Spam-Virus scoring not working any more for me
Mark Sapiro
mark at msapiro.net
Mon Sep 27 14:37:32 IST 2010
On 11:59 AM, Michael Mansour wrote:
> I get plenty of this stuff:
>
> Sep 26 00:11:34 server MailScanner[11193]: Clamd::INFECTED:: INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099) :: ./o8PEBTxB019677/
And this says MailScanner got the report from clamd
> No, nothing at all that says "spam-virus" and I've searched all current mail logs.
Yet this says that MailScanner didn't recognize that
INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099)
was a spam virus.
> Note that when this used to work, I do remember seeing the "spam-virus" responses from MailScanner in the logs.
>
> Could this have something to do with the Clam version? I'm using 3 packages of clamav, clamav-db, clamd from RPMforge and all are 0.96.3.
I'm running the same clamav/clamd and it works for me. I do note that my
log entries do not contain things like
(56c0464fb2737c4622779d0b765fb23d:29099) (apparently the signature that
matched). Try adding * after UNOFFICIAL in your various "Virus Names
Which Are Spam" patterns, e.g. INetMsg.SpamDomain*UNOFFICIAL* instead of
just INetMsg.SpamDomain*UNOFFICIAL or possibly remove "LogVerbose yes"
and/or "ExtendedDetectionInfo yes" (I don't know which controls this)
from clamd.conf.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list