Virus detected by Clamd is not blocked by Mailscanner
Heino Backhaus
heino.backhaus at fink-computer.de
Thu Feb 18 14:18:31 UTC 2016
Hello List,
Today I recognized a quarantined mail, detected as spam, with a word
document attached. So i downloaded
this word document and scanned it with clamdscan on my mailscanner
machine and clamd found a virus:
root at mailscanner2014:~# clamdscan VIRUS-invoice_27638121.doc
VIRUS-invoice_27638121.doc:
Sanesecurity.Malware.25947.XmlHeurGen.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.129 sec (0 m 0 s)
I was wondering why it was detected as spam and not as a virus... I
attached this word document
to a mail and sent it to through my mailscanner machine...and it whent
through.
Does anybody's got an Idea where i could look for a configuration error?
Other viruses like clamav-testfile attached to mails are being detected
correctly.
It's MailScanner-4.84.6-1 and ClamAV
devel-clamav-0.99-beta1-363-g0ea036a/21384/Wed Feb 17 21:12:50 2016
MailScanner.conf:
...
# This *cannot* be the filename of a ruleset.
Virus Scanners = clamd
...
clamd.conf:
...
OLE2BlockMacros yes
...
--
Mit freundlichen Gruessen
H. Backhaus
Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
More information about the MailScanner
mailing list