Thanks for your help so far Doug. I will upgrade ClamAV as soon as possible. One question though, if I look through the qmail-queue.log, it looks like ClamAV finds it ...
Wed, 03 Mar 2004 13:20:59 -0500:12952: --output of clamscan was: Wed, 03 Mar 2004 13:20:59 -0500:12952: There be a virus! (Worm.Bagle.J) and Wed, 03 Mar 2004 13:20:59 -0500:12952: w_v_r: writing quarantine log report of: Wed, 03 Mar 2004 13:20:59 -0500 [EMAIL PROTECTED] [EMAIL PROTECTED] E-mail account disabling warning. Worm.Bagle.J clamscan: 0.65. spamassassin: 2.60. To me, this looks like it found it. But anyways - I will upgrade. Thanks again! Wed, 03 Mar 2004 13:20:59 -0500:12952: +++ starting debugging for process 12952 by uid=100 at Wed, 03 Mar 2004 13:20:59 -0500 Wed, 03 Mar 2004 13:20:59 -0500:12952: setting UID to EUID so subprocesses can access files generated by this script Wed, 03 Mar 2004 13:20:59 -0500:12952: program name is qmail-scanner-queue.pl, version 1.20st Wed, 03 Mar 2004 13:20:59 -0500:12952: incoming SMTP connection from via SMTP from 24.87.144.179 Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: mkdir /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952 Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/spambox.mydomain.com107833805954912952 [1078338059.24346] Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: primary Content-Type of multipart/mixed found Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: found a top-level boundary definition of \-\-\-\-\-\-\-\-abxdnhiqnhdhqxkbikrq Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: attachment 1: Content-Type of text/plain found Wed, 03 Mar 2004 13:20:59 -0500:12952: found C-T attachment filename information.pif Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: attachment 2: Content-Type of application/octet-stream found Wed, 03 Mar 2004 13:20:59 -0500:12952: w_c: rename new msg from /var/spool/qmailscan/working/tmp/spambox.mydomain.com107833805954912952 to /var/spool/qmailscan/working/new/spambox.mydomain.com107833805954912952 [1078338059.95327] Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: starting /usr/local/bin/reformime -x/var/spool/qmailscan/tmp/spambox.mydomain.com107 833805954912952/ </var/spool/qmailscan/working/new/spambox.mydomain.com107833805954912952 [1078338059.95377] Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: finished /usr/local/bin/reformime -x/var/spool/qmailscan/tmp/spambox.mydomain.com107 833805954912952/ [1078338059.9627] Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: Checking all attachments to see if they're MS-TNEF Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: is /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952/1078338059.1 2954-0.spambox.mydomain.com is a TNEF file?: 256 [1078338059.96551] Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: is /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952/Information. pif is a TNEF file?: 256 [1078338059.96832] Wed, 03 Mar 2004 13:20:59 -0500:12952: d_m: unpacking message took 0.014865 seconds Wed, 03 Mar 2004 13:20:59 -0500:12952: unsetting QMAILQUEUE env var Wed, 03 Mar 2004 13:20:59 -0500:12952: g_e_h: return-path is "[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]" Wed, 03 Mar 2004 13:20:59 -0500:12952: [EMAIL PROTECTED],subj=E-mail account disabling warning., x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via SMTP from 24.87.144.179 Wed, 03 Mar 2004 13:20:59 -0500:12952: ini_sc: start scanning Wed, 03 Mar 2004 13:20:59 -0500:12952: ini_sc: recursively scan the directory /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952/ Wed, 03 Mar 2004 13:20:59 -0500:12952: scanloop: starting scan of directory "/var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952"... Wed, 03 Mar 2004 13:20:59 -0500:12952: scanloop: scanner=clamscan_scanner,plain_text_msg=0 Wed, 03 Mar 2004 13:20:59 -0500:12952: clamscan: starting scan of directory "/var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952"... Wed, 03 Mar 2004 13:20:59 -0500:12952: run /usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space =1000000 /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952 2>&1 Wed, 03 Mar 2004 13:20:59 -0500:12952: --output of clamscan was: Wed, 03 Mar 2004 13:20:59 -0500:12952: There be a virus! (Worm.Bagle.J) Wed, 03 Mar 2004 13:20:59 -0500:12952: clamscan: finished scan of dir "/var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952" in 0.009725 secs Wed, 03 Mar 2004 13:20:59 -0500:12952: scanloop: finished scan of "/var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952"... Wed, 03 Mar 2004 13:20:59 -0500:12952: ini_sc: scanning message took 0.010196 seconds Wed, 03 Mar 2004 13:20:59 -0500:12952: unsetting TCPREMOTEIP env var Wed, 03 Mar 2004 13:20:59 -0500:12952: e_v_r: quarantine msg to /var/spool/qmailscan/quarantine/new/spambox.mydomain.com107833805954912952 Wed, 03 Mar 2004 13:20:59 -0500:12952: i_u_e: called with sender Wed, 03 Mar 2004 13:20:59 -0500:12952: i_u_e: is_local=99 Wed, 03 Mar 2004 13:20:59 -0500:12952: n_a: notify_addr (set to ) called with sender Wed, 03 Mar 2004 13:20:59 -0500:12952: n_a: notify_addr (set to ) called with admin Wed, 03 Mar 2004 13:20:59 -0500:12952: n_a: notify_addr (set to ) called with nmladm Wed, 03 Mar 2004 13:20:59 -0500:12952: i_u_e: called with sender Wed, 03 Mar 2004 13:20:59 -0500:12952: i_u_e: is_local=99 Wed, 03 Mar 2004 13:20:59 -0500:12952: n_a: notify_addr (set to ) called with recips Wed, 03 Mar 2004 13:20:59 -0500:12952: w_v_r: writing quarantine log report of: Wed, 03 Mar 2004 13:20:59 -0500 [EMAIL PROTECTED] [EMAIL PROTECTED] E-mail account disabling warning. Worm.Bagle.J clamscan: 0.65. spamassassin: 2.60. Wed, 03 Mar 2004 13:20:59 -0500:12952: e_v_r: email_quarantine_report took 0.038984 seconds to execute Wed, 03 Mar 2004 13:20:59 -0500:12952: cleanup: /bin/rm -rf /var/spool/qmailscan/tmp/spambox.mydomain.com107833805954912952/ /var/spool/qmailscan/working/new/spambox.mydomain.com107833805954912952 Wed, 03 Mar 2004 13:21:00 -0500:12952: --- all finished. Total of 0.779538 secs James Herschel Systems Administrator Quarry Integrated Communications 519.570.2020.2489 519.503.2563 [EMAIL PROTECTED] _______________________________ This e-mail message (including any attachments) is intended only for the use of the individual to whom it is addressed and may contain information that is privileged, proprietary, confidential or subject to copyright. If you are not the intended recipient, you are notified that any use, dissemination, distribution or reproduction of this communication is strictly prohibited. If you have received this communication in error, please notify the sender and delete this e-mail message immediately. ______________________________ Quarry Integrated Communications 750-180 King St S Waterloo ON N2J 1P8 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug Monroe Sent: Wednesday, March 03, 2004 5:00 PM To: [EMAIL PROTECTED] Sourceforge. Net Subject: Re: [Qmail-scanner-general]ClamAV found it, QS didn't quarantine it? James Herschel wrote: > It does indeed ... this seems like quite a strange anomaly as I've gotten > tons of virus's tagged and not sent on before ... > > Received: from [EMAIL PROTECTED] by myscanner.domain.com by uid 100 > with qmail-scanner-1.20st > (clamscan: 0.65. spamassassin: 2.60. > Clear:RC:0(24.87.144.179):SA:0(-2.0/5.0):. > Processed in 1.348038 secs); 03 Mar 2004 17:19:27 -0000 This indicates NO infected file was found (e.g. "Clear") perhaps you should try 0.67 with a freshclam update? ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
