Virus infected message not marked as virus on mailwatch

[victorburgos]

Hi, I have this information on my logs that indicates message id 4D0VGH0j7xz2Zcts is infected with Sanesecurity.Jurlbl.16c7ab:

Code: Select all

Dec 22 09:42:48 filter MailScanner[19662]: Clamd::INFECTED::Sanesecurity.Jurlbl.16c7ab.UNOFFICIAL :: ./4D0VGH0j7xz2Zcts/
Dec 22 09:42:48 filter MailScanner[19662]: Found spam based virus Sanesecurity.Jurlbl.16c7ab.UNOFFICIAL in 4D0VGH0j7xz2Zcts
Dec 22 09:42:48 filter MailScanner[19662]: Found spam based virus Sanesecurity.Jurlbl.16c7ab.UNOFFICIAL in 4D0VGH0j7xz2Zcts
Dec 22 09:42:49 filter MailScanner[19662]: RBL checks: 4D0VGH0j7xz2Zcts found in SPAMHAUS
Dec 22 09:42:52 filter MailScanner[19662]: Message 4D0VGH0j7xz2Zcts from x.x.x.x (zantaclawsuit@goodtrade.buzz) to mydomain.com is spam, SPAMHAUS, SpamAssassin (no store, points=9.211, required 4, autolearn=spam, BAYES_99 3.50, BAYES_999 0.20, DCC_CHECK 1.10, DCC_REPUT_99_100 1.40, FROM_SUSPICIOUS_NTLD 0.50, FROM_SUSPICIOUS_NTLD_FP 1.25, FSL_BULK_SIG 0.00, HTML_FONT_LOW_CONTRAST 0.00, HTML_MESSAGE 0.00, MS_FOUND_SPAMVIRUS 3.00, NORDNS_LOW_CONTRAST 2.18, PDS_OTHER_BAD_TLD 2.00, RCVD_IN_SBL_CSS 3.33, RDNS_NONE 0.79, SPF_HELO_NONE 0.00, SPF_NONE 0.00, TXREP -0.05, URIBL_ABUSE_SURBL 20.00, URIBL_BLACK 20.00, URIBL_DBL_SPAM 20.00)

However, If I open that message id (4D0VGH0j7xz2Zcts) on mailwatch, it indicates there is no virus:

goto message.png (2.1 KiB) Viewed 1800 times

No virus on mailwatch

no virus when spam.png (37.17 KiB) Viewed 1800 times

Why is it not indicating that this is a virus?
Note: the message was marked as spam, not sure if that is related to the problem.

Thanks

[shawniverson]

Even though the antivirus detected this, it is a "spam virus" meaning it matched a spam signature, so instead of flagging it as a virus (because it really isn't) it flags it as a spam.