MailScanner blocking ClamAV emails
Walt Thiessen
wt at dld2000.com
Sat Mar 25 11:38:20 UTC 2017
I have MailScanner set to check all inbound and outbound email using ClamAV.
I have ClamAV set up to send me an email each day informing me of any
possible infections.
For about a week or two now, this email has failed to arrive.
My admins found the problem. ClamAV is apparently blocking itself via
MailScanner.
From the maillog:
[root at server ~]# grep 1cqtVW-0002rF-UX /var/log/maillog
Mar 22 23:33:50 server MailScanner: Filename Checks: Allowing
1cqtVW-0002rF-UX clamav-2017-03-22.log (no rule matched)
Mar 22 23:33:51 server MailScanner: Filetype Checks: Allowing
1cqtVW-0002rF-UX clamav-2017-03-22.log
Mar 22 23:33:51 server MailScanner: Clamd::INFECTED::
YARA.r57shell_php_php.UNOFFICIAL :: ./1cqtVW-0002rF-UX/clamav-2017-03-22.log
Mar 22 23:33:51 server MailScanner: Infected message 1cqtVW-0002rF-UX
came from 127.0.0.1
Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: Received for
MailControl Database
Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: MailControl cannot
insert row: %%C7RPN1O2FYP5LGSYVTBFOC2X10OGEDRXXIPRGRGJJJI5KDWFI8S
We tried whitelisting root at server or 127.0.0.1, but it didn't help.
Any ideas?
Walt
More information about the MailScanner
mailing list