MailScanner blocking ClamAV emails

Walt Thiessen wt at dld2000.com
Sat Mar 25 11:45:07 UTC 2017 

I'm not sure what a Sane rule is.


On 3/25/2017 7:40 AM, Jerry Benton wrote:
> Whitelisting in MailScanner. Whitelisting is for spam checks. You will 
> need to whitelist in clamav. It looks like a Sane rule is catching it?
>
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com>
> +1 - 844-436-6245
>
>
>
>> On Mar 25, 2017, at 7:38 AM, Walt Thiessen <wt at dld2000.com 
>> <mailto:wt at dld2000.com>> wrote:
>>
>> I have MailScanner set to check all inbound and outbound email using 
>> ClamAV.
>>
>> I have ClamAV set up to send me an email each day informing me of any 
>> possible infections.
>>
>> For about a week or two now, this email has failed to arrive.
>>
>> My admins found the problem. ClamAV is apparently blocking itself via 
>> MailScanner.
>>
>> From the maillog:
>>
>> [root at server ~]# grep 1cqtVW-0002rF-UX /var/log/maillog
>> Mar 22 23:33:50 server MailScanner: Filename Checks: Allowing 
>> 1cqtVW-0002rF-UX clamav-2017-03-22.log (no rule matched)
>> Mar 22 23:33:51 server MailScanner: Filetype Checks: Allowing 
>> 1cqtVW-0002rF-UX clamav-2017-03-22.log
>> Mar 22 23:33:51 server MailScanner: Clamd::INFECTED:: 
>> YARA.r57shell_php_php.UNOFFICIAL :: 
>> ./1cqtVW-0002rF-UX/clamav-2017-03-22.log
>> Mar 22 23:33:51 server MailScanner: Infected message 1cqtVW-0002rF-UX 
>> came from 127.0.0.1
>> Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: Received for 
>> MailControl Database
>> Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: MailControl 
>> cannot insert row: %%C7RPN1O2FYP5LGSYVTBFOC2X10OGEDRXXIPRGRGJJJI5KDWFI8S
>>
>> We tried whitelisting root at server or 127.0.0.1, but it didn't help.
>>
>> Any ideas?
>>
>> Walt
>>
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170325/04d65c2b/attachment.html>

More information about the MailScanner mailing list