I had the same problem, try commenting "Filetype Rules =" in
Mailscanner.conf.
Regards,
Rufo
----- Original Message -----
From: "Alex @ Avantel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, April 25, 2004 7:46 PM
Subject: Re: More Re: [Opencomputing-openprotect] virus scanning of zip
files
This is one of many examples of no virus warning - all zip files are
passed through without warning despite finding a virus as shown in the log
file entries :
Apr 25 06:41:21 kingsmere sendmail[2913]: i3PAeqN02913:
from=<[EMAIL PROTECTED]>, size=41090, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=host_cablevision_200_77_160_119 [200.77.160.119] (may be
forged)
Apr 25 06:41:39 kingsmere MailScanner[21387]:
/usr/share/spool/MailScanner/incoming/21387/./i3PAeqN02913/msg.zip:
Worm.SomeFool.P FOUND
Apr 25 06:41:39 kingsmere MailScanner[21387]: Virus Scanning: ClamAV found 1
infections
With the virus file detected, I would have expected a warning in the e-mail
but it was marked only for {Spam?} (see forwarded message below).
I can't have this system passing e-mails saying they have been scanned and
are clean when they're not - especially since the scanner detected the
virus.
Is the Mailscanner mis-configured?
Alex Vandenham
Avantel Systems
=============
---------- Forwarded Message ----------
Subject: {Spam?} Re: Mail Server
Date: Sun, 25 Apr 2004 05:40:14 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
You have received an extended message. Please read the instructions.
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
-------------------------------------------------------
msg.zip (forwarded only to S Karthikeyan)
On April 25, 2004 09:39 am, S Karthikeyan wrote:
> Dear Alex,
>
> > After some more checking - let me revise my question. According to the
> > mail log files, Clamav and Kapersky are finding the virus files inside
> > the zip archive but the e-mail is passed to the destination without a
> > {Virus} warning - just the normal signature block saying the mail is
> > scanned & found to be clean and the zip file remains attached.
> >
> > Alex
> > ====
> > ==========previous message============
> >
> > Both ClamAV and Kaspersky are installed but zip files are not being
> > scanned - or if they are, the virus files contained in the archive are
> > not detected. I have confirmed that the zip files contain virus files
by
> > extracting the file and sending it to myself and then the virus is
> > "detected". Although detection appears to be based more on the file type
> > rather than the content of the file - it's deleted for being a banned
> > filetype rather than for being an obvious virus file.
> >
> > Am I missing a setting somewhere or is my openprotect misconfigured or
> > what?
> >
> > Alex
> > ====
> >
> > On April 23, 2004 08:42 pm, S Karthikeyan wrote:
> >>Dear Alex @ Avantel,
> >>
> >>>Does openprotect (or the scan engines used) support the scanning of zip
> >>>files. If so, I can't find anything that tells me how to configure
> >>> that. TIA
> >>>
> >>>Alex
> >>>====
> >>
> >>If you have installed ClamAV or Kaspersky with OpenProtect, it will scan
> >>zip, arj, arc and other popular formats.
> >>
> >>cheers,
> >>Karthikeyan, S.
> >
> > -------------------------------------------------------
>
> Can you forward the virus file you're using, so that we can also test
> the file?
>
> cheers,
> Karthikeyan, S.
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg�297
_______________________________________________
Opencomputing-openprotect mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opencomputing-openprotect
