Virus attachments not replaced with warning text

Benjamin ben at electricembers.net
Mon Jan 3 22:46:56 GMT 2011 

> So it looks like the attachment is not being removed because it is
> treated as a silent virus?
> 
> My silent virus settings are:
> 
> Silent Viruses = HTML-IFrame All-Viruses
> Still Deliver Silent Viruses = yes
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Zip-Password
> 
> I guess "eicar" is matched (not sure if "Non-Forging Viruses" is
> case-sensitive, or not) but the comments in the config file explicitly
> say (for "Still Deliver Silent Viruses"): "Still deliver (after
> cleaning) messages that contained viruses listed
> # in the above option ("Silent Viruses") to the recipient?". But for
> whatever reason the cleaning step is not done here.

We too used to quarantine, clean, tag, and deliver the original messages without
the viral attachments (and occasionally had folks write to have us release the
stuff from quarantine!) 

But then we noticed we were actually just copying to quarantine, *not* cleaning
(AKA removing) the attachments, tagging, and delivering the message *with* the
viral attachment intact!? 

I don't see how based on our settings:

Virus Scanning = yes 
Virus Scanners = clamd
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame HTML-Codebase All-Viruses
Still Deliver Silent Viruses = %rules-dir%/virus.delivery.rules
 { 
   no for a bunch of listserv addy's,
   To:     default         yes
 }
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/
Quarantine Infections = yes
Quarantine Silent Viruses = yes
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
Deliver Cleaned Messages = yes
Notify Senders = no
Notify Senders Of Viruses = no
Warning Is Attachment = yes
Send Notices = no

So I've changed to

Silent Viruses =

-which causes the viri to actually be cleaned. (Only now the 
Warning Is Attachment = yes
setting seems to be ignored, as the message body is *replaced* with our warning
message, inline.)

Did the meaning of "Silent Viruses" change? Is something broken? Or am I missing
something? How can I help? Thanks in advance!

Running on FreeBSD 6.2-RELEASE 
This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.81.4

More information about the MailScanner mailing list