Re: [Clamav-users] bypass a user

Thu, 26 Jun 2008 05:42:01 -0700 

----- Original Message ----- 
From: "Matus UHLAR - fantomas" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, June 26, 2008 12:09 PM
Subject: Re: [Clamav-users] bypass a user


> On 26.06.08 11:40, Obantec Support wrote:
>> I am running 0.93.1 on FC3 box.
>> 1 user is complaining that emails with word attachments are being zapped
>> randomly.
>
> randomly? would be better to check the logs...
>
>> She uses a .procmailrc file to send to an another ISP that does not have 
>> AV
>> or SA.
>> is there a way to stop clamAV effecting this user.
>>
>> I run clam-milter and clamd and pick up around 700+ virus a week over
>> around 200 users.
>
> what does it do when it detect a virus? refuse the e-mail? (good)
> drop the e-mail without notifying anyone? (bad).
>
> -- 
> Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 42.7 percent of all statistics are made up on the spot.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>

Hi

the logs show viruses are detected, reject=554 5.7 and marked up as a virus 
in header with X-Virus-Status.

Jun 26 12:24:25 proteus2 sendmail[19388]: m5QBOJvL019388: Milter add: 
header: X-Virus-Scanned: ClamAV version 0.93.1, clamav-milter version 0.93.1 
on example.net Jun 26 12:24:25 proteus2 sendmail[19388]: m5QBOJvL019388: 
Milter add: header: X-Virus-Status: Infected with 
Phishing.Heuristics.Email.SpoofedDomain
Jun 26 12:24:25 proteus2 sendmail[19388]: m5QBOJvL019388: Milter: data, 
reject=554 5.7.1 virus Phishing.Heuristics.Email.SpoofedDomain detected by 
ClamAV - http://www.clamav.net
Jun 26 12:24:25 proteus2 sendmail[19388]: m5QBOJvL019388: 
to=<[EMAIL PROTECTED]>, delay=00:00:04, pri=32737, stat=virus 
Phishing.Heuristics.Email.SpoofedDomain detected by ClamAV - 
http://www.clamav.net

I have not seen any email come to me with a virus so i assume they are 
dumped.

Mark





_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to