Hey Jake, the anti-virus on the systems were deleting these mails automatically that's why I was not able to send you the header.
Now I have one header of email which was caught by the Anti-Virus but not by CLAMD. I took it from the webmail. ============================ X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.providio.com X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.4 required=4.0 tests=BASE64_LENGTH_78_79,BAYES_50, FORGED_OUTLOOK_TAGS,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE, MIME_BASE64_TEXT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL, RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_DYNAMIC autolearn=spam Version=3.2.4 X-Spam-Report: * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?211.14.220.25>] * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr * 2) * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split * IP) * 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 2.8 BASE64_LENGTH_78_79 BODY: BASE64_LENGTH_78_79 * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5847] * 1.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [211.14.220.25 listed in zen.spamhaus.org] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [211.14.220.25 listed in dnsbl.sorbs.net] * 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS Received: (qmail 9874 invoked from network); 30 Sep 2009 04:01:53 -0500 Received: from 211.14.220.25.eo.eaccess.ne.jp (211.14.220.25) by mail.etisbew.com with SMTP; 30 Sep 2009 04:01:52 -0500 Received-SPF: none (mail.etisbew.com: domain at ras-publishing.com does not designate permitted sender hosts) Received: from 211.14.220.25 by service46.mimecast.com; Wed, 30 Sep 2009 18:01:41 +0900 Message-ID: <000d01ca41ac$a0442000$6400a...@masticatekl698> From: "Floyd Heath" <a...@etisbew.com> To: <a...@etisbew.com> Subject: *****SPAM***** =?utf-8?Q?Spam=3A=3A?= Thank you for setting the order No.475456 Date: Wed, 30 Sep 2009 18:01:41 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NxtPrt_ftshd_1254301313" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Prev-Subject: =?utf-8?Q?Spam=3A=3A?= ============================ -----Original Message----- From: Jake Vickers [mailto:j...@qmailtoaster.com] Sent: Wednesday, September 30, 2009 8:22 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] RE: Mails not being scanned / filtered by SA server Atul Paralikar wrote: > Actually I read in the forum / wiki, to add a line for the domain which we > need to allow emails. This will allow us to set other parameters which will > be effective only for this particular domain. > > More over I added that line, thinking it could be another reason for > SPAMD/CLAMD not scanning our domain emails. > > Jake, > - If the SPAMD/CLAMD are working fine then some of the virus messages are > getting delivered to the employees. Why is that so? Is there anything else > in it, which I might be missing? > - How do I fix the ISOLOG to detect the SPAMD/CALMD logs? > > Remove the log files for spamd and clamd. This will reset the log files and isoqlog should start with the new data. You will lose all the history on these daemon though. You have only shown us a "spam" message that was correctly marked as spam (at a score of 4.0 like you defined in your local.cf) but was correctly delivered because it did not exceed the score you defined in simcontrol. You have shown us nothing about viruses, nor any logs to back anything up. Without log files we can only make guesses and hope you are able to fix it. ---------------------------------------------------------------------------- ----- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! ---------------------------------------------------------------------------- ----- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com