MailScanner not removing viruses

Mon Jun 20 17:05:01 IST 2011

I have recently upgraded from Debian Lenny running MailScanner version
4.72.5-1 to Debian Squeeze running MailScanner 4.83.5-1.  MailScanner
was installed from the tarball (not the Debian repository).

We have "Still Deliver Silent Viruses = yes" in the configuration, as we
do not get a lot of viruses and like to let people know that MailScanner
is protecting them.  In version 7.72.5-1, a silent virus would still be
"cleaned" - removed from the email and replaced with a notice - before
being delivered.  However, with version 4.83.5-1, it seems that the
virus is passed on without being removed.

I suspect this has something to do with the changes made in 4.78.17-1
when the order of the virus and spam checking was switched, and code for
spam-viruses was added.  I have come up with a simple patch that seems
to fix the issue:

===============================================================

--- MessageBatch.pm.orig        2010-08-03 07:19:16.000000000 -0400
+++ MessageBatch.pm     2011-06-20 11:39:04.000000000 -0400
@@ -875,6 +875,7 @@
     #MailScanner::Log::WarnLog("Deliversilent for %s is %s",
$message->{id},
     #                MailScanner::Config::Value('deliversilent',
$message));
     if (MailScanner::Config::Value('deliversilent', $message)) {
+      $message->Clean();
       $message->DeliverCleaned();
       #print STDERR "Deleting silent-infected message " .
$message->{id} . "\n";
       push @messages, $message;
===============================================================

I'm not sure if this is the best place to do the clean or not, but it
does seem to work fine.  

Julian, can you take a look if you get a chance?

I would highly recommend either using this patch or not setting "Still
Deliver Silent Viruses = yes".  The default is no, which I think would
be recommended anyways.

Jase

-
This message is intended only for the addressee and may contain information that is company confidential or privileged.  Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. 
-                                                                                                                                                                                                                                                       
