ConfigServer Community Forum

Hi all,

Mailscanner is not blocking viruses. I have checked the virus.delivery.rules (all set to no) and virus.scanning.rules (all set to yes)

Example:
MailScanner: Found spam-virus Sanesecurity.Jurlbl.0a6339.UNOFFICIAL in 1aVcxq-0004ft-J6

2016-02-16 12:34:39 1aVcxq-0004ft-J6 <= hello@neonnexus.com H=neonnexus.com [216.189.159.218]:56368 P=esmtps X=TLSv1.2:DHE-RSA-AES128-SHA:128 CV=no S=13092 id=ca5ebc635bb75e1ce51e7ac41807968b@neonnexus.com T="Make an 8% Guaranteed Return for 5 Years" for removed.yyy.net
2016-02-16 12:34:46 cwd=/var/spool/MailScanner/incoming/14944 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1aVcxq-0004ft-J6
2016-02-16 12:34:46 1aVcxq-0004ft-J6 => removed <removed.yyy.net> R=virtual_user T=virtual_userdelivery
2016-02-16 12:34:46 1aVcxq-0004ft-J6 Completed

It there any other setting that I should look at to have these blocked?

Regards,

Dieter

This is relating to a spam-virus, not a virus. They are handled differently as far as I am aware. See the settings for spam-virus handling in the MailScanner configuration. You might also search the mailscanner mailing list for help with how these are handled. Unfortunately they have removed the wiki from their site, but the mailscanner mailing list is here:
http://lists.mailscanner.info/listinfo/mailscanner

Regards,
Sarah

Just an update for somebody that would have the same problem:

In your mailscanner config, look for:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*

Remove Sane*UNOFFICIAL if you want to block all spam-virus hits if you have the Sanesecurity signatures loaded.

Regards,

Dieter