clam blocked local logwatch mail

[BruceLee]

Hi,

today I did not receive my usual logwatch Email.
/var/log/psa/maillog shows:

Code: Select all

Apr 13 04:02:06 www qmail-scanner[12169]: CLAMDSCAN:Atomicorp.MalwareBlo:RC:1(127.0.0.1): 0.307744 6866 admin@domain.tld admin@domain.tld Logwatch_for_servername_(Linux) <20110413020203.11945.qmail@domain.tld> servername130266012579012169-unpacked:6866 

the email ended up in
/var/spool/qscan/quarantine/viruses/new
with

Code: Select all

X-Qmail-Scanner: 2.08st (clamdscan: 0.96.5/12971. spamassassin: 3.2.5. perlscan: 2.08st.  virus Found. Processed in 0.121175 secs) process 12169
Quarantine-Description: Atomicorp.MalwareBlocklist.ya.ru.UNOFFICIAL

What can I do? What triggered the Atomicorp.MalwareBlocklist? Besides that the email notification "OSSEC Notification - www - Alert level 7" about the yandexbot stopped too!
Soemthing must have changed in the Atomicorp.MalwareBlocklist, or am I wrong?

Thanks

[blackstorm]

Hi,

i have the same problem - no logwatch

Apr 13 11:16:49 eq4 clamd[29418]: stream(127.0.0.1@1711): Atomicorp.MalwareBlocklist.ya.ru.UNOFFICIAL FOUND
Apr 13 11:16:49 eq4 livecserver: Mail to <log@example.com> was found infected with Atomicorp.MalwareBlocklist.ya.ru.UNOFFICIAL
Apr 13 11:16:49 eq4 livecserver: Mail defered due to viruses contained

Best regards

Blackstorm

[mikeshinn]

Try updating to the latest rules.

[BruceLee]

Thanks for the quick reply.
Updated the rules, ran logwatch but unfortunately it's still marked as virus.

Code: Select all

X-Qmail-Scanner: 2.08st (clamdscan: 0.96.5/12978. spamassassin: 3.2.5. perlscan: 2.08st.  virus Found. Processed in 0.121687 secs) process 4861 
Quarantine-Description: Atomicorp.MalwareBlocklist.ya.ru.UNOFFICIAL

Anything more I can provide?
Thanks

[mikeshinn]

ya.ru isnt in the sigs, check to make sure you are running the latest:

[root@core3 ~]# grep "\.ya\.ru" /var/clamav/*
[root@core3 ~]#

[BruceLee]

thanks, that did it