I have several MX servers running ClamAV in conjunction with MailScanner and Sendmail or Amavisd-new and Postfix.
These machines forward logwatch reports to a central email address on a daily basis. The delivery hub also has clamd running. What is happening on the hub is that certain reports are being categorized as phishing messages by clamd and thus the report never arrives. I have looked at the MailScanner rules and removed the report delivery address from virus_scanning. However, all that managed to do was to move the clamd virus report from the maillog to the messages file. The report email is still identified as a phishing suspect inside /var/spool/MailScanner/incoming. Is there a way to avoid this for either one delivery address or one senders address? I have no desire to change things on a system-wide basis. Is clamd actually scanning the same files twice, once when passed by MailScanner and then again simply because the file is on disk? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml