Hello, Using exim 4.72 I have been trying to track down a problem where mail with some form of detected malware has been rejected. We tend to reject anything detected by ClamAV's own signatures, but mark those which are 'UNOFFICIAL'. This has worked fine, but we are now seeing some mail rejected and the reported malware name - from the malware_name variable is (e.g.): 457)
This is the actual name being reported by 'malware_name' - '457)'. Our logs show that other messages have been rejected, with the number in the message varying. It seems that the InetMsg spamdomain third-party signatures are being reported by ClamAV as (e.g.): INetMsg.SpamDomain-2m.engduates_com.UNOFFICIAL(924747f3c8e4b999eb887c755839021b:457) Our clamd log file shows the same name as being detected. As can be seen the name does not end in 'UNOFFICIAL', but has some string after it. The '457' does not refer to the line number. Checking the 'INetMsg-SpamDomains-2m.ndb' shows the relevant line simply as: INetMsg.SpamDomain-2m.engduates_com:4:*:(2e|2f|40|20|3c| 5f)656e676475617465732e636f6d(27|22|20|2f|3d|5f|3e|0a|0d) which looks fine. In that respect it seems the 'malware_name' variable has a problem in reporting the correct name. Regards, John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
