MailScanner delivering email with virus

Mark Sapiro mark at msapiro.net
Tue Sep 12 18:13:43 UTC 2017


On 09/12/2017 07:16 AM, Joao Marcucci wrote:
> 
> Sep 12 10:27:16 delta MailScanner[9227]:
> Clamd::INFECTED::Sanesecurity.Jurlbl.Auto.41d9dd.UNOFFICIAL ::
> ./2D7DF244916.A474D/
> Sep 12 10:27:17 delta MailScanner[9227]: Found spam-virus
> Sanesecurity.Jurlbl.Auto.41d9dd.UNOFFICIAL in 2D7DF244916.A474D
> Sep 12 10:27:17 delta MailScanner[9227]: Found spam-virus
> Sanesecurity.Jurlbl.Auto.41d9dd.UNOFFICIAL in 2D7DF244916.A474D
> 
> Sep 12 10:27:18 delta MailScanner[9227]: Requeue: 2D7DF244916.A474D to
> 332FB66E39


This detection is from the SaneSecurity
<http://sanesecurity.com/usage/signatures/> jurlbl.ndb database. This
particular hit is not a virus but is a message containing a "junk URL".

MailScanner processes these hits which match the "Virus Names Which Are
Spam" setting (default = Sane*UNOFFICIAL HTML/* *Phish*)
<https://www.mailscanner.info/MailScanner.conf.index.html#Virus%20Names%20Which%20Are%20Spam>

When Mailscanner detects one of these, it may add a Spam-Virus Header
<https://www.mailscanner.info/MailScanner.conf.index.html#Spam-Virus%20Header>
to the message. You then may add recognition and scoring for this to
SpamAssassin. See the end of /etc/MailScanner/spamassassin.conf which
contains

#
# The header name in the next line must have your %org-name% added into it,
# so that it matches what is set in "Spam-Virus Header" in your
# MailScanner.conf file.
#
header MS_FOUND_SPAMVIRUS exists:X-MailScanner-SpamVirus-Report
score MS_FOUND_SPAMVIRUS 3.0

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list