[Mimedefang] virus scanning and notifications

John john at jjgb.com
Tue Nov 4 09:38:12 EST 2003 

At 04:27 AM 11/4/2003, you wrote:
>On 11/3/03 1:21 PM, "cc" <cc at belfordhk.com> wrote:
>
> > Hi,
> >
> > I have quite a stable (knock on wood) Mimefang setup with
> > some minor issues in tweaking.
> >
> > I've noticed while tweaking the settings that the
> > $VirusName is different depending on where you put
> > it.
> >
> > During my initial foray into MIMEDefang, I noticed
> > that in filter_begin(), $VirusName = suspicious,
> > whereas in filter() it is the Virus name.  Perhaps
> > this is meant to be that way.
> >
> > Just for clarification, if an incoming mail is infected
> > with SWEN, the badfilename filter action is done then
> > the virus scanner checks it out (or does it?).  Recently
> > in 2.38, I noticed that the SWEN-infected mail aren't
> > being processed.  Before, when a virus is detected in
> > an email, MIMEDefang 'drops' the file but posts a notification
> > of the action to the user as well as adding a tidbit
> > at the end telling the user what virus was detected.  I
> > also had MIMEDefang add as a suffix { Virus $VirusName removed }
> > added to the subject.
> >
> > Now this doesn't seem to work consistently.  Sometimes
> > it gets detected, other times not.  I don't quite
> > understand what's going on.   Also, is it better to
> > quarantine the infected mail or to just delete it outright?
> >
> > I'm using MIMEDefang 2.38, clamAV as my scanner on a Linux 2.4.xx
> > machine.
> >
> > Would anyone know what possible reasons there are for such
> > discrepencies?
> >
> > Thanks.
> >
>
>I've noticed very recently that after a database update (using freshclam)
>that CLAMD stopped working properly.  actually, it caused my filter to busy
>timeout consistantly and tempfail (for 2 days over the weekend) ...

What you may want to do is delete all the virus db's in /usr/share/clamav 
or where ever you installed them and re-run freshclam.

I haven't noticed any issues on either of the two servers running it.


>i'Ve found that using CLAMAV instead of CLAMD seems to resolve this problem,
>but i'm getting some mails identified as viruses without a virus name.
>
>everything was running super stable until midnight monday (JST)
>
>i suspect there's something up with the clamav virus database or something
>
>any insight would be greatly appreciated.
>
>alan
>
>_______________________________________________
>MIMEDefang mailing list
>MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


John Jaeger - Billings, Montana

EMail To	: <mailto:john at jjgb.com>
Home Page	: <http://www.jjgb.com>

PGP:
RSA Key ID: 0xAAEC7751  <http://www.jjgb.com/public_files/RSA_Key.zip>

"Our liberty is protected by four boxes...
     The ballot box, the jury box, the soap box, and the cartridge box."
                                    - Anonymous

More information about the MIMEDefang mailing list