2 conditions in the rule and empty Sender
Nerijus Baliunas
nerijus at users.sourceforge.net
Thu Nov 1 11:42:50 UTC 2018
I will paste the full message here:
The following e-mails were found to have: Virus Detected
Sender:
IP Address: 127.0.0.1
Recipient: postmaster
Subject: Mail delivery failed: returning message to sender
MessageID: 58A002A14067.AE6A8
Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
Report: Clamd: message was infected: winnow.spam.ts.xmailer.2.UNOFFICIAL
Full headers are:
Received: from mail.example.com (mail.example.com [127.0.0.1])
by mail.example.com (Postfix) with SMTP id 58A002A14067
for <postmaster>; Thu, 1 Nov 2018 02:02:01 +0200 (EET)
Subject: Mail delivery failed: returning message to sender
From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
To: postmaster at mail.example.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="foo-mani-padme-hum-32284-1-1541030521"
Message-Id: <20181101000201.58A002A14067 at mail.example.com>
Date: Thu, 1 Nov 2018 02:02:01 +0200 (EET)
On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas <nerijus at users.sourceforge.net> wrote:
> Hello,
>
> I have Virus Scanning = %rules-dir%/virus_scanning.rules
> and in virus_scanning.rules:
> From: 127.0.0.1 and From: postmaster at example.com no
>
> Today I got an email:
>
> The following e-mails were found to have: Virus Detected
>
> Sender:
> IP Address: 127.0.0.1
> Recipient: postmaster
> Subject: Mail delivery failed: returning message to sender
> MessageID: 58A002A14067.AE6A8
> Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> Report: Clamd: message was infected: winnow.spam.ts.xmailer.2.UNOFFICIAL
>
>
> How to allow such messages to be received? There is no Sender (Return-path:),
> how to adapt "From: 127.0.0.1 and From: postmaster at example.com no"
> to also work with no From?
>
> Regards,
> Nerijus
More information about the MailScanner
mailing list