Spam-Virus scoring not working any more for me

Mark Sapiro mark at
Mon Sep 27 14:37:32 IST 2010

On 11:59 AM, Michael Mansour wrote:

> I get plenty of this stuff:
> Sep 26 00:11:34 server MailScanner[11193]: Clamd::INFECTED:: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099) :: ./o8PEBTxB019677/

And this says MailScanner got the report from clamd

> No, nothing at all that says "spam-virus" and I've searched all current mail logs.

Yet this says that MailScanner didn't recognize that
was a spam virus.

> Note that when this used to work, I do remember seeing the "spam-virus" responses from MailScanner in the logs.
> Could this have something to do with the Clam version? I'm using 3 packages of clamav, clamav-db, clamd from RPMforge and all are 0.96.3.

I'm running the same clamav/clamd and it works for me. I do note that my
log entries do not contain things like
(56c0464fb2737c4622779d0b765fb23d:29099) (apparently the signature that
matched). Try adding * after UNOFFICIAL in your various "Virus Names
Which Are Spam" patterns, e.g. INetMsg.SpamDomain*UNOFFICIAL* instead of
just INetMsg.SpamDomain*UNOFFICIAL or possibly remove "LogVerbose yes"
and/or "ExtendedDetectionInfo yes" (I don't know which controls this)
from clamd.conf.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list