Hello,
Looks like everyone's got their hands full with Bagle today, so thanks for taking the time to look at this if you do. I'm running:
Qmail-scanner-1.20st ClamAV 0.65 SA 2.60
A user had a Bagle.J delivered to them today even though it appears that qmail-scanner saw that ClamAV found it ... the qmail-queue.log output is at the end of this email.
It really looks like ClamAV found it and Qmail-scanner quarantined it, yet it was delivered. Is there somewhere else I can find more information to find out why this happened?
can you get the raw headers of the -received- message that contained said virus and see it it was indeed passed through QS/clamav?
Specifically something like:
Received: from [EMAIL PROTECTED] by smtp.example.com by uid 2003 with qmail-scanner-1.20
(clamscan: 0.67. spamassassin: 2.63. Clear:RC:0(66.35.250.206):SA:0(-4.9/5.0):.
Processed in 1.105794 secs); 03 Mar 2004 20:07:51 -0000
maybe you need to address your tcp.stmp rules?
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
