Spam-Virus scoring not working any more for me
micoots at yahoo.com
Thu Sep 30 04:57:48 IST 2010
Thank you for analysing my output and your reply.
--- On Mon, 27/9/10, Mark Sapiro <mark at msapiro.net> wrote:
> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Re: Re: Spam-Virus scoring not working any more for me
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Received: Monday, 27 September, 2010, 11:37 PM
> On 11:59 AM, Michael Mansour wrote:
> > I get plenty of this stuff:
> > Sep 26 00:11:34 server MailScanner:
> :: ./o8PEBTxB019677/
> And this says MailScanner got the report from clamd
> > No, nothing at all that says "spam-virus" and I've
> searched all current mail logs.
> Yet this says that MailScanner didn't recognize that
> was a spam virus.
> > Note that when this used to work, I do remember seeing
> the "spam-virus" responses from MailScanner in the logs.
> > Could this have something to do with the Clam version?
> I'm using 3 packages of clamav, clamav-db, clamd from
> RPMforge and all are 0.96.3.
> I'm running the same clamav/clamd and it works for me. I do
> note that my
> log entries do not contain things like
> (56c0464fb2737c4622779d0b765fb23d:29099) (apparently the
> signature that
> matched). Try adding * after UNOFFICIAL in your various
> "Virus Names
> Which Are Spam" patterns, e.g.
> INetMsg.SpamDomain*UNOFFICIAL* instead of
> just INetMsg.SpamDomain*UNOFFICIAL or possibly remove
> "LogVerbose yes"
> and/or "ExtendedDetectionInfo yes" (I don't know which
> controls this)
> from clamd.conf.
I've added the "*" after the "UNOFFICIAL" to hopefully match the clamd output.
I've checked the clamd.conf file and have:
# Enable verbose logging.
# Default: no
# Provide additional information about the infected file, such as its
# size and hash, together with the virus name. It's recommended to enable
# this option along with SubmitDetectionStats in freshclam.conf.
So it's the second option which is enabled. I enable this to provide virus stats to Clam. I'll leave this enabled for now and monitor the mail queues/virus detected files to see if the "*" has fixed it.
If not, I'll disable the ExtendedDetectionInfo setting and try again.
Hopefully your "*" recommendation has fixed the issue. I'll post to the list when I find out.
> Mark Sapiro <mark at msapiro.net>
> The highway is for gamblers,
> San Francisco Bay Area, California better use
> your sense - B. Dylan
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the
More information about the MailScanner