<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Thanks for the Answer.<br>
<br>
Good shot - but why did a new mail with the virus/Word-Document
attached go through.<br>
Clamd stil detects the word document as Virus on manual command line
scan.<br>
If you're right it should be detected as spam as soon as the
Document is attached, right?<br>
<br>
Kind of strange to me this is.Am 18.02.2016 um 17:59 schrieb Shawn
Iverson:<br>
<blockquote
cite="mid:CABu_8zJX60nm0HPbmDnQ86f=uKAiVJPe_0WMP182wnPVokp7Tg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr">Here it is...
<div><br>
</div>
<div>
<div>Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*
*Phish*</div>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 18, 2016 at 11:39 AM, Shawn
Iverson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:iversons@rushville.k12.in.us" target="_blank">iversons@rushville.k12.in.us</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">That's an "UNOFFICIAL" rule, I believe there
some "viruses" are treated as spam in the MailScanner.conf
file. There's an exceptions list...<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 18, 2016 at 9:18 AM,
Heino Backhaus <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:heino.backhaus@fink-computer.de"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:heino.backhaus@fink-computer.de">heino.backhaus@fink-computer.de</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello
List,<br>
<br>
Today I recognized a quarantined mail, detected as
spam, with a word document attached. So i downloaded<br>
this word document and scanned it with clamdscan on my
mailscanner machine and clamd found a virus:<br>
<br>
root@mailscanner2014:~# clamdscan
VIRUS-invoice_27638121.doc<br>
VIRUS-invoice_27638121.doc:<br>
Sanesecurity.Malware.25947.XmlHeurGen.UNOFFICIAL FOUND<br>
<br>
----------- SCAN SUMMARY -----------<br>
Infected files: 1<br>
Time: 0.129 sec (0 m 0 s)<br>
<br>
I was wondering why it was detected as spam and not
as a virus... I attached this word document<br>
to a mail and sent it to through my mailscanner
machine...and it whent through.<br>
<br>
Does anybody's got an Idea where i could look for a
configuration error?<br>
Other viruses like clamav-testfile attached to mails
are being detected correctly.<br>
<br>
It's MailScanner-4.84.6-1 and ClamAV
devel-clamav-0.99-beta1-363-g0ea036a/21384/Wed Feb 17
21:12:50 2016<br>
<br>
MailScanner.conf:<br>
...<br>
# This *cannot* be the filename of a ruleset.<br>
Virus Scanners = clamd<br>
...<br>
<br>
clamd.conf:<br>
...<br>
OLE2BlockMacros yes<br>
...<br>
<br>
-- <br>
Mit freundlichen Gruessen<br>
<br>
H. Backhaus<br>
<br>
Fink-Computer Systeme<br>
Heggrabenstr. 9, 35435 Wettenberg<br>
Email: <a moz-do-not-send="true"
href="mailto:heino.backhaus@fink-computer.de"
target="_blank">heino.backhaus@fink-computer.de</a><br>
Web: <a moz-do-not-send="true"
href="http://www.fink-computer.de" rel="noreferrer"
target="_blank">www.fink-computer.de</a><br>
Fax: <a moz-do-not-send="true"
href="tel:%2B49-641-98444638" value="+4964198444638"
target="_blank">+49-641-98444638</a><br>
Fon: <a moz-do-not-send="true"
href="tel:%2B49-641-98444640" value="+4964198444640"
target="_blank">+49-641-98444640</a><br>
UST-ID: DE151040770<br>
HRB: 2143 Gießen<br>
GF: Fredi Fink<br>
<br>
"In retrospect it becomes clear that hindsight is
definitely overrated!"<br>
-Alfred E. Neumann<span><font color="#888888"><br>
<br>
<br>
<span class="HOEnZb"><font color="#888888">
<br>
-- <br>
MailScanner mailing list<br>
<a moz-do-not-send="true"
href="mailto:mailscanner@lists.mailscanner.info"
target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a moz-do-not-send="true"
href="http://lists.mailscanner.info/listinfo/mailscanner"
rel="noreferrer" target="_blank">http://lists.mailscanner.info/listinfo/mailscanner</a><br>
<br>
</font></span></font></span></blockquote>
</div>
<span class="HOEnZb"><font color="#888888"><br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Shawn Iverson
<div>Director of Technology</div>
<div>Rush County Schools</div>
<div><a moz-do-not-send="true"
href="tel:765-932-3901%20x271"
value="+17659323901" target="_blank">765-932-3901
x271</a></div>
<div><a moz-do-not-send="true"
href="mailto:iversons@rushville.k12.in.us"
target="_blank">iversons@rushville.k12.in.us</a></div>
<div><br>
</div>
<div><img moz-do-not-send="true"
src="imap://FINKCS%5Chbackhaus%5Cheino%2Ebackhaus@srv01.finkcs.local:143/fetch%3EUID%3E/Drafts%3E892?export=download&id=0Bw5iD0ToYvs_UFV2VFdmNG1SaVE&revid=0Bw5iD0ToYvs_U3VaVlpuTFBtak9QZXVRL3FmRUd2d0laTkZRPQ"
height="39" width="96"><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Shawn Iverson
<div>Director of Technology</div>
<div>Rush County Schools</div>
<div>765-932-3901 x271</div>
<div><a moz-do-not-send="true"
href="mailto:iversons@rushville.k12.in.us"
target="_blank">iversons@rushville.k12.in.us</a></div>
<div><br>
</div>
<div><img moz-do-not-send="true"
src="imap://FINKCS%5Chbackhaus%5Cheino%2Ebackhaus@srv01.finkcs.local:143/fetch%3EUID%3E/Drafts%3E892?export=download&id=0Bw5iD0ToYvs_UFV2VFdmNG1SaVE&revid=0Bw5iD0ToYvs_U3VaVlpuTFBtak9QZXVRL3FmRUd2d0laTkZRPQ"
height="39" width="96"><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>