detected virus mails still getting delivered

Martin Hepworth maxsec at gmail.com
Fri Mar 1 11:29:39 GMT 2013 

and your email rules for what do in this case are what?
-- 
Martin Hepworth, CISSP
Oxford, UK


On 1 March 2013 03:36, Ryan Braganza <ryan.virgo at gmail.com> wrote:

>
> Hi
>
> Iam facing a typical problem, in this case am using mailscanner-4.70.7-1
> with bitdefender-scanner-7.6-4 .. The virus in mails is getting detected
> but is still delivered to the users mailbox. Below is a log of one such
> transaction
>
> New Batch: Scanning 1 messages, 56072 bytes
> Mar  1 09:02:13 demo1 MailScanner[11182]: Virus and Content Scanning:
> Starting
> Mar  1 09:02:18 demo1 MailScanner[11185]: MailScanner E-Mail Virus Scanner
> version 4.70.7 starting...
> Mar  1 09:02:18 demo1 MailScanner[11185]: SpamAssassin temporary working
> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Mar  1 09:02:18 demo1 MailScanner[11185]: Using locktype = flock
> Mar  1 09:02:19 demo1 MailScanner[11182]:
> /var/spool/MailScanner/incoming/11182/0345E427247.16030/Ticket.zip=>Ticket.exe:infected:
> Trojan.Agent.ATXG
> Mar  1 09:02:19 demo1 MailScanner[11182]: Virus Scanning: Bitdefender
> found 1 infections
> Mar  1 09:02:19 demo1 MailScanner[11182]: Virus Scanning: Found 1 viruses
>
> MILTER: Processing mail in scan_source_destination for mail restrictions
> Mar  1 09:02:19 demo1 MailScanner[11182]: MILTER: email-subject: Test Mail
> Mar  1 09:02:19 demo1 MailScanner[11182]: MILTER: Ultimately the mail sent
> only to RCPTs: a2 at mumbai.demo2.nsfleximail.com
> Mar  1 09:02:19 demo1 MailScanner[11182]: Requeue: 0345E427247.16030 to
> 15FA3427249
>
>
> USAGE a2 user: 0.003999 sys: 0.003999
> Mar  1 09:02:19 demo1 postfix/lmtp[11189]: 15FA3427249: to=<
> a2 at mumbai.demo2.nsfleximail.com>, orig_to=<a2 at demo2.nsfleximail.com>,
> relay=mumbai.demo1.nsfleximail.com[/var/lib/imap/socket/lmtp], delay=6.7,
> delays=6.6/0.01/0.01/0.15, dsn=2.1.5, status=sent (250 2.1.5 Ok
> SESSIONID=<demo1.nsfleximail.com-10421-1362108739-1>)
> Mar  1 09:02:19 demo1 postfix/lmtp[11189]: ECMPLOG : 15FA3427249|55381|<
> idcalerts at netcore.co.in>|<a2 at mumbai.demo2.nsfleximail.com>|DOM|
> mumbai.demo1.nsfleximail.com[/var/lib/imap/socket/lmtp]|-> 250 2.1.5 Ok
> SESSIONID=<demo1.nsfleximail.com-10421-1362108739-1>|6|sent
> Mar  1 09:02:19 demo1 postfix/qmgr[11148]: 15FA3427249: removed
>
>
> --
>
> -------------------------------------------------------------------------------------------------
> *No matter how bad the day is...
> There is always a bike ride back home... :-)
> *
> -------------------------------------------------------------------------------------------------
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130301/4574890c/attachment.html

More information about the MailScanner mailing list