>Well - in this case it was definitely from outside - and the >proxy I >wrote and use passes all email, internal or external, >through clam and
?spam assassin and a bunch of custom rules... but thanks >:-) Well depending on the virus, it may be sending emails from it's own smtp engine and not touching your server that is scanning your emails. The virus doesn't care or bother to use any proxy that you may have setup. It just sends out emails on it's own. We have qmail with qmail-scanner and clamav on box sitting outside our network that scans all incoming mail and forwards it on to our groupwise server. I'm not sure how you're setup I.E. if clamav is actually sitting on the mailserver that's storing your users' emails. If it is, then I would assume the email(s) should have been caught. We thought the same thing had happened. We started getting all kinds of viruses emailed to our users and the "from" field appeared to be from a known customer outside of our network. Turns out that a laptop user had gotten infected when he took the laptop home and was sending the virus out to our users from within our network when he vpn'd in. Just because the sender field is from an external email address, doesn't mean it didn't originate internally. Most return addresses on viruses are spoofed. If you haven't already done so, I would look at the headers of the emails with the virus. If you notice that the emails never touch the server with clamav, then obviously they were never scanned. ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
