On Fri, 2010-08-27 at 14:28 +0100, John Horne wrote: > Hello, > > Using exim 4.72 I have been trying to track down a problem where mail > with some form of detected malware has been rejected. We tend to reject > anything detected by ClamAV's own signatures, but mark those which are > 'UNOFFICIAL'. This has worked fine, but we are now seeing some mail > rejected and the reported malware name - from the malware_name variable > is (e.g.): 457) > > This is the actual name being reported by 'malware_name' - '457)'. > Our logs show that other messages have been rejected, with the number in > the message varying. > > It seems that the InetMsg spamdomain third-party signatures are being > reported by ClamAV as (e.g.): > INetMsg.SpamDomain-2m.engduates_com.UNOFFICIAL(924747f3c8e4b999eb887c755839021b:457) > Our clamd log file shows the same name as being detected. > A bit more info:
We are using ClamAV 0.96.2 and have enabled the 'ExtendedDetectionInfo yes' option. this is where the '(...:457)' comes from. We have now disabled the 'ExtendedDetectionInfo' option and the malware_name is reporting the names correctly. John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
