Mailscanner / Sophos does not block viruses

[Mark Sapiro]

ci at holmco.de wrote:

> On Thu, Nov 07, 2013 at 06:00:31PM -0800 you wrote:
> 
>> What does 'MailScanner --lint' report?
...
> MailScanner.conf says "Virus Scanners = sophos"
> Found these virus scanners installed: clamav, sophos
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> ===========================================================================
> 
> If any of your virus scanners (clamav,sophos)
> are not listed there, you should check that they are installed
> correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
> ------------------------------------------------------------------------
> 
> Looks good so far (?).


Actually not. The above should look like (with sophos instead of Clamd)

===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners ...

It seems from your other posts that sophos is being properly invoked and
detects the infection as it mails the admin about it, but the detection
is not being picked up by MailScanner.

What do you have in the "Options specific to Sophos Anti-Virus" section
of MailScanner.conf? In particular,

Allowed Sophos Error Messages =

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan