R: Doesnt more detect sophos

Nicola Piazzi Nicola.Piazzi at gruppocomet.it
Wed Jan 2 09:29:43 UTC 2019

Doing a MailScanner --lint you can see that it tell that sophos found virus as clam do but in "Virus Scanner test reports" it report clam only
Note that clam report a relative and correct path and sophos report an incorrect one
(pool instead spool, and neicar.com instead eicar.com)

MailScanner.conf says "Virus Scanners = clamd sophos"
Found these virus scanners installed: clamavmodule, sophos, clamd
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/7314/1/neicar.com
Virus Scanning: Sophos found 1 infections
Infected message 1 came from
Infected message var came from
Virus Scanning: Found 2 viruses
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.comet.it

-----Messaggio originale-----
Da: MailScanner <mailscanner-bounces+nicola.piazzi=gruppocomet.it at lists.mailscanner.info> Per conto di Mark Sapiro
Inviato: lunedì 31 dicembre 2018 20:50
A: mailscanner at lists.mailscanner.info
Oggetto: Re: Doesnt more detect sophos
Priorità: Bassa

On 12/31/18 8:15 AM, Nicola Piazzi wrote:
> Here maillog of a non working message :
> 2018-12-17T16:21:48.334526+01:00 EFA42 MailScanner[2649]: >>> Virus 
> 'Mal/DrodAce-A' found in file 
> /var/pool/MailScanner/incoming/2649/DB73A106051.A5516/nPO-18191111060.
> ace
> 2018-12-17T16:21:48.334859+01:00 EFA42 MailScanner[2649]: Virus
> Scanning: Sophos found 1 infections
> 2018-12-17T16:21:48.335071+01:00 EFA42 MailScanner[2649]: Infected 
> message var came from
> 2018-12-17T16:21:48.335207+01:00 EFA42 MailScanner[2649]: Virus
> Scanning: Found 1 viruses
> NOTE Infected message “var” instead real file name !!!

Is there some issue besides this particular message? It appears that MailScanner is detecting the virus.

Perhaps the Sophos report has changed in some way in the latest version.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

MailScanner mailing list
mailscanner at lists.mailscanner.info

More information about the MailScanner mailing list