Virus detected by Clamd is not blocked by Mailscanner

Shawn Iverson iversons at rushville.k12.in.us
Thu Feb 18 16:59:28 UTC 2016 

Here it is...

Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*


On Thu, Feb 18, 2016 at 11:39 AM, Shawn Iverson <
iversons at rushville.k12.in.us> wrote:

> That's an "UNOFFICIAL" rule, I believe there some "viruses" are treated as
> spam in the MailScanner.conf file.  There's an exceptions list...
>
> On Thu, Feb 18, 2016 at 9:18 AM, Heino Backhaus <
> heino.backhaus at fink-computer.de> wrote:
>
>> Hello List,
>>
>> Today I recognized a quarantined mail, detected as spam, with a word
>> document attached. So i downloaded
>> this word document and scanned it with clamdscan on my mailscanner
>> machine and clamd found a virus:
>>
>> root at mailscanner2014:~# clamdscan VIRUS-invoice_27638121.doc
>> VIRUS-invoice_27638121.doc:
>> Sanesecurity.Malware.25947.XmlHeurGen.UNOFFICIAL FOUND
>>
>> ----------- SCAN SUMMARY -----------
>> Infected files: 1
>> Time: 0.129 sec (0 m 0 s)
>>
>>  I was wondering why it was detected as spam and not as a virus... I
>> attached this word document
>> to a mail and sent it to through my mailscanner machine...and it whent
>> through.
>>
>> Does anybody's got an Idea where i could look for a configuration error?
>> Other viruses like clamav-testfile attached to mails are being detected
>> correctly.
>>
>> It's  MailScanner-4.84.6-1 and ClamAV
>> devel-clamav-0.99-beta1-363-g0ea036a/21384/Wed Feb 17 21:12:50 2016
>>
>> MailScanner.conf:
>> ...
>> # This *cannot* be the filename of a ruleset.
>> Virus Scanners = clamd
>> ...
>>
>> clamd.conf:
>> ...
>> OLE2BlockMacros yes
>> ...
>>
>> --
>> Mit freundlichen Gruessen
>>
>> H. Backhaus
>>
>> Fink-Computer Systeme
>> Heggrabenstr. 9, 35435 Wettenberg
>> Email: heino.backhaus at fink-computer.de
>> Web: www.fink-computer.de
>> Fax: +49-641-98444638
>> Fon: +49-641-98444640
>> UST-ID: DE151040770
>> HRB: 2143 Gießen
>> GF: Fredi Fink
>>
>> "In retrospect it becomes clear that hindsight is definitely overrated!"
>>     -Alfred E. Neumann
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>
>
> --
> Shawn Iverson
> Director of Technology
> Rush County Schools
> 765-932-3901 x271
> iversons at rushville.k12.in.us
>
>
>


-- 
Shawn Iverson
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160218/d870b14b/attachment.html>

More information about the MailScanner mailing list