SV: Verify virus scanning

Peter Lemieux mailscanner at
Tue Mar 29 18:26:14 UTC 2016

Traditional viruses don't show up very often on the systems I manage either. 
  Most of the messages we reject these days look like this:

     Sender: wadas1960 at
IP Address:
  Recipient: wadas1960 at
    Subject: CCE29032016_00035.jpg
  MessageID: u2TFJNRF025532
Quarantine: /var/spool/MailScanner/quarantine/20160329/u2TFJNRF025532
     Report: MailScanner: JScript Scripts are dangerous in email
     Report: MailScanner: JScript Scripts are dangerous in email

We block messages with embedded scripts via the filename/filetype rules.  We 
also have clamd configured to quarantine messages containing Microsoft 
Office documents with embedded macros.


On 03/29/2016 10:34 AM, Trond M. Markussen wrote:
> I am just concerned because the *very* low number of detected viruses
> seems unrealistic in comparison to the overall amount of mail, including
> high scoring spam with various suspicious attachments. But I understand
> these attachments most often don't technically contain viruses, but
> rather download malware via iframes etc..

More information about the MailScanner mailing list