[Mimedefang] Email didn't get scanned by MD

Jim McCullars jim at info.uah.edu
Fri Jan 9 14:02:13 EST 2004


I noticed some email in the postmaster mailbox that had some test virus
code sent.  It should have been caught by MIMEDefang, since the filename
was eicar.com.  However, it appears to have not even been scanned by MD.
The only thing I can find that is out of the ordinary about this email is
that it was apparently submitted via the MSP port rather than the MTA
port.  But when I tried sending email via 587 from another host, it did
get scanned.  Here is the sendmail log entries from the email that did not
get scanned:

Jan  8 07:28:18 email sm-mta[14800]: i08DSIJS014800:
from=<nobody at example.com>, size=556, class=0, nrcpts=1,
msgid=<200401081328.i08DSIJS014800 at email.uah.edu>, proto=SMTP, daemon=MSA,
relay=redhat.uah.edu [146.229.8.31]
Jan  8 07:28:18 email sm-mta[14849]: i08DSIJS014800: to=root,
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30854, dsn=2.0.0,
stat=Sent

But then I tried it myself today from another host, and here is what it
looks like:

Jan  9 11:46:37 email sm-mta[8251]: i09HjwJR008251: from=jim at info.uah.edu,
size=15, class=0, nrcpts=1,
msgid=<200401091746.i09HjwJR008251 at email.uah.edu>, proto=SMTP, daemon=MSA,
relay=info.uah.edu [146.229.5.36]
Jan  9 11:46:37 email sm-mta[8251]: i09HjwJR008251: Milter add: header:
X-Scanned-By: MIMEDefang 2.35
Jan  9 11:46:37 email sm-mta[10494]: i09HjwJR008251:
to=mccullj at email.uah.edu, delay=00:00:09, xdelay=00:00:00, mailer=local,
pri=30370, dsn=2.0.0, stat=Sent

Indeed in the email that made it through, there is no X-Scanned-By: header
whereas in the test email I sent, there was.  Any idea what may have
allowed the test from redhat.uah.edu to slip by?




More information about the MIMEDefang mailing list