MailScanner blocking ClamAV emails

Jerry Benton jerry.benton at mailborder.com
Sat Mar 25 11:46:40 UTC 2017 

Sane Security: http://sanesecurity.com/usage/signatures/ <http://sanesecurity.com/usage/signatures/>

Did you add those rules to freshclam.conf ?

Regardless, you need to whitelist at the clam level, not MailScanner. 

-
Jerry Benton
www.mailborder.com
+1 - 844-436-6245



> On Mar 25, 2017, at 7:45 AM, Walt Thiessen <wt at dld2000.com> wrote:
> 
> I'm not sure what a Sane rule is.
> 
> On 3/25/2017 7:40 AM, Jerry Benton wrote:
>> Whitelisting in MailScanner. Whitelisting is for spam checks. You will need to whitelist in clamav. It looks like a Sane rule is catching it?
>> 
>> -
>> Jerry Benton
>> www.mailborder.com <http://www.mailborder.com/>
>> +1 - 844-436-6245
>> 
>> 
>> 
>>> On Mar 25, 2017, at 7:38 AM, Walt Thiessen <wt at dld2000.com <mailto:wt at dld2000.com>> wrote:
>>> 
>>> I have MailScanner set to check all inbound and outbound email using ClamAV.
>>> 
>>> I have ClamAV set up to send me an email each day informing me of any possible infections.
>>> 
>>> For about a week or two now, this email has failed to arrive.
>>> 
>>> My admins found the problem. ClamAV is apparently blocking itself via MailScanner.
>>> 
>>> From the maillog:
>>> 
>>> [root at server ~]# grep 1cqtVW-0002rF-UX /var/log/maillog
>>> Mar 22 23:33:50 server MailScanner: Filename Checks: Allowing 1cqtVW-0002rF-UX clamav-2017-03-22.log (no rule matched)
>>> Mar 22 23:33:51 server MailScanner: Filetype Checks: Allowing 1cqtVW-0002rF-UX clamav-2017-03-22.log
>>> Mar 22 23:33:51 server MailScanner: Clamd::INFECTED:: YARA.r57shell_php_php.UNOFFICIAL :: ./1cqtVW-0002rF-UX/clamav-2017-03-22.log
>>> Mar 22 23:33:51 server MailScanner: Infected message 1cqtVW-0002rF-UX came from 127.0.0.1
>>> Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: Received for MailControl Database
>>> Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX: MailControl cannot insert row: %%C7RPN1O2FYP5LGSYVTBFOC2X10OGEDRXXIPRGRGJJJI5KDWFI8S
>>> 
>>> We tried whitelisting root at server or 127.0.0.1, but it didn't help.
>>> 
>>> Any ideas?
>>> 
>>> Walt
>>> 
>>> 
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>> 
>> 
>> 
>> 
>> 
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170325/e6ec980a/attachment.html>

More information about the MailScanner mailing list