It does indeed ... this seems like quite a strange anomaly as I've gotten tons of virus's tagged and not sent on before ...
Received: from [EMAIL PROTECTED] by myscanner.domain.com by uid 100 with qmail-scanner-1.20st (clamscan: 0.65. spamassassin: 2.60. Clear:RC:0(24.87.144.179):SA:0(-2.0/5.0):. Processed in 1.348038 secs); 03 Mar 2004 17:19:27 -0000 Received: from h24-87-144-179.vs.shawcable.net (HELO pavilion) (24.87.144.179) by myscanner.domain.com with SMTP; 3 Mar 2004 12:19:26 -0500 -----Original Message----- From: Doug Monroe [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 4:22 PM To: James Herschel Cc: [EMAIL PROTECTED] Sourceforge. Net Subject: Re: [Qmail-scanner-general]ClamAV found it, QS didn't quarantine it? James Herschel wrote: > Hello, > > Looks like everyone's got their hands full with Bagle today, so thanks for > taking the time to look at this if you do. I'm running: > > Qmail-scanner-1.20st > ClamAV 0.65 > SA 2.60 > > A user had a Bagle.J delivered to them today even though it appears that > qmail-scanner saw that ClamAV found it ... the qmail-queue.log output is at > the end of this email. > > It really looks like ClamAV found it and Qmail-scanner quarantined it, yet > it was delivered. Is there somewhere else I can find more information to > find out why this happened? can you get the raw headers of the -received- message that contained said virus and see it it was indeed passed through QS/clamav? Specifically something like: Received: from [EMAIL PROTECTED] by smtp.example.com by uid 2003 with qmail-scanner-1.20 (clamscan: 0.67. spamassassin: 2.63. Clear:RC:0(66.35.250.206):SA:0(-4.9/5.0):. Processed in 1.105794 secs); 03 Mar 2004 20:07:51 -0000 maybe you need to address your tcp.stmp rules? ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
