From: Mark M. <Mar...@ij...> - 2007-05-31 08:17:02
|
Bill, > I am marking and passing malware e-mails to a special review account for > possible listing in URIBL Black (in their malware cluster). Just > curious to know why amavisd would write all of the duplicate malware > headers to a single message: > > X-Spam-Status: Yes, score=56 required=5 > tests=[AV:Email.Malware.Sanesecurity.07051800=7.5, MY_TEST=3.5, > AV:Email.Malware.Sanesecurity.07051800=7.5, > AV:Email.Malware.Sanesecurity.07051800=7.5, > AV:Email.Malware.Sanesecurity.07051800=7.5, > AV:Email.Malware.Sanesecurity.07051800=7.5, > AV:Email.Malware.Sanesecurity.07051800=7.5, > AV:Email.Malware.Sanesecurity.07051800=7.5] amavisd passes each mail component (unless decoding is disabled) to virus scanners. Perhaps clamd triggered on each mail part. Or there may be an issue with cached results from previous attempts, try: $virus_check_negative_ttl=0; # time to cache contents when not infected $virus_check_positive_ttl=0; # time to cache contents when infected $spam_check_negative_ttl =0; # time to cache contents as not spam $spam_check_positive_ttl =0; # time to cache contents as spam just to rule out this possibility. The final answer lies in your log. Mark |