[Clamav-users] clamav-milter & sendmail: postmaster notification

Fri, 06 Jan 2006 03:22:02 -0800 

    Hi, all!
    I'm struggling with virus notification on sendmail & clamav-milter. I've 
started clamav-milter like this:
clamav-milter -Dfb /var/run/clamav/clmilter.sock

So, according to manual the mail should be sent to sender, recipient and 
postmaster. When any virus cames I see in clamd.log such info:
Fri Jan  6 11:22:33 2006 -> /tmp/clamav-b1b44252cf9c3dee/msg.OhGce9: 
Exploit.HTML.IFrame FOUND
LibClamAV debug: Calling /usr/lib/sendmail -t -i -odq
LibClamAV debug: Waiting for /usr/lib/sendmail -t -i -odq to finish

at the same time I can see in maillog such thing:
ñÎ×  6 11:22:33 kernel clamav-milter[7369]: k069MSUR007368: 
/tmp/clamav-b1b44252cf9c3dee/msg.OhGce9: Exploit.HTML.IFrame Intercepted 
virus from <[EMAIL PROTECTED]> to 
<[EMAIL PROTECTED]>
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: from=root, size=352, 
class=0, nrcpts=3, msgid=<[EMAIL PROTECTED]>, 
[EMAIL PROTECTED]
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: 
to=<[EMAIL PROTECTED]>, delay=00:00:00, mailer=relay, 
pri=90246, stat=queued
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: to=postmaster, 
delay=00:00:00, mailer=relay, pri=90246, stat=queued
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: 
to=<[EMAIL PROTECTED]>, delay=00:00:00, mailer=relay, pri=90246, 
stat=queued
Jan  6 11:22:33 kernel sendmail[7368]: k069MSUR007368: Milter: data, 
reject=554 5.7.1 virus Exploit.HTML.IFrame detected by ClamAV - 
http://www.clamav.net
Jan  6 11:22:33 kernel sendmail[7368]: k069MSUR007368: 
to=<[EMAIL PROTECTED]>, delay=00:00:05, pri=30342, stat=virus 
Exploit.HTML.IFrame detected by ClamAV - http://www.clamav.net

I was confused with "stat=queued". Then I've checked all maillog:
[EMAIL PROTECTED] log]# cat maillog | grep k069MXPR007370
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: from=root, size=352, 
class=0, nrcpts=3, msgid=<[EMAIL PROTECTED]>, 
[EMAIL PROTECTED]
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: 
to=<[EMAIL PROTECTED]>, delay=00:00:00, mailer=relay, 
pri=90246, stat=queued
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: to=postmaster, 
delay=00:00:00, mailer=relay, pri=90246, stat=queued
Jan  6 11:22:33 kernel sendmail[7370]: k069MXPR007370: 
to=<[EMAIL PROTECTED]>, delay=00:00:00, mailer=relay, pri=90246, 
stat=queued
[EMAIL PROTECTED] log]#

That's all. Looks like message was queued and then disappeared. How to 
explain this? And is it possible to fix?
Thank you.
Mykhaylo Khodorev 



_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to