Hello Users,
My question could seem a little bit vague, but I have a situation where
I am to blam or clamav (clamd) is to blame.
I use clamav (exiscan+clamd) on my Exim Server. I use the same kind of setup
on two MXes. On the primary MX, I also run Exim's system filters. The use
of exiscan+clamd is meant to stop the virus at the doorstep (at SMTP time).
The setup scans mail that are not local (only mail arriving by {e}smtp) and
I know this is dumb because worms can get generated even by local users. I
am going to change this.
However my point is that there are several hundreds of mail (well, both
locally generated and also smtp) that still go past the scanner. The e-mails
are only trapped by the system filter, which I've configured to NOT allow
any executables to pass unless an sender address is explicitly exempted.
For the days I've run clamav, I've always had a look at these mail caught by
the system filter by scanning them manually using clamscan, and they always
turn out to contain viruses/worms that clamscan reveals so easily.
My question:
Disregarding the local mail, is it possible that my configuration is letting
these infected mail past the scanner?
If not, why could this be happening?
I have put two mbox files at http://ns2.wananchi.com/~wash/Virus/
[I have gzipped them with -9]
I have also put there my clamav.conf+ clamd startup script.
Exiscan is set to reject if virus found.
Anyone with an MUA capable of reading those files can take a look at the headers.
Many of the e-mails are from remote hosts. My local netblocks are 62.8.64.0/19
and 212.49.74.0/25
Thaniking you for your time.
-Wash
--
Odhiambo Washington <[EMAIL PROTECTED]> "The box said 'Requires
Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,'
Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD."
GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-)
There's no trick to being a humorist when you have the whole government
working for you.
-- Will Rodgers
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
