[AMaViS-user] question on AV-detected messages

Mon, 16 Jun 2008 03:54:43 -0700 

    Hello,

    I'm apparently having some AV-detected messages being delivered to 
final users. Some lines from amavisd log:



Jun 16 06:52:37 correio amavis[2641]: (02641-18) run_av (ClamAV-clamd): 
/var/amavis/amavis-20080615T230236-02641/parts INFECTED: 
Email.Malware.Sanesecurity.08021111

Jun 16 06:52:37 correio amavis[2641]: (02641-18) Turning AV infection 
into a spam report: score=0.1, AV:Email.Malware.Sanesecurity.08021111=0.1

Jun 16 06:52:39 correio amavis[2641]: (02641-18) SPAM-TAG, 
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, No, score=5.165 
tagged_above=-200 required=8 
tests=[AV:Email.Malware.Sanesecurity.08021111=0.1, 
DATE_IN_PAST_03_06=1.394, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.672, 
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJECT_NEEDS_ENCODING=2]

Jun 16 06:52:39 correio amavis[2641]: (02641-18) FWD via SMTP: 
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, 250 2.6.0 Ok, id=02641-18, 
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 62D70138003

Jun 16 06:52:39 correio amavis[2641]: (02641-18) Passed BAD-HEADER, 
[60.32.200.78] [60.32.200.78] <[EMAIL PROTECTED]> -> 
<[EMAIL PROTECTED]>, Message-ID: 
<[EMAIL PROTECTED]>, mail_id: iqb-4SqrH1VG, Hits: 
5.165, size: 4971, queued_as: 62D70138003, 1724 ms


    And this message do get delivered to it's final user, despite the 
fact it was detected as a virus by clamav.

    As you can see, despite it was detected as infected by clamav, it 
'Passed'.  

    I'm using amavisd-new 2.6.0 and $final_virus_destiny set to 
D_DISCARD ....


    is it necessary to make some configuration for ALL infected messages 
be discarded ???

    I have noticed the:
Turning AV infection into a spam report: score=0.1

    how can i bump this value to 50 for example, thus forcing all 
infected messages to be discarded ??

-- 


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [EMAIL PROTECTED]
        My SPAMTRAP, do not email it





-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to