Todd Lyons wrote:
Brian Morrison wanted us to know:
>Received: from localhost [127.0.0.1] by backup.ccina.ro with
>SpamAssassin (2.60 1.212-2003-09-23-exp); Wed, 11 Aug 2004 17:53:00
>+0300
This is the last line of Received headers, so it never says exactly
what host it came from.
It was received on the loopback interface surely?
That's kind of what I'm looking at. Some local webserver running on
that machine? A formmail.pl on that machine? It does _not_ seem like
it came from the outside. And if you don't tell it to scan locally
generated emails, then that would certainly explain why it got through.
Sorry, but I had to answer all questions in one mail...
Q: Was this an actual MIME attachment or did they snip out the content for
you?
A: couldn't send the actual mail, although I have it. Dangerous code.
Q: How many threads do you have clamd running with?
A: 1
Q: Silly question but are you running QS with redundant scanning and ScanMail in
clamav.conf ?
A: ScanMail is uncommented
Q: It was received on the loopback interface surely?
A: this is the header as I received it on Outlook
ClamAV should filter the messages before SA do, right? Either way, if SA scans it
before ClamAV, are the headers altered, replacing the From IP with the localhost?
Q: Some local webserver running on that machine? A formmail.pl on that machine?
A: Yes, running SquirrelMail on the Linux box but I'm the only user who use it.
Q: And if you don't tell it to scan locally generated emails, then that would
certainly explain why it got through
A: where can I check this?
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
