Hi,
I have a question about Clamd and MailScanner.
All my "Clamd INFECTED" mail are saved to my quarantine folder as the
following logs.
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Clamd::INFECTED::
Sanesecurity.Junk.19693.UNOFFICIAL :: ./r7EE79MK022851/
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Infected message
r7EE79MK022851 came from 95.158.131.135
*Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Saved entire message to
/quarantaine/usherbrooke/20130814/r7EE79MK022851
I received a suspicious mail and i looked at the logs. I saw that the
mail was reported INFECTED by Clamd but it was still delivered and do
not move in quarantine folder. And not placed in the quarantine folder.
I would like to know witch configuration or file permit me to change
this option?
Thanks.
*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter
(milter-limit): init success to negotiate
*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter:
connect to filters
*Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327:
milter=milter-limit, action=connect, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327:
milter=milter-limit, action=mail, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327:
milter=milter-limit, action=rcpt, continue
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327:
from=<i...@webmaster.fr>, size=1317, class=0, nrcpts=4,
msgid=<eb6a7c1bcc701df0e2282168a95ed257.squir...@gaia.gi.ee>,
bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=gaia.gi.ee
[193.40.102.14]
*Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter
accept: message
*Aug 12 19:53:24 10.32.33.25 clamd[4457]:
/var/spool/MailScanner/incoming/13799/r7CNrB6J013327.header:
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND
*Aug 12 19:53:24 10.32.33.25 clamd[4457]:
/var/spool/MailScanner/incoming/13799/r7CNrB6J013327.message:
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: *Clamd::INFECTED::
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL* :: ./r7CNrB6J013327/
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327
*Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus
ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327
*Aug 12 19:53:33 10.32.33.25 MailScanner[13799]: Message r7CNrB6J013327
from 193.40.102.14 (i...@webmaster.fr) to usherbrooke.ca is n'est pas un
polluriel, SpamAssassin (not cached, score=5.747, requis 6.5, BAYES_50
0.80, DCC_CHECK 1.10, RCVD_IN_BL_SPAMCOP_NET 1.35, RCVD_IN_PSBL 1.00,
RCVD_IN_UCE_PFSM_1 1.50)
*Aug 12 19:53:34 10.32.33.25 sendmail[13374]: r7CNrB6J013327:
to=<m...@usherbrooke.ca>, delay=00:00:12, xdelay=00:00:00, mailer=smtp,
pri=211317, relay=[132.210.6.44] [132.210.6.44], dsn=2.0.0, *stat=Sent*
(r7CNrXDo006114 Message accepted for delivery) *
*
--
*
------------------------------------------------------------------------
*
*Jean-Francois Masson*, Technicien en systèmes ordinés/
Section Infrastructure des serveurs/
Service des technologies de l'information
Université de Sherbrooke
Tél.: 819 821-8000, poste 61987
Courriel: jean-francois.mas...@usherbrooke.ca
<mailto:jean-francois.mas...@usherbrooke.ca>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
