Clamd INFECTED but the mail still delivered

Jean-Francois Masson Jean-Francois.Masson at USherbrooke.ca
Wed Aug 14 15:48:43 IST 2013


Hi,

I have a question about Clamd and MailScanner.

All my "Clamd INFECTED" mail are saved to my quarantine folder as the 
following logs.
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Clamd::INFECTED:: 
Sanesecurity.Junk.19693.UNOFFICIAL :: ./r7EE79MK022851/
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Infected message 
r7EE79MK022851 came from 95.158.131.135
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Saved entire message to 
/quarantaine/usherbrooke/20130814/r7EE79MK022851

I received a suspicious mail and i looked at the logs. I saw that the 
mail was reported INFECTED by Clamd but it was still delivered and do 
not move in quarantine folder. And not placed in the quarantine folder. 
I would like to know witch configuration or file permit me to change 
this option?

Thanks.


*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter 
(milter-limit): init success to negotiate
*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter: 
connect to filters
*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: 
milter=milter-limit, action=connect, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: 
milter=milter-limit, action=mail, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: 
milter=milter-limit, action=rcpt, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: 
from=<info at webmaster.fr>, size=1317, class=0, nrcpts=4, 
msgid=<eb6a7c1bcc701df0e2282168a95ed257.squirrel at gaia.gi.ee>, 
bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=gaia.gi.ee 
[193.40.102.14]
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter 
accept: message
*Aug 12 19:53:24 10.32.33.25 clamd[4457]: 
/var/spool/MailScanner/incoming/13799/r7CNrB6J013327.header: 
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND
*Aug 12 19:53:24 10.32.33.25 clamd[4457]: 
/var/spool/MailScanner/incoming/13799/r7CNrB6J013327.message: 
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: *Clamd::INFECTED:: 
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL* :: ./r7CNrB6J013327/
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus 
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus 
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327
*Aug 12 19:53:33 10.32.33.25 MailScanner[13799]: Message r7CNrB6J013327 
from 193.40.102.14 (info at webmaster.fr) to usherbrooke.ca is n'est pas un 
polluriel, SpamAssassin (not cached, score=5.747, requis 6.5, BAYES_50 
0.80, DCC_CHECK 1.10, RCVD_IN_BL_SPAMCOP_NET 1.35, RCVD_IN_PSBL 1.00, 
RCVD_IN_UCE_PFSM_1 1.50)
*Aug 12 19:53:34 10.32.33.25 sendmail[13374]: r7CNrB6J013327: 
to=<mail at usherbrooke.ca>, delay=00:00:12, xdelay=00:00:00, mailer=smtp, 
pri=211317, relay=[132.210.6.44] [132.210.6.44], dsn=2.0.0, *stat=Sent* 
(r7CNrXDo006114 Message accepted for delivery) *




Jean-Francois Masson*, Technicien en systèmes ordinés

/Section Infrastructure des serveurs/
Service des technologies de l'information
Université de Sherbrooke

Tél.: 819 821-8000, poste 61987

Courriel: Jean-Francois.Masson at USherbrooke.ca 
<mailto:Jean-Francois.Masson at USherbrooke.ca>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/8dd8a473/attachment.html 


More information about the MailScanner mailing list