Virus detected by Clamd is not blocked by Mailscanner

Mark Sapiro mark at
Fri Feb 19 17:42:12 UTC 2016

On 02/19/2016 12:24 AM, Heino Backhaus wrote:
> Thanks for the Answer.
> Good shot - but why did a new mail with the virus/Word-Document attached
> go through.
> Clamd stil detects the word document as Virus on manual command line scan.
> If you're right it should be detected as spam as soon as the Document is
> attached, right?

It is detected by clamd as


This matches something in your MailScanner configuration setting "Virus
Names Which Are Spam" so Mailscanner does not treat this detection as a
virus but rather as spam. What it then does is add a header as defined
by "Spam-Virus Header" in your MailScanner config together with the name
of the detection. The default setting is

Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:

So for example in my case this detection would be


Then the next step is in /etc/MailScanner/spam.assassin.prefs.conf as
distributed, you'll see

# The header name in the next line must have your %org-name% added into it,
# so that it matches what is set in "Spam-Virus Header" in your
# MailScanner.conf file.
header MS_FOUND_SPAMVIRUS exists:X-MailScanner-SpamVirus-Report

You need to edit that as it says. Again in my case I change the header
line to

header MS_FOUND_SPAMVIRUS exists:X-GPC-MailScanner-SpamVirus-Report

and you can also adjust the score as you wish. Then this clamd detection
will score that many points in spamassassin.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list