On 8/8/2012 11:22 AM, Len Conrad wrote: >> >> What software put the mail in quarantine? What's in the mail log? > > Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamd[60202]: > /var/virus/clamsmtpd.qIdg8l: MBL_303159.UNOFFICIAL FOUND > > Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamsmtpd: 3EA221: > from=bounce-tjmhmbzlppwckzzhcljkpcrdpjjmllrjbhsppztjsplchbptz...@email.carepackages.com, > to=x...@xxx.net, status=VIRUS:MBL_303159.UNOFFICIAL > > which file the msg is quarantined as is not logged. > > the quarantined msgs are stored to > > /var/virus/ > > and the filenames are like: > > -rwxrwxrwx 1 vscan vscan 12180 Aug 7 13:58 virus.Ywa18d
OK, so the quarantine file is created by clamsmtp. > > in trying to get amavisd-release to work, I changed permissions and > owner:group, brutally. > > in amavisd-release, there is a file name filtering which rejects: amavisd-release expects the message to be in the specific quarantine format used by amavisd-new. I would expect it to fail spectacularly on "foreign" files. > Stef of clamsmtpd said it would take custom software to release quarantine > msgs. That sounds grim. I wonder about the purpose of a quarantine that can't be released. Regardless, since clamsmtp created the quarantine, it seems that's the place to start looking for a release mechanism. Surely someone else has encountered this. As a last-ditch effort, if you put a couple of quarantine files in a pastebin, *maybe* someone here (or clamsmtp, or postfix-users, since this is getting OT for this list) can give a hand. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml