On Thu, 2003-12-04 at 04:03, McKeever Chris wrote: > I am running qmail-scanner with clamav (0.65) > I have one machine that acts as a gateway, and then sends it to the main email > server. > The gateway is the one with qmailscanner and clamav, the email servers post-MTA > (@mail) has a plugin for clamav which scans the file before > databsing it. > > I have noticed since 11/4/03 that there are about 2-4 emails per day that get by the > gateway and picked up by the @mail-clamav scan > any suggestions? They are typically Exploit.IFrame.Gen and 1 W32/Yaha.g.dam >
Are you running clamscan or clamdscan? (i.e. the daemon version). I bet it's the latter. Do you have the qmail-queue.log debug file that contains evidence of such a "missed" message? If not, turn it on and don't stop logging until you catch another such occurance. Then you can search that file looking for the particular message that "slipped through". At that stage you may see why it failed. I'd suspect a bug whereby clamd failed to scan the message for some transitory reason, but still exited with a zero error status - so Qmail-Scanner can only assume it's OK and carried on. Let us know what you find. Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
