Inbound doesn't catch SaneSecurity signature, Outbound does

Noel Jones njones at
Fri Nov 16 18:11:06 CET 2012

On 11/16/2012 10:26 AM, francis picabia wrote:
> On Sat, Nov 3, 2012 at 6:53 PM, Noel Jones <njones at> wrote:
> My outbound catches and quarantines the message.  I copy that
> file over to my MX and run clamscan.  The MX which missed this
> on the inbound, running clamscan, detects the phishing
> or whatever Sanesecurity signature.  Does this tell us the
> clam setup is good?

No, it tells you that clam detects the virus after the mail has
passed through another MTA.  It's no longer the same message; at a
minimum, new headers have been added.

Without any evidence, we can only guess the problem.  My guess is
still that your various .ftm files don't match the headers on the
original file as presented to clamav, preventing clamav from
recognizing the file as an email message.  That's just a guess and
could be wrong, but the eyewitness accounts you've shared support this.

You'll need to do some debugging and tracing to VERIFY what clamav
is seeing and detecting.  Looks as if you're on your own from here.

Good luck.

 -- Noel Jones

More information about the amavis-users mailing list