Virus detected by Clamd is not blocked by Mailscanner

Shawn Iverson iversons at rushville.k12.in.us
Thu Feb 18 16:39:57 UTC 2016 

That's an "UNOFFICIAL" rule, I believe there some "viruses" are treated as
spam in the MailScanner.conf file.  There's an exceptions list...

On Thu, Feb 18, 2016 at 9:18 AM, Heino Backhaus <
heino.backhaus at fink-computer.de> wrote:

> Hello List,
>
> Today I recognized a quarantined mail, detected as spam, with a word
> document attached. So i downloaded
> this word document and scanned it with clamdscan on my mailscanner machine
> and clamd found a virus:
>
> root at mailscanner2014:~# clamdscan VIRUS-invoice_27638121.doc
> VIRUS-invoice_27638121.doc:
> Sanesecurity.Malware.25947.XmlHeurGen.UNOFFICIAL FOUND
>
> ----------- SCAN SUMMARY -----------
> Infected files: 1
> Time: 0.129 sec (0 m 0 s)
>
>  I was wondering why it was detected as spam and not as a virus... I
> attached this word document
> to a mail and sent it to through my mailscanner machine...and it whent
> through.
>
> Does anybody's got an Idea where i could look for a configuration error?
> Other viruses like clamav-testfile attached to mails are being detected
> correctly.
>
> It's  MailScanner-4.84.6-1 and ClamAV
> devel-clamav-0.99-beta1-363-g0ea036a/21384/Wed Feb 17 21:12:50 2016
>
> MailScanner.conf:
> ...
> # This *cannot* be the filename of a ruleset.
> Virus Scanners = clamd
> ...
>
> clamd.conf:
> ...
> OLE2BlockMacros yes
> ...
>
> --
> Mit freundlichen Gruessen
>
> H. Backhaus
>
> Fink-Computer Systeme
> Heggrabenstr. 9, 35435 Wettenberg
> Email: heino.backhaus at fink-computer.de
> Web: www.fink-computer.de
> Fax: +49-641-98444638
> Fon: +49-641-98444640
> UST-ID: DE151040770
> HRB: 2143 Gießen
> GF: Fredi Fink
>
> "In retrospect it becomes clear that hindsight is definitely overrated!"
>     -Alfred E. Neumann
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>


-- 
Shawn Iverson
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160218/0421c569/attachment.html>

More information about the MailScanner mailing list