I am a bit puzzled ...
I have configured qmail-scanner with
--notify sender ( I don't want to be notified by email as an admin)
--silent-viruses auto ( to catch SoBig.f &co )
--log-details yes ( yes I log ... so that I don't need to be notified by mail)
when a virus is caught, it seems that qmail-scanner is still trying to inject a notification mail to "<>".
here is a a case where qmail-scanner successfully caught SoBig.f ( via ClamAV)
and knows it should not send to the sender....
---------8<----------------------------
Tue, 23 Sep 2003 13:17:57 +0300:25120: --output of clamuko was:
Tue, 23 Sep 2003 13:17:57 +0300:25120: There be a virus! (Worm.Sobig.F)
Tue, 23 Sep 2003 13:17:57 +0300:25120: clamuko: finished scan of dir "/mail/qmailscan/mail.sbm.net.sa106431227745625120" in 0.
00476 secs
Tue, 23 Sep 2003 13:17:57 +0300:25120: scanloop: finished scan of "/mail/qmailscan/mail.sbm.net.sa106431227745625120"...
Tue, 23 Sep 2003 13:17:57 +0300:25120: ini_sc: scanning message took 0.005015 seconds
Tue, 23 Sep 2003 13:17:57 +0300:25120: unsetting TCPREMOTEIP env var
Tue, 23 Sep 2003 13:17:57 +0300:25120: e_v_r: quarantine msg to /mail/qmailscan/quarantine/new/mail.sbm.net.sa106431227745625
120
Tue, 23 Sep 2003 13:17:57 +0300:25120: v_v_t_r: Worm.Sobig.F contain sobig - so don't notify the sender
Tue, 23 Sep 2003 13:17:57 +0300:25120: n_a: notify_addr (set to sender) called with admin
Tue, 23 Sep 2003 13:17:57 +0300:25120: n_a: notify_addr (set to sender) called with nmladm
Tue, 23 Sep 2003 13:17:57 +0300:25120: i_u_e: called with sender
Tue, 23 Sep 2003 13:17:57 +0300:25120: i_u_e: is_local=99
Tue, 23 Sep 2003 13:17:57 +0300:25120: qmail-scanner: Clear:RC:0: 0 1100 [EMAIL PROTECTED] <> virus
found in sent message "Thank you!" [EMAIL PROTECTED] quarantine-event.txt:1000
Tue, 23 Sep 2003 13:17:57 +0300:25120: n_a: notify_addr (set to sender) called with recips
Tue, 23 Sep 2003 13:17:57 +0300:25120: w_v_r: writing quarantine log report of: Tue, 23 Sep 2003 13:17:57 +0300 [EMAIL PROTECTED] [EMAIL PROTECTED] Thank you! Worm.Sobig.F clamuko: 0.60. uvscan: v4.2.40/v4294. spamassassin: 2.60-rc6.
Tue, 23 Sep 2003 13:17:57 +0300:25120: e_v_r: email_quarantine_report took 0.125186 seconds to execute
Tue, 23 Sep 2003 13:17:57 +0300:25120: qmail-scanner: CLAMUKO:Worm.Sobig.F:RC:0: 28.227992 101899 [EMAIL PROTECTED] [EMAIL PROTECTED] Thank you! <[EMAIL PROTECTED]> mail.sbm.net.sa106431227745625120-unpa
cked:101899
Tue, 23 Sep 2003 13:17:57 +0300:25120: cleanup: archiving into /mail/qmailscan/archives/new/
--------->8----------------------------
I also see related activity in my /var/log/qmail/current
---------8<----------------------------
@400000003f7021ea12507bf4 new msg 360450
@400000003f7021ea125087ac info msg 360450: bytes 1779 from <> qp 27432 uid 107
@400000003f7021ea16aff1fc end msg 360450
--------->8----------------------------
Note....
I tested with Eicar and a similar thing is happening.
but this time a notification is also send to the sender
---------8<----------------------------
Tue, 23 Sep 2003 13:46:18 +0300 Clear:RC:1: 0 1100 [EMAIL PROTECTED] [EMAIL PROTECTED] virus found in sent message "eicartest" [EMAIL PROTECTED] quarantine-event.txt:1000
Tue, 23 Sep 2003 13:46:18 +0300 Clear:RC:1: 0 1100 [EMAIL PROTECTED] <> virus found in sent message "eicartest" [EMAIL PROTECTED] quarantine-event.txt:1000
--------->8----------------------------
Is this a known bug or do I have something broken in my set up ?
thanks for your help.
Fabrice.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
