[Mimedefang] virus scanning and notifications
alan premselaar
alien at 12inch.com
Tue Nov 4 06:27:55 EST 2003
On 11/3/03 1:21 PM, "cc" <cc at belfordhk.com> wrote:
> Hi,
>
> I have quite a stable (knock on wood) Mimefang setup with
> some minor issues in tweaking.
>
> I've noticed while tweaking the settings that the
> $VirusName is different depending on where you put
> it.
>
> During my initial foray into MIMEDefang, I noticed
> that in filter_begin(), $VirusName = suspicious,
> whereas in filter() it is the Virus name. Perhaps
> this is meant to be that way.
>
> Just for clarification, if an incoming mail is infected
> with SWEN, the badfilename filter action is done then
> the virus scanner checks it out (or does it?). Recently
> in 2.38, I noticed that the SWEN-infected mail aren't
> being processed. Before, when a virus is detected in
> an email, MIMEDefang 'drops' the file but posts a notification
> of the action to the user as well as adding a tidbit
> at the end telling the user what virus was detected. I
> also had MIMEDefang add as a suffix { Virus $VirusName removed }
> added to the subject.
>
> Now this doesn't seem to work consistently. Sometimes
> it gets detected, other times not. I don't quite
> understand what's going on. Also, is it better to
> quarantine the infected mail or to just delete it outright?
>
> I'm using MIMEDefang 2.38, clamAV as my scanner on a Linux 2.4.xx
> machine.
>
> Would anyone know what possible reasons there are for such
> discrepencies?
>
> Thanks.
>
I've noticed very recently that after a database update (using freshclam)
that CLAMD stopped working properly. actually, it caused my filter to busy
timeout consistantly and tempfail (for 2 days over the weekend) ...
i'Ve found that using CLAMAV instead of CLAMD seems to resolve this problem,
but i'm getting some mails identified as viruses without a virus name.
everything was running super stable until midnight monday (JST)
i suspect there's something up with the clamav virus database or something
any insight would be greatly appreciated.
alan
More information about the MIMEDefang
mailing list