On Thu, 13 Aug 2009 17:14:45 +0200 "Len Conrad" <lcon...@go2france.com> wrote:
> We have a submission/mailbox server running clam that is submission point > for our networks, and relays to a Barracuda as outbound filter. > > clamsmtpd/clam are running fine, passing most as clean, naturally, while > catching a few viruses. > > However, for two days, the Barracuda has been blocking what it calls "Virus > (W32.Elkern.C)". > > These are really spam bot spew, with the submitting IP using a different > random garbage HELO, and sometimes a recipient domain than is also garbage. > > Anybody else see this? Hi Len, Barracuda is using ClamAV, isn't it? In fact, ClamAV includes the signature for W32.Elkern.C: $ sigtool -l | grep -i elkern W32.Elkern.C W32.Elkern.A Perhaps there's some configuration problem with clamsmtpd which prevents it from detecting the virus. How does it call/communicate with ClamAV? Regards, -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Aug 13 17:25:05 CEST 2009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
