Virus detected by Clamd is not blocked by Mailscanner

Heino Backhaus heino.backhaus at fink-computer.de
Fri Feb 19 08:24:03 UTC 2016


Thanks for the Answer.

Good shot - but why did a new mail with the virus/Word-Document attached 
go through.
Clamd stil detects the word document as Virus on manual command line scan.
If you're right it should be detected as spam as soon as the Document is 
attached, right?

Kind of strange to me this is.Am 18.02.2016 um 17:59 schrieb Shawn Iverson:
> Here it is...
>
> Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
>
>
> On Thu, Feb 18, 2016 at 11:39 AM, Shawn Iverson 
> <iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>> 
> wrote:
>
>     That's an "UNOFFICIAL" rule, I believe there some "viruses" are
>     treated as spam in the MailScanner.conf file.  There's an
>     exceptions list...
>
>     On Thu, Feb 18, 2016 at 9:18 AM, Heino Backhaus
>     <heino.backhaus at fink-computer.de
>     <mailto:heino.backhaus at fink-computer.de>> wrote:
>
>         Hello List,
>
>         Today I recognized a quarantined mail, detected as spam, with
>         a word document attached. So i downloaded
>         this word document and scanned it with clamdscan on my
>         mailscanner machine and clamd found a virus:
>
>         root at mailscanner2014:~# clamdscan VIRUS-invoice_27638121.doc
>         VIRUS-invoice_27638121.doc:
>         Sanesecurity.Malware.25947.XmlHeurGen.UNOFFICIAL FOUND
>
>         ----------- SCAN SUMMARY -----------
>         Infected files: 1
>         Time: 0.129 sec (0 m 0 s)
>
>          I was wondering why it was detected as spam and not as a
>         virus... I attached this word document
>         to a mail and sent it to through my mailscanner machine...and
>         it whent through.
>
>         Does anybody's got an Idea where i could look for a
>         configuration error?
>         Other viruses like clamav-testfile attached to mails are being
>         detected correctly.
>
>         It's  MailScanner-4.84.6-1 and ClamAV
>         devel-clamav-0.99-beta1-363-g0ea036a/21384/Wed Feb 17 21:12:50
>         2016
>
>         MailScanner.conf:
>         ...
>         # This *cannot* be the filename of a ruleset.
>         Virus Scanners = clamd
>         ...
>
>         clamd.conf:
>         ...
>         OLE2BlockMacros yes
>         ...
>
>         -- 
>         Mit freundlichen Gruessen
>
>         H. Backhaus
>
>         Fink-Computer Systeme
>         Heggrabenstr. 9, 35435 Wettenberg
>         Email: heino.backhaus at fink-computer.de
>         <mailto:heino.backhaus at fink-computer.de>
>         Web: www.fink-computer.de <http://www.fink-computer.de>
>         Fax: +49-641-98444638 <tel:%2B49-641-98444638>
>         Fon: +49-641-98444640 <tel:%2B49-641-98444640>
>         UST-ID: DE151040770
>         HRB: 2143 Gießen
>         GF: Fredi Fink
>
>         "In retrospect it becomes clear that hindsight is definitely
>         overrated!"
>             -Alfred E. Neumann
>
>
>
>         -- 
>         MailScanner mailing list
>         mailscanner at lists.mailscanner.info
>         <mailto:mailscanner at lists.mailscanner.info>
>         http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
>     -- 
>     Shawn Iverson
>     Director of Technology
>     Rush County Schools
>     765-932-3901 x271 <tel:765-932-3901%20x271>
>     iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>
>
>
>
>
> -- 
> Shawn Iverson
> Director of Technology
> Rush County Schools
> 765-932-3901 x271
> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160219/8415dd4b/attachment.html>


More information about the MailScanner mailing list