Spam-Virus scoring not working any more for me
micoots at yahoo.com
Sun Sep 26 03:31:17 IST 2010
--- On Fri, 24/9/10, Mark Sapiro <mark at msapiro.net> wrote:
> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Re: Spam-Virus scoring not working any more for me
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Received: Friday, 24 September, 2010, 12:26 AM
> On Sept 22 at 7:00 PM, Michael
> Mansour wrote:
> > --- On Thu, 23/9/10, Mark Sapiro <mark at msapiro.net>
> > I haven't changed the %org-name% no.
> > I do have a different setting for this though:
> This is not relevant in your case. it only matters if you
> have the
> default or similar setting for Spam-Virus Header which
> includes %org-name%.
> > Another question, I use MailWatch, should the
> X-MailScanner-blah headers be present when viewing the
> message headers in MailWatch?
> > I don't see them in MailWatch, but when I release the
> message from MailWatch to my Inbox and view full headers, I
> see the MailScanner lines no problems.
> I have never used MailWatch. I can't answer that.
> >> If the above does not solve the problem, please
> >> exactly what you
> >> have in Mailscanner.conf for "Spam-Virus Header"
> and "Virus
> >> Names Which
> >> Are Spam". In particular, does your "Virus Names
> Which Are
> >> Spam"
> >> pattern(s) match the virus name?
> > My settings are:
> > Spam-Virus Header =
> > Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*
> MBL*UNOFFICIAL *SecuriteInfo*UNOFFICIAL
> INetMsg.SpamDomain*UNOFFICIAL NPGX.DomainAddr*UNOFFICIAL
> NPGX.EmailAddr.*UNOFFICIAL winnow*UNOFFICIAL
> > Yes, all the above do match the virus names presented
> when the clamd scanner finds the signature in the 3rd party
> What's in your logs? Do you have messages like
> Sep 22 06:56:27 sbh16 MailScanner:
> Sanesecurity.Junk.12181.UNOFFICIAL :: ./835336900BC.A01F3/
> Sep 22 06:56:27 sbh16 MailScanner: Found spam-virus
> Sanesecurity.Junk.12181.UNOFFICIAL in 835336900BC.A01F3
I get plenty of this stuff:
Sep 26 00:11:34 server MailScanner: Clamd::INFECTED:: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099) :: ./o8PEBTxB019677/
Sep 26 00:11:49 server clamd: /home/MailScanner/incoming/11197/o8PEBhQ5020119.message: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(45b8f7efd3217ee092b222ad2fb8e090:23955) FOUND
> In particular, do you have the Found spam-virus message?
No, nothing at all that says "spam-virus" and I've searched all current mail logs.
Note that when this used to work, I do remember seeing the "spam-virus" responses from MailScanner in the logs.
Could this have something to do with the Clam version? I'm using 3 packages of clamav, clamav-db, clamd from RPMforge and all are 0.96.3.
> Mark Sapiro <mark at msapiro.net>
> The highway is for gamblers,
> San Francisco Bay Area, California better use
> your sense - B. Dylan
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the
More information about the MailScanner