Scalix Forums

I just sucessfully installed Trend Micro as the AV engine for Scalix. I was looking at my audit logs and found several entries like this:

routing
time 1137009135 Wed Jan 11 11:52:15 2006 -480
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 1
hop-count 1
originator Mike Baker / emailserver, bbpi-pdc/CN=Mike Baker
subject Just more malformed Spam
ua-message-id H00000780000fcf1.1137009133.emailserver.bbpi-pdc.billsblue.com
mta-message-id H00000780000fcf1.1137009133.emailserver.bbpi-pdc.billsblue.com
part-size 208
part-type 1166 DISTRIBUTION LIST
part-size 8072
part-type 2130 Microsoft RTF
recipient-to ericwatt / emailserver, bbpi-pdc/CN=Eric Watt
ack-req 0 none
queue LOCAL
message-filter-info +VIRUS-FOUND=ALLOW
max-nest-depth 0
message-size 13129
part-count 2
delivered-count 1


Does this mean that a virus is being detected and ALLOWED? Because that's the exact opposite of what my ALL-ROUTES.VIR file says. That's configured this way:

VIRUS-FOUND=1 ACTION=DISCARD NOTIFY="Your email contained a virus and was not delivered"
VIRUS-FOUND=0 ACTION=ALLOW

Hi Mike,

As you may have noticed, all your messages say:

message-filter-info +VIRUS-FOUND=ALLOW

or at least the messages that did *not* have a virus. What this is saying is that a virus wasn't found (i.e. VIRUS-FOUND=0) and the action that was performed is ALLOW. If you see:

message-filter-info +VIRUS-FOUND=DISCARD

then it's saying a virus was found and the action taken was to discard the message.

Thanks,
Rachel