msapiro.net>
> wrote:
> >
> > I haven't changed the %org-name% no.
> >
> > I do have a different setting for this though:
>
>
> This is not relevant in your case. it only matters if you
> have the
> default or similar setting for Spam-Virus Header which
> includes %org-name%.
>
>
> > Another question, I use MailWatch, should the
> X-MailScanner-blah headers be present when viewing the
> message headers in MailWatch?
> >
> > I don't see them in MailWatch, but when I release the
> message from MailWatch to my Inbox and view full headers, I
> see the MailScanner lines no problems.
>
>
> I have never used MailWatch. I can't answer that.
>
>
> >> If the above does not solve the problem, please
> post
> >> exactly what you
> >> have in Mailscanner.conf for "Spam-Virus Header"
> and "Virus
> >> Names Which
> >> Are Spam". In particular, does your "Virus Names
> Which Are
> >> Spam"
> >> pattern(s) match the virus name?
> >
> > My settings are:
> >
> > Spam-Virus Header =
> X-NPGX-MailScanner-SpamVirus-Report:
> >
> > Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*
> MBL*UNOFFICIAL *SecuriteInfo*UNOFFICIAL
> INetMsg.SpamDomain*UNOFFICIAL NPGX.DomainAddr*UNOFFICIAL
> NPGX.EmailAddr.*UNOFFICIAL winnow*UNOFFICIAL
> >
> > Yes, all the above do match the virus names presented
> when the clamd scanner finds the signature in the 3rd party
> DB.
>
>
> OK.
>
> What's in your logs? Do you have messages like
>
> Sep 22 06:56:27 sbh16 MailScanner[10759]:
> Clamd::INFECTED::
> Sanesecurity.Junk.12181.UNOFFICIAL :: ./835336900BC.A01F3/
> Sep 22 06:56:27 sbh16 MailScanner[10759]: Found spam-virus
> Sanesecurity.Junk.12181.UNOFFICIAL in 835336900BC.A01F3
I get plenty of this stuff:
Sep 26 00:11:34 server MailScanner[11193]: Clamd::INFECTED:: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099) :: ./o8PEBTxB019677/
Sep 26 00:11:49 server clamd[8474]: /home/MailScanner/incoming/11197/o8PEBhQ5020119.message: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(45b8f7efd3217ee092b222ad2fb8e090:23955) FOUND
> In particular, do you have the Found spam-virus message?
No, nothing at all that says "spam-virus" and I've searched all current mail logs.
Note that when this used to work, I do remember seeing the "spam-virus" responses from MailScanner in the logs.
Could this have something to do with the Clam version? I'm using 3 packages of clamav, clamav-db, clamd from RPMforge and all are 0.96.3.
Thanks.
Michael.
> --
> Mark Sapiro <mark at msapiro.net>
> The highway is for gamblers,
> San Francisco Bay Area, California better use
> your sense - B. Dylan
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the
> website!
>
More information about the MailScanner
mailing list