Spam-Virus scoring not working any more for me

Michael Mansour micoots at yahoo.com
Thu Sep 30 04:57:48 IST 2010 

Hi Mark,

Thank you for analysing my output and your reply.

--- On Mon, 27/9/10, Mark Sapiro <mark at msapiro.net> wrote:

> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Re: Re: Spam-Virus scoring not working any more for me
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Received: Monday, 27 September, 2010, 11:37 PM
> On 11:59 AM, Michael Mansour wrote:
> 
> > I get plenty of this stuff:
> > 
> > Sep 26 00:11:34 server MailScanner[11193]:
> Clamd::INFECTED::
> INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099)
> :: ./o8PEBTxB019677/
> 
> 
> And this says MailScanner got the report from clamd
> 
> 
> > No, nothing at all that says "spam-virus" and I've
> searched all current mail logs.
> 
> 
> Yet this says that MailScanner didn't recognize that
> INetMsg.SpamDomain-2m.e2ma_net.UNOFFICIAL(56c0464fb2737c4622779d0b765fb23d:29099)
> was a spam virus.
> 
> 
> > Note that when this used to work, I do remember seeing
> the "spam-virus" responses from MailScanner in the logs.
> > 
> > Could this have something to do with the Clam version?
> I'm using 3 packages of clamav, clamav-db, clamd from
> RPMforge and all are 0.96.3.
> 
> 
> I'm running the same clamav/clamd and it works for me. I do
> note that my
> log entries do not contain things like
> (56c0464fb2737c4622779d0b765fb23d:29099) (apparently the
> signature that
> matched). Try adding * after UNOFFICIAL in your various
> "Virus Names
> Which Are Spam" patterns, e.g.
> INetMsg.SpamDomain*UNOFFICIAL* instead of
> just INetMsg.SpamDomain*UNOFFICIAL or possibly remove
> "LogVerbose yes"
> and/or "ExtendedDetectionInfo yes" (I don't know which
> controls this)
> from clamd.conf.

I've added the "*" after the "UNOFFICIAL" to hopefully match the clamd output.

I've checked the clamd.conf file and have:

# Enable verbose logging.
# Default: no
#LogVerbose yes

# Provide additional information about the infected file, such as its
# size and hash, together with the virus name. It's recommended to enable
# this option along with SubmitDetectionStats in freshclam.conf.
#ExtendedDetectionInfo yes
ExtendedDetectionInfo yes

So it's the second option which is enabled. I enable this to provide virus stats to Clam. I'll leave this enabled for now and monitor the mail queues/virus detected files to see if the "*" has fixed it.

If not, I'll disable the ExtendedDetectionInfo setting and try again.

Hopefully your "*" recommendation has fixed the issue. I'll post to the list when I find out. 

Thanks.

Michael.

> -- 
> Mark Sapiro <mark at msapiro.net>       The highway is for gamblers,
> San Francisco Bay Area, California    better use
> your sense - B. Dylan
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website! 
>

More information about the MailScanner mailing list