Home > Linux > document > 正文

postfix check virus error

1.邮件内容:
防病毒测试文件Eicar-Test-Signature
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
2.退信日志:
A virus was found: Eicar-Test-Signature

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 01591-01/bXvqdfVqnbk6

First upstream SMTP client IP address: [222.72.75.1]:50911

Received trace: ESMTPA://[222.72.75.1]:50911

Return-Path: <xishui139@xishui139.com>
From: "xishui139" <xishui139@xishui139.com>
Message-ID: <5748EEBA.4010309@xishui139.com>
Subject: file.com
Not quarantined.

The message WAS NOT relayed to:
<root@xishui139.com>:
250 2.7.0 ok, discarded, id=01591-01 - infected: eicar-test-signature

Virus scanner output:
p004: Eicar-Test-Signature FOUND
p001: Eicar-Test-Signature FOUND

 

3.检测日志:

May 28 09:05:09 mail postfix/smtpd[1786]: connect from unknown[222.72.75.1]
May 28 09:05:10 mail authdaemond[1730]: received auth request, service=smtp, authtype=login
May 28 09:05:10 mail authdaemond[1730]: authmysql: trying this module
May 28 09:05:11 mail authdaemond[1730]: authmysqllib: connected. Versions: header 100020, client 100020, server 100020
May 28 09:05:11 mail authdaemond[1730]: SQL query: SELECT username, password, "", 89, 89, maildir, concat('/home/vmail/',domain,'/',maildir), "", name, "" FROM mailbox WHERE username = 'xishui139@xishui139.com'
May 28 09:05:12 mail authdaemond[1730]: password matches successfully
May 28 09:05:12 mail authdaemond[1730]: authmysql: sysusername=<null>, sysuserid=89, sysgroupid=89, homedir=xishui139.com/xishui139/, address=xishui139@xishui139.com, fullname=xishui139, maildir=/home/vmail/xishui139.com/xishui139.com/xishui139/, quota=<null>, options=<null>
May 28 09:05:12 mail authdaemond[1730]: authmysql: clearpasswd=<null>, passwd=$1$dd38c814$hwbfm0TNZ1JPDS6.f1AcL0
May 28 09:05:12 mail authdaemond[1730]: Authenticated: sysusername=<null>, sysuserid=89, sysgroupid=89, homedir=xishui139.com/xishui139/, address=xishui139@xishui139.com, fullname=xishui139, maildir=/home/vmail/xishui139.com/xishui139.com/xishui139/, quota=<null>, options=<null>
May 28 09:05:12 mail authdaemond[1730]: Authenticated: clearpasswd=******, passwd=$1$dd38c814$hwbfm0TNZ1JPDS6.f1AcL0
May 28 09:05:14 mail postfix/smtpd[1786]: 2D887C079E: client=unknown[222.72.75.1], sasl_method=login, sasl_username=xishui139@xishui139.com
May 28 09:05:14 mail postfix/cleanup[1795]: 2D887C079E: message-id=<5748EEBA.4010309@xishui139.com>
May 28 09:05:15 mail opendkim[1221]: 2D887C079E: DKIM-Signature field added (s=default, d=xishui139.com)
May 28 09:05:15 mail postfix/smtpd[1786]: disconnect from unknown[222.72.75.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 commands=5
May 28 09:05:15 mail postfix/qmgr[23852]: 2D887C079E: from=<xishui139@xishui139.com>, size=3543, nrcpt=1 (queue active)
May 28 09:05:16 mail dovecot[22600]: imap-login: Login: user=<xishui139@xishui139.com>, method=PLAIN, rip=222.72.75.1, lip=192.168.198.18, mpid=1799, secured, session=<kHDAndwz8wDeSEsB>
May 28 09:05:23 mail clamd[25305]: /var/spool/amavisd/tmp/amavis-20160528T090517-01591-ggnALxy3/parts/p004: Eicar-Test-Signature FOUND
May 28 09:05:23 mail clamd[25305]: /var/spool/amavisd/tmp/amavis-20160528T090517-01591-ggnALxy3/parts/p001: Eicar-Test-Signature FOUND
May 28 09:05:23 mail clamd[25305]: /var/spool/amavisd/tmp/amavis-20160528T090517-01591-ggnALxy3/parts/p004: Eicar-Test-Signature FOUND
May 28 09:05:24 mail clamd[25305]: /var/spool/amavisd/tmp/amavis-20160528T090517-01591-ggnALxy3/parts/p001: Eicar-Test-Signature FOUND
May 28 09:05:24 mail dovecot[22600]: imap(xishui139@xishui139.com): Disconnected for inactivity in=70 out=2931
May 28 09:05:24 mail dovecot[22600]: imap(xishui139@xishui139.com): Disconnected for inactivity in=80 out=896
May 28 09:05:33 mail postfix/smtpd[1807]: connect from localhost.localdomain[127.0.0.1]
May 28 09:05:33 mail postfix/smtpd[1807]: 37CD8C1678: client=localhost.localdomain[127.0.0.1]
May 28 09:05:33 mail postfix/cleanup[1795]: 37CD8C1678: message-id=<VAbXvqdfVqnbk6@mail.xishui139.com>
May 28 09:05:33 mail opendkim[1221]: 37CD8C1678: no signing table match for 'root@mail.xishui139.com'
May 28 09:05:33 mail opendkim[1221]: 37CD8C1678: no signature data
May 28 09:05:33 mail postfix/qmgr[23852]: 37CD8C1678: from=<root@mail.xishui139.com>, size=2810, nrcpt=1 (queue active)
May 28 09:05:33 mail amavis[1591]: (01591-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}, [222.72.75.1]:50911 [222.72.75.1] <xishui139@xishui139.com> -> <root@xishui139.com>, Queue-ID: 2D887C079E, Message-ID: <5748EEBA.4010309@xishui139.com>, mail_id: bXvqdfVqnbk6, Hits: -, size: 3943, 16576 ms
May 28 09:05:33 mail postfix/smtp[1798]: 2D887C079E: to=<root@xishui139.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=20, delays=2/1.3/0.65/16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01591-01 - INFECTED: Eicar-Test-Signature)
May 28 09:05:33 mail postfix/qmgr[23852]: 2D887C079E: removed
May 28 09:05:34 mail postfix/cleanup[1795]: 3A98CC079E: message-id=<VAbXvqdfVqnbk6@mail.xishui139.com>
May 28 09:05:34 mail postfix/qmgr[23852]: 3A98CC079E: from=<root@mail.xishui139.com>, size=3015, nrcpt=1 (queue active)
May 28 09:05:34 mail postfix/local[1809]: 37CD8C1678: to=<root@mail.xishui139.com>, relay=local, delay=1, delays=0.52/0.47/0/0.04, dsn=2.0.0, status=sent (forwarded as 3A98CC079E)
May 28 09:05:34 mail postfix/qmgr[23852]: 37CD8C1678: removed
May 28 09:05:34 mail postfix/virtual[1810]: 3A98CC079E: to=<xishui139@xishui139.com>, orig_to=<root@mail.xishui139.com>, relay=virtual, delay=0.43, delays=0.01/0.21/0/0.2, dsn=2.0.0, status=sent (delivered to maildir)
May 28 09:05:34 mail postfix/qmgr[23852]: 3A98CC079E: removed

default iconEicar-check-error.txt

上一篇:linux postfix 安装Spamassassin和clamav
下一篇:linux postfix check amavisd service
linux postfix 安装Spamassassin和clamav

linux postfix 安装Spamassassin和clamav

linux postfix install spf check

linux postfix install spf check

DKIM和DMARC之Linux邮件服务器优化

DKIM和DMARC之Linux邮件服务器优化

搭建基于虚拟域和虚拟用户的linux最新开源邮件系统Postfix+Dovecot+Cyrus-sasl+roundcubemail+mysql+postfixadmin

搭建基于虚拟域和虚拟用户的linux最新开源邮件系统Postfix+Dovecot+Cyrus-sasl+roundcubemail+mysql+postfixadmin

Linux open source mail server build (postfix+dovecot+roundcubemail)

Linux open source mail server build (postfix+dovecot+roundcubemail)

国内影响已扩散,利用“NSA武器库”中漏洞的Wannacry蠕虫勒索软件袭击全球(含修复方案)

国内影响已扩散,利用“NSA武器库”中漏洞的Wannacry蠕虫勒索软件袭击全球(含修复方案)

思科Talos团队深度解析“WannaCry”勒索软件

思科Talos团队深度解析“WannaCry”勒索软件

发表评论

您必须 [ 登录 ] 才能发表留言!

沙发空闲中,快来抢!