<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Sane Security: <a href="http://sanesecurity.com/usage/signatures/" class="">http://sanesecurity.com/usage/signatures/</a><div class=""><br class=""></div><div class="">Did you add those rules to freshclam.conf ?</div><div class=""><br class=""></div><div class="">Regardless, you need to whitelist at the clam level, not MailScanner. <br class=""><div class="">
<div style="color: rgb(0, 0, 0); font-family: Tahoma; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;"><br class="">-<br class="">Jerry Benton<br class=""><a href="http://www.mailborder.com" class="">www.mailborder.com</a><br class="">+1 - 844-436-6245<br class=""><br class=""><br class=""></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Mar 25, 2017, at 7:45 AM, Walt Thiessen <<a href="mailto:wt@dld2000.com" class="">wt@dld2000.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class=""><font face="Arial" class="">I'm not sure what a Sane rule is.</font><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 3/25/2017 7:40 AM, Jerry Benton
wrote:<br class="">
</div>
<blockquote cite="mid:5CE5EE75-D3E0-4E9E-BCC4-3B7125BCC0D4@mailborder.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
Whitelisting in MailScanner. Whitelisting is for spam checks. You
will need to whitelist in clamav. It looks like a Sane rule is
catching it?<br class="">
<div class="">
<div style="font-family: Tahoma; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class="">
-<br class="">
Jerry Benton<br class="">
<a moz-do-not-send="true" href="http://www.mailborder.com/" class="">www.mailborder.com</a><br class="">
+1 - 844-436-6245<br class="">
<br class="">
<br class="">
</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On Mar 25, 2017, at 7:38 AM, Walt Thiessen <<a moz-do-not-send="true" href="mailto:wt@dld2000.com" class="">wt@dld2000.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">I have MailScanner set to check all inbound
and outbound email using ClamAV.<br class="">
<br class="">
I have ClamAV set up to send me an email each day
informing me of any possible infections.<br class="">
<br class="">
For about a week or two now, this email has failed to
arrive.<br class="">
<br class="">
My admins found the problem. ClamAV is apparently blocking
itself via MailScanner.<br class="">
<br class="">
From the maillog:<br class="">
<br class="">
[root@server ~]# grep 1cqtVW-0002rF-UX /var/log/maillog<br class="">
Mar 22 23:33:50 server MailScanner: Filename Checks:
Allowing 1cqtVW-0002rF-UX clamav-2017-03-22.log (no rule
matched)<br class="">
Mar 22 23:33:51 server MailScanner: Filetype Checks:
Allowing 1cqtVW-0002rF-UX clamav-2017-03-22.log<br class="">
Mar 22 23:33:51 server MailScanner: Clamd::INFECTED::
YARA.r57shell_php_php.UNOFFICIAL ::
./1cqtVW-0002rF-UX/clamav-2017-03-22.log<br class="">
Mar 22 23:33:51 server MailScanner: Infected message
1cqtVW-0002rF-UX came from 127.0.0.1<br class="">
Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX:
Received for MailControl Database<br class="">
Mar 22 23:33:51 server MailScanner: 1cqtVW-0002rF-UX:
MailControl cannot insert row:
%%C7RPN1O2FYP5LGSYVTBFOC2X10OGEDRXXIPRGRGJJJI5KDWFI8S<br class="">
<br class="">
We tried whitelisting root@server or 127.0.0.1, but it
didn't help.<br class="">
<br class="">
Any ideas?<br class="">
<br class="">
Walt<br class="">
<br class="">
<br class="">
-- <br class="">
MailScanner mailing list<br class="">
<a moz-do-not-send="true" href="mailto:mailscanner@lists.mailscanner.info" class="">mailscanner@lists.mailscanner.info</a><br class="">
<a class="moz-txt-link-freetext" href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br class="">
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">
</pre>
</blockquote>
<br class="">
</div>
<br class=""><br class="">-- <br class="">MailScanner mailing list<br class=""><a href="mailto:mailscanner@lists.mailscanner.info" class="">mailscanner@lists.mailscanner.info</a><br class="">http://lists.mailscanner.info/mailman/listinfo/mailscanner<br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>