Hello all,
I have a problem regarding the reporting of 'potential virus'es found. I am
running qmail with qmail-scanner utilizing spamassassin 2.63 and clamav 0.75
(despite it is beeing reported 0.71 (?)). ClamAV receives about 10 mails a
day where it says (excerpt from the logfile):
Wed, 28 Jul 2004 16:41:43 CEST [EMAIL PROTECTED]
XXXXXXXXXXXXXXXX no prior prescription needed Disallowed breakage
found in header name - potential virus clamdscan: 0.71. spamassassin:
2.63.
The mail then gets bounced back to the sender. I don't want these mails
bounces but delivered to me (or a given mail address) instead (in fact the
mail has previously been identified as spam...). Does anybody know how this
is done?
I have attached generated messages/mails (recipient XXXed out):
- problem-found.txt: The message the clamav generates and bounces
- failure-notice.txt: The double-bounce from our mail server
Regards,
Roger
From: System Anti-Virus Administrator [EMAIL PROTECTED]
Sent: Mittwoch, 28. Juli 2004 16:42
To: [EMAIL PROTECTED]
Subject: problem found in sent message "no prior prescription needed"
Attention: [EMAIL PROTECTED]
A problem was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The problem was reported to be:
Disallowed breakage found in header name - potential virus
Please contact your IT support personnel with any queries regarding this
policy.
Your message was sent with the following envelope:
MAIL FROM: [EMAIL PROTECTED]
RCPT TO: XXXXXXXXXXXXXXXX
... and with the following headers:
---
MAILFROM: [EMAIL PROTECTED]
Received: from hase.cyberlink.ch (193.246.253.17)
by mail.webcraft.ch with SMTP; 28 Jul 2004 14:41:32 -0000
Received: (qmail 11309 invoked from network); 28 Jul 2004 14:41:31 -0000
Received: from unknown (HELO 193.246.253.15) (200.170.115.185)
by mx2.cyberlink.ch with SMTP; 28 Jul 2004 14:41:31 -0000
Received: from 127.160.152.164 by 200.170.115.185 Wed, 28 Jul 2004 19:41:59 +0400
Message-ID: <[EMAIL PROTECTED]>
From: "budget" <[EMAIL PROTECTED]>
Reply-To: "budget" <[EMAIL PROTECTED]>
To: XXXXXXXXXXXXXXXX
Subject: no prior prescription needed
Date: Wed, 28 Jul 2004 10:41:59 -0500
X-Mailer: motor hartman
stairway-isotope: dora cogitate cite
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--4031161995456667"
[
Priority: Normal
]
---
The original message is kept in:
w2:/var/spool/qmailscan/quarantine/new/w2109102569348029673
where the System Anti-Virus Administrator can further diagnose it.
The Email scanner reported the following when it scanned that message:
---
---perlscanner results ---
problem 'Disallowed breakage found in header name - potential virus' found in message
---
From: [EMAIL PROTECTED]
Sent: Mittwoch, 28. Juli 2004 16:42
To: [EMAIL PROTECTED]
Subject: failure notice
Hi. This is the qmail-send program at mail.webcraft.ch.
I tried to deliver a bounce message to this address, but the bounce bounced!
<[EMAIL PROTECTED]>:
206.190.36.251 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a rogers.com
account ([EMAIL PROTECTED]) [0] - mta102.rog.mail.re2.yahoo.com
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 29692 invoked by uid 701); 28 Jul 2004 14:41:43 -0000
Date: 28 Jul 2004 14:41:43 -0000
From: "System Anti-Virus Administrator" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: problem found in sent message "no prior prescription needed"
Message-ID: <[EMAIL PROTECTED]>
X-Tnz-Problem-Type: 40
MIME-Version: 1.0
Content-type: text/plain
Attention: [EMAIL PROTECTED]
A problem was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The problem was reported to be:
Disallowed breakage found in header name - potential virus
Please contact your IT support personnel with any queries regarding this
policy.
Your message was sent with the following envelope:
MAIL FROM: [EMAIL PROTECTED]
RCPT TO: XXXXXXXXXXXXXXXX
... and with the following headers:
---
MAILFROM: [EMAIL PROTECTED]
Received: from hase.cyberlink.ch (193.246.253.17)
by mail.webcraft.ch with SMTP; 28 Jul 2004 14:41:32 -0000
Received: (qmail 11309 invoked from network); 28 Jul 2004 14:41:31 -0000
Received: from unknown (HELO 193.246.253.15) (200.170.115.185)
by mx2.cyberlink.ch with SMTP; 28 Jul 2004 14:41:31 -0000
Received: from 127.160.152.164 by 200.170.115.185 Wed, 28 Jul 2004 19:41:59
+0400
Message-ID: <[EMAIL PROTECTED]>
From: "budget" <[EMAIL PROTECTED]>
Reply-To: "budget" <[EMAIL PROTECTED]>
To: XXXXXXXXXXXXXXXX
Subject: no prior prescription needed
Date: Wed, 28 Jul 2004 10:41:59 -0500
X-Mailer: motor hartman
stairway-isotope: dora cogitate cite
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--4031161995456667"
[
Priority:
]
---
The original message is kept in:
w2:/var/spool/qmailscan/quarantine/new/w2109102569348029673
where the System Anti-Virus Administrator can further diagnose it.
The Email scanner reported the following when it scanned that message:
---
---perlscanner results ---
problem 'Disallowed breakage found in header name - potential virus' found in
message
---
