Virus notification question

Stephen Davies sdavies at sdc.com.au
Sun Feb 12 07:46:41 CET 2012


Following is an excerpt from my mail log when a virus is detected by amavisd-
new-2.7.0 and amavisd-milter-1.5.0.

What might be wrong with my config?

Where should I look in the doco?

(Google does not know.)

My config includes:

$inet_socket_port = 10026;   # listen on this local TCP port(s)
$notify_method  = 'smtp:[127.0.0.1]:10026';

Cheers and thanks,
Stephen

Feb 12 12:22:28 mustang sendmail[12522]: q1C1qKLZ012522: 
from=<anonymous at unitary.ru>, size=403571, class=0, nrcpts=1, 
msgid=<20120210184619.2400.qmail at web.hostek.ru>, proto=ESMTP, daemon=MTA, 
relay=cp.hostek.ru [81.176.77.242]
Feb 12 12:22:28 mustang amavis[9071]: (09071) Request: AM.PDP  
/var/amavis/tmp/afq1C1qKLZ012522: <anonymous at unitary.ru> -> <sdc at sdc.com.au>
Feb 12 12:22:28 mustang amavis[9071]: (09071) Checking: cM4dH5-zzumM AM.PDP-
SOCK [81.176.77.242] <anonymous at unitary.ru> -> <sdc at sdc.com.au>
Feb 12 12:22:28 mustang amavis[9071]: (09071) WARN: MIME::Parser error: part 
did not end with expected boundary
Feb 12 12:22:28 mustang amavis[9071]: (09071) p.path BANNED:1 sdc at sdc.com.au: 
"P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/octet-
stream,T=zip,N=FedEx_Invoice.zip | P=p004,L=1/2/1,T=exe,T=exe-
ms,N=FedEx_Invoice.exe", matching_key="(?-xism:^\\.(exe-ms|dll)$)"
Feb 12 12:22:28 mustang clamd[1731]: 
/var/amavis/tmp/afq1C1qKLZ012522/parts/p005: Email.Trojan.GZC FOUND
Feb 12 12:22:28 mustang amavis[9071]: (09071) local delivery: <> -> virus-
quarantine, mbx=/var/virusmails/virus-cM4dH5-zzumM
Feb 12 12:22:28 mustang amavis[9070]: (09070-04) ESMTP::10026 
/var/amavis/tmp/amavis-20120212T122228-09070-52jpecv4: <virusalert at sdc.com.au> 
-> <virusalert at sdc.com.au> ENVID=AM.09071.20120212T015228Z at mustang.sdc.com.au 
Received: from localhost ([127.0.0.1]) by localhost (mustang.sdc.com.au 
[127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <virusalert at sdc.com.au>; 
Sun, 12 Feb 2012 12:22:28 +1030 (CST)
Feb 12 12:22:28 mustang amavis[9070]: (09070-04) Checking: BciVU7H-sYYI 
ORIGINATING <virusalert at sdc.com.au> -> <virusalert at sdc.com.au>
Feb 12 12:22:29 mustang amavis[9070]: (09070-04) Passed CLEAN 
{AcceptedInternal}, ORIGINATING <virusalert at sdc.com.au> -> 
<virusalert at sdc.com.au>, Message-ID: <VAcM4dH5-zzumM at mustang.sdc.com.au>, 
mail_id: BciVU7H-sYYI, Hits: 0, size: 2410, 868 ms
Feb 12 12:22:29 mustang amavis[9070]: (09070-04) (!!)TROUBLE in 
process_request: NOT ALL RECIPIENTS DONE, EMPTY DELIVERY_METHOD! at (eval 109) 
line 971, <GEN47> line 78.

-- 
=============================================================================
Stephen Davies Consulting P/L                             Voice: 08-8177 1595
Adelaide, South Australia.                                Fax  : 08-8177 0133
Records & Collections Management.                         Mobile:040 304 0583


More information about the amavis-users mailing list