为什么有的信件会被MailScanner吃掉？

李博

我有2个病毒测试文件，我想测试一下MailScanner的能力
现在我发信mail1.com（含有附件yes.exe）->mail2.com
mail2.com收到了由MailScanner发出的病毒警告信息
于是我又发mail1.com（含有附件no.exe）->mail2.com
这个时候，很奇怪，mail2.com什么也没有收到！
－－日志如下－－mail1.com（含有附件yes.exe）->mail2.com的－－－
Jun 28 10:20:22 virus postfix/smtpd[2506]: connect from unknown[192.168.9.24]
Jun 28 10:20:22 virus postfix/smtpd[2506]: 2851287FF: client=unknown[192.168.9.24]
Jun 28 10:20:22 virus postfix/cleanup[2509]: 2851287FF: hold: header Received: from mail1.com (unknown [192.168.9.24])??by

virus.mail.com (Postfix) with SMTP id 2851287FF??for <[email protected]>; Wed, 28 Jun 2006 10:20:22 +0800 (CST) from unknown

[192.168.9.24]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mail1.com>
Jun 28 10:20:22 virus postfix/cleanup[2509]: 2851287FF: hold: header Received: from [192.168.9.125]; Wed, 5 Jul 2006 17:54:07

+0800 from unknown[192.168.9.24]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mail1.com>
Jun 28 10:20:22 virus postfix/cleanup[2509]: 2851287FF: message-id=<[email protected]>
Jun 28 10:20:24 virus postfix/smtpd[2506]: disconnect from unknown[192.168.9.24]
Jun 28 10:20:26 virus MailScanner[1866]: New Batch: Scanning 1 messages, 540149 bytes
Jun 28 10:20:28 virus MailScanner[1866]: Looked up unknown string notcached in language translation file

/etc/MailScanner/reports/cn/languages.conf
Jun 28 10:20:28 virus MailScanner[1866]: Virus and Content Scanning: Starting
Jun 28 10:20:30 virus MailScanner[1866]: Filename Checks: Windows/DOS Executable (2851287FF.3A445 yes.exe)
Jun 28 10:20:30 virus MailScanner[1866]: Filetype Checks: No executables (2851287FF.3A445 yes.exe)
Jun 28 10:20:30 virus MailScanner[1866]: Other Checks: Found 2 problems
Jun 28 10:20:31 virus MailScanner[1866]: Requeue: 2851287FF.3A445 to 643C48804
Jun 28 10:20:31 virus MailScanner[1866]: Cleaned: Delivered 1 cleaned messages
Jun 28 10:20:31 virus MailScanner[1866]: Batch (1 message) processed in 4.78 seconds
Jun 28 10:20:31 virus postfix/qmgr[1742]: 643C48804: from=<[email protected]>, size=2087, nrcpt=1 (queue active)
Jun 28 10:20:31 virus postfix/smtp[2589]: 643C48804: to=<[email protected]>, relay=192.168.9.26[192.168.9.26], delay=9,

status=sent (250 OK)
Jun 28 10:20:31 virus postfix/qmgr[1742]: 643C48804: removed

－－日志如下－－mail1.com（含有附件no.exe）->mail2.com的－－－
Jun 28 10:21:11 virus postfix/smtpd[2506]: connect from unknown[192.168.9.24]
Jun 28 10:21:11 virus postfix/smtpd[2506]: 8921987FF: client=unknown[192.168.9.24]
Jun 28 10:21:11 virus postfix/cleanup[2509]: 8921987FF: hold: header Received: from mail1.com (unknown [192.168.9.24])??by

virus.mail.com (Postfix) with SMTP id 8921987FF??for <[email protected]>; Wed, 28 Jun 2006 10:21:11 +0800 (CST) from unknown

[192.168.9.24]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mail1.com>
Jun 28 10:21:11 virus postfix/cleanup[2509]: 8921987FF: hold: header Received: from [192.168.9.125]; Wed, 5 Jul 2006 17:54:51

+0800 from unknown[192.168.9.24]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mail1.com>
Jun 28 10:21:11 virus postfix/cleanup[2509]: 8921987FF: message-id=<[email protected]>
Jun 28 10:21:17 virus postfix/smtpd[2506]: disconnect from unknown[192.168.9.24]
Jun 28 10:21:18 virus MailScanner[1746]: New Batch: Scanning 1 messages, 1184167 bytes
Jun 28 10:21:18 virus MailScanner[1746]: Looked up unknown string notcached in language translation file

/etc/MailScanner/reports/cn/languages.conf
Jun 28 10:21:19 virus MailScanner[1746]: Virus and Content Scanning: Starting
Jun 28 10:21:22 virus MailScanner[1746]: /var/spool/MailScanner/incoming/1746/./8921987FF.730C2/no.exe: Trojan.Rbot.GEN-3

FOUND
Jun 28 10:21:22 virus MailScanner[1746]: Virus Scanning: ClamAV found 1 infections
Jun 28 10:21:22 virus MailScanner[1746]: Infected message 8921987FF.730C2 came from 192.168.9.24
Jun 28 10:21:22 virus MailScanner[1746]: Virus Scanning: Found 1 viruses
Jun 28 10:21:22 virus MailScanner[1746]: Filename Checks: Windows/DOS Executable (8921987FF.730C2 no.exe)
Jun 28 10:21:22 virus MailScanner[1746]: Filetype Checks: No executables (8921987FF.730C2 no.exe)
Jun 28 10:21:22 virus MailScanner[1746]: Other Checks: Found 2 problems
Jun 28 10:21:22 virus MailScanner[1746]: Batch (1 message) processed in 4.64 seconds
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

gugong

再测试一遍，如何

李博

还是不行，我仔细看了一下日志，关键问题出现在
Virus and Content Scanning: Starting
这句话以后，处理的方式就不同了
yes。exe是
Filename Checks->Filetype Checks->Other Checks->Requeue->Cleaned->Batch->sent->removed
no。exe是
FOUND(Trojan.Rbot.GEN-3 )->Virus Scanning->Infected message->Virus Scanning->Filename Checks->Filetype Checks->Other Checks->Batch

李博

真奇怪，我重启动以后居然就好了！
太奇怪了，但是没有搞明白，我还是不服气！