handling of spam-virus

Ling Shi ling at unimelb.edu.au
Mon Feb 11 00:12:40 GMT 2013 

Hi,

I found these in our mailscanner.log:

-----------------------------------------
Feb 10 15:00:41 selene MailScanner[3726]: New Batch: Scanning 1 
messages, 3501 bytes
Feb 10 15:00:41 selene MailScanner[3726]: Virus and Content Scanning: 
Starting
Feb 10 15:00:45 selene MailScanner[3726]: 47798200154.AD398.message: 
Email.Phishing.Webmail-28 FOUND
Feb 10 15:00:45 selene MailScanner[3726]: Found spam-virus 
Email.Phishing.Webmail-28 in 47798200154.AD398
Feb 10 15:00:45 selene MailScanner[3726]: Virus Scanning completed at 
811 bytes per second
Feb 10 15:00:45 selene MailScanner[3726]: Spam Checks: Starting
Feb 10 15:00:47 selene MailScanner[3726]: Message 47798200154.AD398 from 
80.95.217.246 (icb.alert at e-mail.ua) to ms.unimelb.edu.au is spam, 
SpamAssassin (not cached, score=32.473, required 5, autolearn=spam, 
ADVANCE_FEE_3_NEW 3.50, ADVANCE_FEE_3_NEW_MONEY 0.00, ADVANCE_FEE_4_NEW 
2.08, ADVANCE_FEE_4_NEW_MONEY 0.00, ADVANCE_FEE_5_NEW 1.54, 
ADVANCE_FEE_5_NEW_MONEY 0.00, AXB_XMAILER_MIMEOLE_OL_024C2 2.99, 
BAYES_99 3.50, FORGED_MUA_OUTLOOK 1.93, FSL_NEW_HELO_USER 2.10, 
LOTS_OF_MONEY 0.00, MISSING_HEADERS 1.02, MONEY_FRAUD_3 0.43, 
MONEY_FRAUD_5 2.18, MONEY_FROM_41 2.00, NSL_RCVD_FROM_USER 0.57, 
RCVD_IN_BRBL_LASTEXT 1.45, RCVD_IN_SORBS_WEB 0.77, RDNS_NONE 0.79, 
REPLYTO_WITHOUT_TO_CC 1.55, TO_NO_BRKTS_MSFT 3.50, URG_BIZ 0.57)
Feb 10 15:00:47 selene MailScanner[3726]: Spam Checks: Found 1 spam messages
Feb 10 15:00:47 selene MailScanner[3726]: Spam Actions: message 
47798200154.AD398 actions are delete
Feb 10 15:00:47 selene MailScanner[3726]: Spam Checks completed at 1609 
bytes per second
Feb 10 15:00:47 selene MailScanner[3726]: Deleted 1 messages from 
processing-database
Feb 10 15:00:47 selene MailScanner[3726]: Batch completed at 539 bytes 
per second (3501 / 6)
Feb 10 15:00:47 selene MailScanner[3726]: Batch (1 message) processed in 
6.49 seconds
-----------------------------------------

It looks although the mail is detected having a virus (spam-virus), it's 
still checked for spam.

Compare with non spam-virus:

-----------------------------------------
Feb  4 18:52:31 selene MailScanner[14634]: New Batch: Scanning 1 
messages, 9081 bytes
Feb  4 18:52:31 selene MailScanner[14634]: Virus and Content Scanning: 
Starting
Feb  4 18:52:35 selene MailScanner[14634]: 8480A200158.A6BCA.message: 
Email.Trojan-428 FOUND
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning: ClamAV found 
1 infections
Feb  4 18:52:36 selene MailScanner[14634]: Infected message 
8480A200158.A6BCA came from 95.39.12.43
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning: Found 1 viruses
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning completed at 
2080 bytes per second
Feb  4 18:52:36 selene MailScanner[14634]: Saved entire message to 
/var/spool/mail/MailScanner/quarantine/20130204/8480A200158.A6BCA
Feb  4 18:52:36 selene MailScanner[14634]: Spam Checks: Starting
Feb  4 18:52:36 selene MailScanner[14634]: Notices: Warned about 1 messages
Feb  4 18:52:36 selene MailScanner[14634]: Virus Processing completed at 
103302 bytes per second
Feb  4 18:52:36 selene MailScanner[14634]: Deleted 1 messages from 
processing-database
Feb  4 18:52:36 selene MailScanner[14634]: Batch completed at 2035 bytes 
per second (9081 / 4)
Feb  4 18:52:36 selene MailScanner[14634]: Batch (1 message) processed 
in 4.46 seconds
-----------------------------------------

-- 
Regards,
Ling Shi
(UnixSysad, MS, UniMelb)

More information about the MailScanner mailing list