All Emails tagged as {VIRUS}

Sat Apr 6 00:31:33 UTC 2019

My guess is clamav update issue. What happens when you 'Mailscanner 
Lint'? use strace to attach to clam process, use lsof to see open files, 
and turn on debug mode on clam might help too.

James

On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:
> Hi,
> 
> In the past couple of days my email is all coming in with the subject
> line tagged as {VIRUS}. This is true for all mail, but of course
> there's no virus involved.
> 
> Mailscanner v5.0.7
> ClamAV v0.100.0
> 
>> ClamAV update process started at Fri Apr  5 18:41:07 2019
>> 
>> WARNING: Your ClamAV installation is OUTDATED!
>> 
>> WARNING: Local version: 0.100.0 Recommended version: 0.101.2
>> 
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>> 
>> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
>> builder: sigmgr)
>> 
>> daily.cld is up to date (version: 25410, sigs: 1552552, f-level: 63,
>> builder: raynman)
>> 
>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>> builder: neo)
> 
> A review of /var/log/maillog suggests that there's a problem with
> ClamAV
> 
>> Apr  5 18:31:22 myhost MailScanner[7448]: Virus and Content
>> Scanning: Starting
>> 
>> Apr  5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV TIMED OUT
>> 
>> Apr  5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO
>> COMPLETE, TIMED OUT
>> 
>> Apr  5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING: DENIAL OF
>> SERVICE ATTACK DETECTED!
> 
> I've tried to observe what is happening on the system, while mail is
> being scanned and what i can surmise is that clamscan is timing-out
> (uses 100% CPU)
> 
> any pointers would be greatly appreciated. I have not been able to
> find anything online.
> 
> I'll try upgrading to the latest and greatest MailScanner in the mean
> time.
> 
> thanks
> Salighie