From sfarrell at ICCONSULTING.COM.AU Sun Nov 4 01:08:25 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) Message-ID: Andrew, I would be really interested in your configuration of SpamAssassin and mailscanner. are you running SpamAssassin with sendmail, and by being tiggered by procmail during local delivery? are you using the spamd/spamc stuff ? Because if you are, I am looking for a different solution. I use mailscanner on a sendmail relay , before my real mail server (like I guess most others do). regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Andrew Hoying Sent by: MailScanner mailing list 31/10/2001 04:22 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Subject Line control (SPAM CONTROL) I've been using spam-assassin, http://spamassassin.taint.org/, along with mailscanner. Spam-assassin catches about 95% of the spam sent to the company I work for, up significantly from what mailscanner can catch, but it doesn't do virus scanning so I have to use both products on my mail gateway. I would love to see these to products combined into one. I may have a chance to start some work in that direction in the comming days, but if someone else would like to look at this, that would be great. Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, October 30, 2001 2:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Subject Line control (SPAM CONTROL) > > > At 21:21 29/10/2001, you wrote: > >I am new to mailscanner, so I apologies if this is answered > somewhere else. > >Is there a way to scan for word expressions in the Subject line > to identify > >Spam mail? It seems to only catch 20% of the Spam coming through my mail > >server using MAPS. > > No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or > ORBL as well? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011104/03093310/attachment.html From sfarrell at ICCONSULTING.COM.AU Sun Nov 4 06:48:04 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) Message-ID: Andrew, I had a little dig around and came up with a few things. 1. I think sendmail.pl is the place to play with support for spamassasin. 2. it looks as though someone has already had a plug at some other "Spam Killer" - to a search for Kill in sendmail.pl 3. all we need to do is send the entire email to stdin of spamc, and read it back from stdout 4. parse the subject and look for *****SPAM***** 5. copy over the header X-Spam-Status if spam detected (see 4 above). spamc is a nice little proggy that will read from stdin, talk to a daemon (spamd), which checks for spam, writes in the subject and body and headers, and returns to spamc, and spamc spits the email back to stdout. I think I'll go pick up a copy of O'Reilly learning perl or something, and make a proper attempt at some of this. not wanting to teach anyone to suck eggs, but I got as far as: http://cpan.perl.org/doc/manual/html/pod/perlipc.html#Bidirectional_Communication_with which has an example to read and write to stdin,stdout. I would rather spamassasin not scribble so much in the email, but rather return flags, and let mailscanner follow its rules. So basically I think we parse the email coming back from spamc, and discard it, and makes decisions in mailscanner. So we might need to reprocess the output of spamc, and look for *****SPAM***** in the subject, and use that as the key from output from spamc to tell mailscanner it is spam, I think the header: X-Spam-Status would be good to keep/process as well, its output looks something like this: X-Spam-Status: Yes, hits=10 required=5 tests=FORGED_RCVD_FOUND,NO_REAL_NAM E,UNDISC_RECIPS,INVALID_DATE,MSGID_HAS_NO_AT,REMOVE_SUBJ which shows which rules were broken , leading to the spam decision. this is the stuff it adds to the body of the email: SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future, using SPAM: the built-in mail filtering support in your mail reader. SPAM: SPAM: Content analysis details: (10 hits, 5 required) SPAM: Hit! (0.1 points) Possibly-forged 'Received:' header found SPAM: Hit! (3.2 points) From: does not include a real name SPAM: Hit! (1.4 points) Valid-looking To "undisclosed-recipients" SPAM: Hit! (3.3 points) Invalid Date: header (has AM/PM) SPAM: Hit! (0.3 points) Message-Id has no @ sign SPAM: Hit! (1.7 points) BODY: /remove.*subject/i SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- I don't think we can do much with that - I dont think that much is allowed in headers, and I think it is "over the top" for the mail body. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Andrew Hoying Sent by: MailScanner mailing list 31/10/2001 04:22 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Subject Line control (SPAM CONTROL) I've been using spam-assassin, http://spamassassin.taint.org/, along with mailscanner. Spam-assassin catches about 95% of the spam sent to the company I work for, up significantly from what mailscanner can catch, but it doesn't do virus scanning so I have to use both products on my mail gateway. I would love to see these to products combined into one. I may have a chance to start some work in that direction in the comming days, but if someone else would like to look at this, that would be great. Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, October 30, 2001 2:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Subject Line control (SPAM CONTROL) > > > At 21:21 29/10/2001, you wrote: > >I am new to mailscanner, so I apologies if this is answered > somewhere else. > >Is there a way to scan for word expressions in the Subject line > to identify > >Spam mail? It seems to only catch 20% of the Spam coming through my mail > >server using MAPS. > > No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or > ORBL as well? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011104/2c087c26/attachment.html From andrewh at CQG.COM Sun Nov 4 18:47:50 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) References: Message-ID: <005e01c16561$34c0d3d0$040be3cc@wolffang> I have it set up kind of interesting, mail comes into my mail gateway/relay into the mqueue.in and gets scanned by mailscanner. It then moves to mqueue. Inside of mqueue, sendmail checks if the message has the .procmail extension to the recipient. If it does, it gets forwarded to the internal machine, if not it gets run through procmail which runs it through spamassassin using spamc/spamd. Andrew Hoying ----- Original Message ----- From: "Scott Farrell" To: Sent: Saturday, November 03, 2001 6:08 PM Subject: Re: Subject Line control (SPAM CONTROL) > Andrew, > > I would be really interested in your configuration of SpamAssassin and mailscanner. > > are you running SpamAssassin with sendmail, and by being tiggered by procmail during local delivery? > are you using the spamd/spamc stuff ? > > Because if you are, I am looking for a different solution. I use > mailscanner on a sendmail relay , before my real mail server (like I guess > most others do). > > regards > Scott Farrell > > http://www.icconsulting.com.au > ic Consulting - the people that make eBusiness happen. > We offer e-business consulting and perform services. We deliver high > impact consulting, and fast turn around projects for our clients. > Ask us about Web Content Management, Web Self Service, or working closer > with your customers or suppliers. > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au > > > > > Andrew Hoying > Sent by: MailScanner mailing list > 31/10/2001 04:22 AM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: Subject Line control (SPAM CONTROL) > I've been using spam-assassin, http://spamassassin.taint.org/, along with > mailscanner. Spam-assassin catches about 95% of the spam sent to the > company > I work for, up significantly from what mailscanner can catch, but it > doesn't > do virus scanning so I have to use both products on my mail gateway. I > would > love to see these to products combined into one. I may have a chance to > start some work in that direction in the comming days, but if someone else > would like to look at this, that would be great. > > Andrew Hoying > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Julian Field > > Sent: Tuesday, October 30, 2001 2:19 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Subject Line control (SPAM CONTROL) > > > > > > At 21:21 29/10/2001, you wrote: > > >I am new to mailscanner, so I apologies if this is answered > > somewhere else. > > >Is there a way to scan for word expressions in the Subject line > > to identify > > >Spam mail? It seems to only catch 20% of the Spam coming through my > mail > > >server using MAPS. > > > > No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or > > ORBL as well? > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > > From sfarrell at ICCONSULTING.COM.AU Mon Nov 5 04:27:57 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) Message-ID: Andrew, so your outgoing goes through procmail ? I am pretty good sendmail .... but can't figure out the settings, can you document some of your config in here for us? thantx Scott Andrew Hoying To: MAILSCANNER@JISCMAIL.AC.UK Sent by: cc: MailScanner Subject: Re: Subject Line control (SPAM CONTROL) mailing list 05/11/01 05:47 AM Please respond to MailScanner mailing list I have it set up kind of interesting, mail comes into my mail gateway/relay into the mqueue.in and gets scanned by mailscanner. It then moves to mqueue. Inside of mqueue, sendmail checks if the message has the .procmail extension to the recipient. If it does, it gets forwarded to the internal machine, if not it gets run through procmail which runs it through spamassassin using spamc/spamd. Andrew Hoying ----- Original Message ----- From: "Scott Farrell" To: Sent: Saturday, November 03, 2001 6:08 PM Subject: Re: Subject Line control (SPAM CONTROL) > Andrew, > > I would be really interested in your configuration of SpamAssassin and mailscanner. > > are you running SpamAssassin with sendmail, and by being tiggered by procmail during local delivery? > are you using the spamd/spamc stuff ? > > Because if you are, I am looking for a different solution. I use > mailscanner on a sendmail relay , before my real mail server (like I guess > most others do). > > regards > Scott Farrell > > http://www.icconsulting.com.au > ic Consulting - the people that make eBusiness happen. > We offer e-business consulting and perform services. We deliver high > impact consulting, and fast turn around projects for our clients. > Ask us about Web Content Management, Web Self Service, or working closer > with your customers or suppliers. > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au > > > > > Andrew Hoying > Sent by: MailScanner mailing list > 31/10/2001 04:22 AM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: Subject Line control (SPAM CONTROL) > I've been using spam-assassin, http://spamassassin.taint.org/, along with > mailscanner. Spam-assassin catches about 95% of the spam sent to the > company > I work for, up significantly from what mailscanner can catch, but it > doesn't > do virus scanning so I have to use both products on my mail gateway. I > would > love to see these to products combined into one. I may have a chance to > start some work in that direction in the comming days, but if someone else > would like to look at this, that would be great. > > Andrew Hoying > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Julian Field > > Sent: Tuesday, October 30, 2001 2:19 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Subject Line control (SPAM CONTROL) > > > > > > At 21:21 29/10/2001, you wrote: > > >I am new to mailscanner, so I apologies if this is answered > > somewhere else. > > >Is there a way to scan for word expressions in the Subject line > > to identify > > >Spam mail? It seems to only catch 20% of the Spam coming through my > mail > > >server using MAPS. > > > > No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or > > ORBL as well? > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > > From Q.G.Campbell at newcastle.ac.uk Thu Nov 1 13:59:45 2001 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Jan 12 21:14:05 2006 Subject: deleted.virus.message.txt typo Message-ID: Julian I am installing 2.60-2 and note again the misspelling of "believed" in the file deleted.virus.message.txt. It is a very minor problem but as I keep tripping over it with each successive release of MailScanner (we modify wording of most messages) I guess it is best to point it out! With best wishes Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From LISTSERV at JISCMAIL.AC.UK Thu Nov 1 19:27:16 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: mime@GMX.DE requested to join Message-ID: <200111011927.TAA22080@magpie.ecs.soton.ac.uk> Thu, 1 Nov 2001 19:27:16 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Michael Meyer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mime@GMX.DE Michael Meyer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mime@GMX.DE Michael Meyer // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Nov 1 23:33:45 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: ed@THE7THBEER.COM requested to join Message-ID: <200111012333.XAA04541@magpie.ecs.soton.ac.uk> Thu, 1 Nov 2001 23:33:45 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Edward Mitchell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ed@THE7THBEER.COM Edward Mitchell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ed@THE7THBEER.COM Edward Mitchell // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Nov 2 15:48:40 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: krice@TLCDELIVERS.COM requested to join Message-ID: <200111021548.PAA16520@magpie.ecs.soton.ac.uk> Fri, 2 Nov 2001 15:48:40 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ken Rice The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER krice@TLCDELIVERS.COM Ken Rice PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER krice@TLCDELIVERS.COM Ken Rice SET MAILSCANNER NOMIME DIGEST FOR krice@TLCDELIVERS.COM // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Nov 3 05:41:55 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: siewwu.tan@EDGEMATRIX.COM requested to join Message-ID: <200111030541.FAA17620@magpie.ecs.soton.ac.uk> Sat, 3 Nov 2001 05:41:55 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tan Siew Wu You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER siewwu.tan@EDGEMATRIX.COM Tan Siew Wu PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER siewwu.tan@EDGEMATRIX.COM Tan Siew Wu // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Nov 5 10:13:19 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: pao@UKC.AC.UK requested to join Message-ID: <200111051013.KAA06975@magpie.ecs.soton.ac.uk> Mon, 5 Nov 2001 10:13:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Paul Osborne You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pao@UKC.AC.UK Paul Osborne PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pao@UKC.AC.UK Paul Osborne // EOJ From andrewh at CQG.COM Mon Nov 5 22:19:34 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) In-Reply-To: Message-ID: In order to get it to work I've added the following lines to sendmail.cf: --In definitions CPprocmail --In Ruleset 98 R$*<@$*.cqg.com>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.cqg.com.procmail>$3 R$*<@$*.cqg.com.>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.cqg.com.procmail.>$3 R$*<@cqgmail.cqg.com.procmail.>$* $1<@cqgmail.cqg.com.>$2 R$*<@$*.procmail.>$* $1<@int.cqg.com.>$3 R$+ < @ $* cqgmail.cqg.com. > $#esmtp $@ cqgmail.cqg.com. $: $1 < @cqg.com. > R$+ < @ $* int.cqg.com. > $#esmtp $@ int.cqg.com. $: $1 < @cqg.com. > R$+ < @ $* int.cqg.com > $#esmtp $@ int.cqg.com. $: $1 < @cqg.com. > --In Mailer Definitions Mprocmail, P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31, T=DNS/RFC822/X-Unix, A=procmail -m $h $g $u -- And my /etc/procmail/filter.rc file: LOGFILE=/var/log/procmail.log SENDER = "<$1>" # fix for empty sender addresses SHIFT = 1 :0f | spamc -f :O: * ^Subject:.*\{SPAM\?\}.* # Send mail along to original recipients and spam account for logging ! -oi -f "$SENDER" "$@" spam@cqg.com.procmail :0 w # pass along all other mail ! -oi -f "$SENDER" "$@" > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Scott Farrell > Sent: Sunday, November 04, 2001 9:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Subject Line control (SPAM CONTROL) > > > Andrew, > > so your outgoing goes through procmail ? > > I am pretty good sendmail .... but can't figure out the settings, can you > document some of your config in here for us? > > thantx > Scott > > > > Andrew Hoying > To: > MAILSCANNER@JISCMAIL.AC.UK > Sent by: cc: > MailScanner Subject: Re: > Subject Line control (SPAM CONTROL) > mailing list > AIL.AC.UK> > > > 05/11/01 05:47 AM > Please respond to > MailScanner > mailing list > > > > > I have it set up kind of interesting, mail comes into my mail > gateway/relay > into the mqueue.in and gets scanned by mailscanner. It then moves to > mqueue. > Inside of mqueue, sendmail checks if the message has the .procmail > extension > to the recipient. If it does, it gets forwarded to the internal > machine, if > not it gets run through procmail which runs it through spamassassin using > spamc/spamd. > > Andrew Hoying > > ----- Original Message ----- > From: "Scott Farrell" > To: > Sent: Saturday, November 03, 2001 6:08 PM > Subject: Re: Subject Line control (SPAM CONTROL) > > > > Andrew, > > > > I would be really interested in your configuration of SpamAssassin and > mailscanner. > > > > are you running SpamAssassin with sendmail, and by being tiggered by > procmail during local delivery? > > are you using the spamd/spamc stuff ? > > > > Because if you are, I am looking for a different solution. I use > > mailscanner on a sendmail relay , before my real mail server (like I > guess > > most others do). > > > > regards > > Scott Farrell > > > > http://www.icconsulting.com.au > > ic Consulting - the people that make eBusiness happen. > > We offer e-business consulting and perform services. We deliver high > > impact consulting, and fast turn around projects for our clients. > > Ask us about Web Content Management, Web Self Service, or > working closer > > with your customers or suppliers. > > > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au > > > > > > > > > > Andrew Hoying > > Sent by: MailScanner mailing list > > 31/10/2001 04:22 AM > > Please respond to MailScanner mailing list > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > cc: > > Subject: Re: Subject Line control (SPAM CONTROL) > > I've been using spam-assassin, http://spamassassin.taint.org/, > along with > > mailscanner. Spam-assassin catches about 95% of the spam sent to the > > company > > I work for, up significantly from what mailscanner can catch, but it > > doesn't > > do virus scanning so I have to use both products on my mail gateway. I > > would > > love to see these to products combined into one. I may have a chance to > > start some work in that direction in the comming days, but if someone > else > > would like to look at this, that would be great. > > > > Andrew Hoying > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Julian Field > > > Sent: Tuesday, October 30, 2001 2:19 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Subject Line control (SPAM CONTROL) > > > > > > > > > At 21:21 29/10/2001, you wrote: > > > >I am new to mailscanner, so I apologies if this is answered > > > somewhere else. > > > >Is there a way to scan for word expressions in the Subject line > > > to identify > > > >Spam mail? It seems to only catch 20% of the Spam coming through my > > mail > > > >server using MAPS. > > > > > > No there aren't, I'm afraid. Have you looked at using ORDB, > ORBZ and/or > > > ORBL as well? > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > > > > > > From LISTSERV at JISCMAIL.AC.UK Wed Nov 7 08:36:05 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: zhangm@R3.SANYOSHK.COM requested to join Message-ID: <200111070836.IAA16116@magpie.ecs.soton.ac.uk> Wed, 7 Nov 2001 08:36:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Zhang Ming You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER zhangm@R3.SANYOSHK.COM Zhang Ming PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER zhangm@R3.SANYOSHK.COM Zhang Ming // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Nov 7 08:54:05 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: pg@NEWHONEST.COM requested to join Message-ID: <200111070854.IAA17042@magpie.ecs.soton.ac.uk> Wed, 7 Nov 2001 08:54:05 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jason Kwok You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pg@NEWHONEST.COM Jason Kwok PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pg@NEWHONEST.COM Jason Kwok // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Nov 7 11:44:51 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: borsk@TX.TECHNION.AC.IL requested to join Message-ID: <200111071144.LAA27014@magpie.ecs.soton.ac.uk> Wed, 7 Nov 2001 11:44:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Boris Skoblo You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER borsk@TX.TECHNION.AC.IL Boris Skoblo PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER borsk@TX.TECHNION.AC.IL Boris Skoblo // EOJ From borsk at techunix.TECHNION.AC.IL Wed Nov 7 12:02:03 2001 From: borsk at techunix.TECHNION.AC.IL (Boris Skoblo) Date: Thu Jan 12 21:14:05 2006 Subject: Mcaffe autoupdate fails Message-ID: Hi, if i started Mcafee autoupdate, i got: # /usr/local/mcafee/autoupdate Can't locate Net/FTP.pm in @INC (@INC contains: /usr/lib/perl5/5.6.0/i386- linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386 -linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/local/mcafee/autoupdate line 18. BEGIN failed--compilation aborted at /usr/local/mcafee/autoupdate line 18. What does it mean? From zhangm at R3.SANYOSHK.COM Wed Nov 7 12:50:41 2001 From: zhangm at R3.SANYOSHK.COM (Zhang Ming) Date: Thu Jan 12 21:14:06 2006 Subject: Filter.pm and character set References: Message-ID: <00f801c1678a$cf943930$1f021bac@mis1n> hi, I am using redhat7.1 and 7.2, Mcafee. Installed mailscanner last week. when I restart or start mailscanner in command line, then it 'pop up' below message... those should be stored in syslog. (although mails are ok to be checked/filtered) # ignoring text in `BIG5' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `ISO-2022-JP' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `BIG5' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `ISO-2022-JP' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ... anyone has this problem? B.R. Z From nwp at LEMON-COMPUTING.COM Wed Nov 7 14:40:21 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: Mcaffe autoupdate fails In-Reply-To: ; from borsk@TX.TECHNION.AC.IL on Wed, Nov 07, 2001 at 12:02:03PM +0000 References: Message-ID: <20011107144021.C11222@lemon-computing.com> On Wed, Nov 07, 2001 at 12:02:03PM +0000, Boris Skoblo wrote: > if i started Mcafee autoupdate, i got: > > # /usr/local/mcafee/autoupdate > Can't locate Net/FTP.pm in @INC (@INC contains: /usr/lib/perl5/5.6.0/i386- > linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386 > -linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) > at /usr/local/mcafee/autoupdate line 18. > BEGIN failed--compilation aborted at /usr/local/mcafee/autoupdate line 18. > > What does it mean? It means that the mcafee auto-update script requires that you install the CPAN Net::FTP module, which probably isn't documented anywhere, and Julian probably wasn't aware of, as he doesn't have or use McAfee. He will be aware of it now ;) and it will probably get documented as soon as he knows exactly what the situation is. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Ships are safe in harbor, but they were never meant to stay there. From LISTSERV at JISCMAIL.AC.UK Wed Nov 7 12:54:29 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: N.Pindolia@EASTMAN.UCL.AC.UK requested to join Message-ID: <200111071254.MAA01189@magpie.ecs.soton.ac.uk> Wed, 7 Nov 2001 12:54:29 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Naresh Pindolia You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER N.Pindolia@EASTMAN.UCL.AC.UK Naresh Pindolia PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER N.Pindolia@EASTMAN.UCL.AC.UK Naresh Pindolia // EOJ From borsk at techunix.TECHNION.AC.IL Thu Nov 8 09:00:54 2001 From: borsk at techunix.TECHNION.AC.IL (Boris Skoblo) Date: Thu Jan 12 21:14:06 2006 Subject: mailscanner not functions correctly Message-ID: Hi All, I could once at once after installation start mailscanner and send the message containing test eicar.com file. I have received correct response of the program both warning messages to the sender and receiver. After that I tried install the perl module net:: ftp, as for me was not worked script /mcafee/autoupdate. Also I still rebooted the server. Since then I do not see that mailscanner functions correctly. I try to send the same test file and I receive it as not of past any anti-virus processing. To what I have paid attention that when I run mailscanner: [ root@host /root]# /etc/rc.d/init.d/mailscanner start Starting MailScanner: [ root@host /root]# ps -ef | grep sendmail root 3180 1 0 10:41? 00:00:00 /usr/sbin/sendmail -bd -ODeliver root 3182 1 0 10:41? 00:00:00 /usr/sbin/sendmail -q15m But when in some minutes I again issue the command: [root@host /root]# ps -ef | grep sendmail, I receive only: /usr/sbin/sendmail -q15m. Whether I do not know has this ratio to my problem or and be owes How in general to carry out correctly diagnostics of my fault? From sfarrell at ICCONSULTING.COM.AU Thu Nov 8 10:39:59 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:06 2006 Subject: mailscanner not functions correctly Message-ID: Tell us more about your sendmail config. Are you listening to what port? are you delivering local, or routing on? I would first suggest running sendmail only, without mailscanner to see if your machine/configuration is reliable. Here is my output for you to compare : ps -ef | grep sendmail root 1715 1 0 20:06 ? 00:00:00 sendmail: accepting connections root 1718 1 0 20:06 ? 00:00:00 /usr/sbin/sendmail -q15m root 1836 1296 0 20:38 pts/0 00:00:00 grep sendmail netstat -anp|grep ":25" tcp 0 0 192.168.0.4:25 0.0.0.0:* LISTEN 1715/sendmail: acce regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Boris Skoblo cc: Sent by: MailScanner Subject: mailscanner not functions correctly mailing list 08/11/01 08:00 PM Please respond to MailScanner mailing list Hi All, I could once at once after installation start mailscanner and send the message containing test eicar.com file. I have received correct response of the program both warning messages to the sender and receiver. After that I tried install the perl module net:: ftp, as for me was not worked script /mcafee/autoupdate. Also I still rebooted the server. Since then I do not see that mailscanner functions correctly. I try to send the same test file and I receive it as not of past any anti-virus processing. To what I have paid attention that when I run mailscanner: [ root@host /root]# /etc/rc.d/init.d/mailscanner start Starting MailScanner: [ root@host /root]# ps -ef | grep sendmail root 3180 1 0 10:41? 00:00:00 /usr/sbin/sendmail -bd -ODeliver root 3182 1 0 10:41? 00:00:00 /usr/sbin/sendmail -q15m But when in some minutes I again issue the command: [root@host /root]# ps -ef | grep sendmail, I receive only: /usr/sbin/sendmail -q15m. Whether I do not know has this ratio to my problem or and be owes How in general to carry out correctly diagnostics of my fault? From s.effertz at JOLA.DE Thu Nov 8 12:21:08 2001 From: s.effertz at JOLA.DE (Stephan Effertz) Date: Thu Jan 12 21:14:06 2006 Subject: Antwort: mailscanner not functions correctly Message-ID: Hi Boris, looks like your sendmail doesn't put all messages into your mqueue.in without further processing. If you stop mailscanner all incoming messages should be stored in /var/spool/mqueue.in (or wherever you put them) - without further processing. I suppose they do not. So I think you should check your sendmail script in /etc/init.d/ . Make sure that sendmail does work in queueonly - mode and puts all incoming messages in /var/spool/mqueue.in (Notice the .IN) - NOT /var/spool/mqueue. mailscanner will move your message to /var/spool/mqueue after scanning them (Ok, it doesn't really move - it symlinks :-) best regards, Stephan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011108/9d1b3437/attachment.html From siewwu.tan at EDGEMATRIX.COM Thu Nov 8 18:23:45 2001 From: siewwu.tan at EDGEMATRIX.COM (Tan Siew Wu) Date: Thu Jan 12 21:14:06 2006 Subject: McAfee autoupdate script error in version 2.60-2 Message-ID: Hi all, Just downloaded and installed version 2.60-2 and I am using McAfee. Noticed a few errors in the mcafee autoupdate scripts. my($mcafeeroot) = '/usr/local/mcafee/'; my($DATlink) = "$mcafeeroot/dat/"; my($DATdir) = "$mcafeeroot/" . sprintf("%04d%02d%02d", $year, $month, $date); .... .... open(MCAFEETEST, "$mcafee -d $DATdir | "); ..... .... print "DATdir\n"; 1) The trailing "/" for $mcafeeroot caused "//" in $DATlink and $DATdir. 2) The trailing "/" for $DATlink caused unlink and symlink to fail at the last part of the script. 3) suggest "--version" at testing as it give more meaning output 4) Missing "$" on the last print statement From pg at NEWHONEST.COM Fri Nov 9 05:00:06 2001 From: pg at NEWHONEST.COM (Jason Kwok) Date: Thu Jan 12 21:14:06 2006 Subject: Error initialising detection engine - missing main virus data Message-ID: <011801c168db$66ce30c0$0201a8c0@newhonest.com> Hi, After running the mailscanner, I got this error message when a message comes in : Error initialising detection engine - missing main virus data. I've checked the dat (libsavi.so.2 libsavi.so.2.2.03.083 vdl-3.51.dat vdl.dat) files are in the /usr/local/Sophos/lib. I remarked out the line "export SAV_IDE", and the system has no more complaints. But I suppose I shouldn't do that, should I? == ==== Best Regards Jason Kwok ============== ==== --- Virus Free Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.295 / Virus Database: 159 - Release Date: 2001/11/1 From LISTSERV at JISCMAIL.AC.UK Fri Nov 9 21:05:12 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: csm@PIAR.HU requested to join Message-ID: <200111092105.VAA01051@magpie.ecs.soton.ac.uk> Fri, 9 Nov 2001 21:05:12 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Miklos Csanady You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER csm@PIAR.HU Miklos Csanady PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER csm@PIAR.HU Miklos Csanady // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Nov 10 00:31:13 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: tmaenner@AEHR.COM requested to join Message-ID: <200111100031.AAA09234@magpie.ecs.soton.ac.uk> Sat, 10 Nov 2001 00:31:13 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Thomas Maenner You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tmaenner@AEHR.COM Thomas Maenner PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tmaenner@AEHR.COM Thomas Maenner // EOJ From csm at PIAR.HU Sun Nov 11 21:25:17 2001 From: csm at PIAR.HU (Csanády Miklós piarista) Date: Thu Jan 12 21:14:06 2006 Subject: alerts to postmaster but sender why Message-ID: <200111112125.fABLPHA04694@localhost.localdomain> Hi, I must have misconfigured something, because the sender of the infected mail does not get a warning when his mail triggers the scanner. Where should I look for the mistake. Here is a section from my conf file. The postmaster gets the warning. --------------------- # Deliver messages with viruses removed to their original recipients # or just delete them? Deliver To Recipients = yes # Notify the senders of infected messages that they should check out # their systems? Notify Senders = yes # Set where to find the message text sent to the senders of infected # messages. Sender Report = /usr/local/MailScanner/etc/sender.report.txt Sender Virus Report = /usr/local/MailScanner/sender.virus.report.txt Sender Bad Filename Report = /usr/local/MailScanner/etc/sender.filename.report.txt Sender Error Report = /usr/local/MailScanner/etc/sender.error.report.txt # Notify the local postmaster when any infections are found? Notify Local Postmaster = yes # Set email address of who to notify about any infections found. # Should put your full domain name here too, # e.g. postmaster@your.domain.com Local Postmaster = csm@gimn-db.piar.hu # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep ----------------- Any ideas? Thanks Miklos From Q.G.Campbell at NEWCASTLE.AC.UK Mon Nov 12 07:34:12 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:06 2006 Subject: alerts to postmaster but sender why Message-ID: > -----Original Message----- > From: Csan?dy Mikl?s piarista [mailto:csm@piar.hu] > Sent: 11 November 2001 21:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: alerts to postmaster but sender why > > > Hi, > I must have misconfigured something, because the sender of > the infected mail does not get a warning when his mail > triggers the scanner. > > Where should I look for the mistake. > Here is a section from my conf file. > > The postmaster gets the warning. > --------------------- > # Deliver messages with viruses removed to their original > recipients # or just delete them? Deliver To Recipients = yes > > # Notify the senders of infected messages that they should > check out # their systems? Notify Senders = yes > > # Set where to find the message text sent to the senders of > infected # messages. Sender Report = > /usr/local/MailScanner/etc/sender.report.txt > Sender Virus Report = > /usr/local/MailScanner/sender.virus.report.txt > Sender Bad Filename Report = > /usr/local/MailScanner/etc/sender.filename.report.txt > Sender Error Report = > /usr/local/MailScanner/etc/sender.error.report.txt > > # Notify the local postmaster when any infections are found? > Notify Local Postmaster = yes > > # Set email address of who to notify about any infections > found. # Should put your full domain name here too, > # e.g. postmaster@your.domain.com > Local Postmaster = csm@gimn-db.piar.hu > > # Set what to do with infected attachments or messages. > # keep ==> Store under the "Quarantine Dir" > # delete ==> Just delete them > #Action = delete > Action = keep > ----------------- > Any ideas? > Thanks > Miklos Miklos There is a typo in the pathname of the "Sender Virus Report = line". The "/etc/" is missing and it should read: Sender Virus Report = /usr/local/MailScanner/etc/sender.virus.report.txt If the MailScanner stuff is mounted under /usr/local then you can avoid having to retype pathnames in the "mailscanner.conf" file by creating a link in /opt that points at the /usr/local/MailScanner directory. Do: ln -s /usr/local/MailScanner /opt/mailscanner I hope this is of assistance. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From LISTSERV at JISCMAIL.AC.UK Mon Nov 12 14:16:32 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: viers@UNILIM.FR requested to join Message-ID: <200111121416.OAA03126@magpie.ecs.soton.ac.uk> Mon, 12 Nov 2001 14:16:32 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Nicolas Viers - Univ Limoges You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER viers@UNILIM.FR Nicolas Viers - Univ Limoges PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER viers@UNILIM.FR Nicolas Viers - Univ Limoges // EOJ From A.Barker at UCL.AC.UK Tue Nov 13 09:03:29 2001 From: A.Barker at UCL.AC.UK (Adrian Barker) Date: Thu Jan 12 21:14:06 2006 Subject: Warnings about file locking Message-ID: <200111130903.fAD93T716169@sun-226.is-eisd.ucl.ac.uk> In the syslog files we see a number of errors of the form: Nov 13 02:13:11 pop-b.ucl.ac.uk mailscanner[20961]: Failed to lock /var/spool/mqueue.in/qfCAA21422: Resource temporarily unavailable Does anyone know what these mean, and what should be done about them ? It does not look like a load-related problem, as they occur throughout the day and night. The machine is running Solaris 8. Thanks for any suggestions, Adrian Barker, Information Systems University College London, Gower Street, London WC1E 6BT External phone: (+44) 020 7679 2795, Fax (+44) 20 7388 5406 Internal phone: x 32795 Email: A.Barker@ucl.ac.uk From nwp at LEMON-COMPUTING.COM Tue Nov 13 13:06:25 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: Warnings about file locking In-Reply-To: <200111130903.fAD93T716169@sun-226.is-eisd.ucl.ac.uk>; from A.Barker@UCL.AC.UK on Tue, Nov 13, 2001 at 09:03:29AM +0000 References: <200111130903.fAD93T716169@sun-226.is-eisd.ucl.ac.uk> Message-ID: <20011113130625.V7100@lemon-computing.com> On Tue, Nov 13, 2001 at 09:03:29AM +0000, Adrian Barker wrote: > In the syslog files we see a number of errors of the form: > > Nov 13 02:13:11 pop-b.ucl.ac.uk mailscanner[20961]: Failed to lock /var/spool/mqueue.in/qfCAA21422: Resource temporarily unavailable > > Does anyone know what these mean, and what should be done about them ? It does not > look like a load-related problem, as they occur throughout the day and night. > The machine is running Solaris 8. It most likely means that something else had the file locked at the time. Like sendmail, most likely. The logging for the locking is currently quite anal, as I mad quite a lot of changes to it when putting the code through the mangel to add support for Exim. And I/we just haven't got round to making the logging properly configurable yet. It's on the list... -- Nick Phillips -- nwp@lemon-computing.com You would if you could but you can't so you won't. From LISTSERV at JISCMAIL.AC.UK Mon Nov 12 22:17:38 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: valianp@SOUTHWESTERN.EDU requested to join Message-ID: <200111122217.WAA02072@magpie.ecs.soton.ac.uk> Mon, 12 Nov 2001 22:17:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Peter Valian You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER valianp@SOUTHWESTERN.EDU Peter Valian PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER valianp@SOUTHWESTERN.EDU Peter Valian // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 13 13:07:49 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: becher@WEB.LU requested to join Message-ID: <200111131307.NAA10862@magpie.ecs.soton.ac.uk> Tue, 13 Nov 2001 13:07:49 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Luc Schiltz You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER becher@WEB.LU Luc Schiltz PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER becher@WEB.LU Luc Schiltz // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 13 14:08:13 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: fcarvalho@DI.FC.UL.PT requested to join Message-ID: <200111131408.OAA14973@magpie.ecs.soton.ac.uk> Tue, 13 Nov 2001 14:08:13 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Filipe Carvalho The following membership options have been requested: HTML DIGEST SHORTHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER fcarvalho@DI.FC.UL.PT Filipe Carvalho PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER fcarvalho@DI.FC.UL.PT Filipe Carvalho SET MAILSCANNER HTML DIGEST SHORTHDR FOR fcarvalho@DI.FC.UL.PT // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 13 15:05:30 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: mailscanner@ESNAOLA.ORG requested to join Message-ID: <200111131505.PAA18872@magpie.ecs.soton.ac.uk> Tue, 13 Nov 2001 15:05:30 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Lionel Darnis You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mailscanner@ESNAOLA.ORG Lionel Darnis PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mailscanner@ESNAOLA.ORG Lionel Darnis // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 13 23:13:01 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: hzhu@MAIL.WESLEYAN.EDU requested to join Message-ID: <200111132312.XAA17787@magpie.ecs.soton.ac.uk> Tue, 13 Nov 2001 23:13:01 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Hong Zhu You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER hzhu@MAIL.WESLEYAN.EDU Hong Zhu PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER hzhu@MAIL.WESLEYAN.EDU Hong Zhu // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Nov 14 19:57:19 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: mkrom@901BLUES.COM requested to join Message-ID: <200111141957.TAA20978@magpie.ecs.soton.ac.uk> Wed, 14 Nov 2001 19:57:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mike Krom You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mkrom@901BLUES.COM Mike Krom PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mkrom@901BLUES.COM Mike Krom // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Nov 15 13:37:44 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: scheuerm@RZSUN08.UNI-TRIER.DE requested to join Message-ID: <200111151337.NAA11277@magpie.ecs.soton.ac.uk> Thu, 15 Nov 2001 13:37:44 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Horst Scheuermann You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER scheuerm@RZSUN08.UNI-TRIER.DE Horst Scheuermann PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER scheuerm@RZSUN08.UNI-TRIER.DE Horst Scheuermann // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Nov 15 16:47:03 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: chris@MATTS.CO.UK requested to join Message-ID: <200111151646.QAA23958@magpie.ecs.soton.ac.uk> Thu, 15 Nov 2001 16:47:03 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Chris Kilner You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER chris@MATTS.CO.UK Chris Kilner PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER chris@MATTS.CO.UK Chris Kilner // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Nov 16 17:10:24 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: cooperj@WESTMANCOM.COM requested to join Message-ID: <200111161710.RAA11134@magpie.ecs.soton.ac.uk> Fri, 16 Nov 2001 17:10:24 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jon Cooper You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER cooperj@WESTMANCOM.COM Jon Cooper PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER cooperj@WESTMANCOM.COM Jon Cooper // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Nov 19 18:13:07 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: r.mogliotti@ATLINK.IT requested to join Message-ID: <200111191812.SAA10369@magpie.ecs.soton.ac.uk> Mon, 19 Nov 2001 18:13:07 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Roberto Mogliotti You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER r.mogliotti@ATLINK.IT Roberto Mogliotti PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER r.mogliotti@ATLINK.IT Roberto Mogliotti // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 20 12:41:54 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: cristiano.radicchi@PUBLITEL.NET requested to join Message-ID: <200111201242.MAA00568@magpie.ecs.soton.ac.uk> Tue, 20 Nov 2001 12:41:54 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Cristiano Radicchi You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER cristiano.radicchi@PUBLITEL.NET Cristiano Radicchi PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER cristiano.radicchi@PUBLITEL.NET Cristiano Radicchi // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Nov 20 22:14:56 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: dennis@YTN.CO.NZ requested to join Message-ID: <200111202214.WAA06768@magpie.ecs.soton.ac.uk> Tue, 20 Nov 2001 22:14:55 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dennis Monks You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dennis@YTN.CO.NZ Dennis Monks PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dennis@YTN.CO.NZ Dennis Monks // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Nov 21 14:20:45 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: jschlegs@TAMPABAY.RR.COM requested to join Message-ID: <200111211421.OAA22861@magpie.ecs.soton.ac.uk> Wed, 21 Nov 2001 14:20:45 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from James Schlegel You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jschlegs@TAMPABAY.RR.COM James Schlegel PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jschlegs@TAMPABAY.RR.COM James Schlegel // EOJ From jschlegs at TAMPABAY.RR.COM Wed Nov 21 14:37:55 2001 From: jschlegs at TAMPABAY.RR.COM (James Schlegel) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies Message-ID: MailScanner seems to be working just as described, which is wonderful. I am having a problem, though, with sendmail not wanting to process any replies sent from either the users or from MailScanner. They all just sit in the /var/spool/mqueue directory. Incoming e-mail drops into the mqueue.in dir and is processed as it should be. Has anyone had anything like this occur? Or any suggestions? James Schlegel Citrus County Sheriffs Office Inverness, FL www.sheriffcitrus.org From jkf at ecs.soton.ac.uk Wed Nov 21 15:36:41 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies In-Reply-To: Message-ID: <5.1.0.14.2.20011121153404.035650e8@hawk.ecs.soton.ac.uk> At 14:37 21/11/2001, you wrote: >MailScanner seems to be working just as described, which is wonderful. I >am having a problem, though, with sendmail not wanting to process any >replies sent from either the users or from MailScanner. They all just sit >in the /var/spool/mqueue directory. Incoming e-mail drops into the >mqueue.in dir and is processed as it should be. > >Has anyone had anything like this occur? Or any suggestions? Sounds a bit as though you might have users running their mail clients (pine or elm perhaps?) on the MailScanner server itself. If you have people directly running the email client on the mail server, make sure it is configured to talk SMTP to the server, not directly invoke the sendmail binary. However, you also say that messages from MailScanner itself are just sitting in the queue not going anywhere. Are you running MailScanner in "queue" mode? Otherwise it should attempt delivery of messages as soon as it places them in the outgoing (/var/spool/mqueue) directory. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jschlegs at TAMPABAY.RR.COM Wed Nov 21 16:03:49 2001 From: jschlegs at TAMPABAY.RR.COM (James Schlegel) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies Message-ID: <200111211603.QAA29687@magpie.ecs.soton.ac.uk> Everyone is using Windows Outlook Express and set for SMTP. I am using the check_mailscanner script to start MailScanner, so I'm not sure if that is using the queue mode or not. I looked through mailscanner.conf and it has "Delivery Method = batch" set. Just set Debug = 1 and now it is not even scanning messages. However, it is now delivering replies! Hmmmm, time to step back and regroup! From jschlegs at TAMPABAY.RR.COM Wed Nov 21 16:03:49 2001 From: jschlegs at TAMPABAY.RR.COM (James Schlegel) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies Message-ID: Everyone is using Windows Outlook Express and set for SMTP. I am using the check_mailscanner script to start MailScanner, so I'm not sure if that is using the queue mode or not. I looked through mailscanner.conf and it has "Delivery Method = batch" set. Just set Debug = 1 and now it is not even scanning messages. However, it is now delivering replies! Hmmmm, time to step back and regroup! From jkf at ecs.soton.ac.uk Wed Nov 21 16:37:45 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies In-Reply-To: Message-ID: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> At 16:03 21/11/2001, you wrote: >Everyone is using Windows Outlook Express and set for SMTP. I am using >the check_mailscanner script to start MailScanner, so I'm not sure if that >is using the queue mode or not. I looked through mailscanner.conf and it >has "Delivery Method = batch" set. So it's running in batch mode, which is the usual setting. >Just set Debug = 1 and now it is not even scanning messages. However, it >is now delivering replies! Don't run it in debug mode, it will behave differently from normal. I don't understand why that has an effect on the replies though, sorry. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jschlegs at TAMPABAY.RR.COM Wed Nov 21 16:41:56 2001 From: jschlegs at TAMPABAY.RR.COM (jim schlegel) Date: Thu Jan 12 21:14:06 2006 Subject: not processing replies In-Reply-To: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> Message-ID: <1006360917.9673.23.camel@molehill.ccso> does sendmail being controlled by inetd have any effect? On Wed, 2001-11-21 at 11:37, Julian Field wrote: > At 16:03 21/11/2001, you wrote: > >Everyone is using Windows Outlook Express and set for SMTP. I am using > >the check_mailscanner script to start MailScanner, so I'm not sure if that > >is using the queue mode or not. I looked through mailscanner.conf and it > >has "Delivery Method = batch" set. > > So it's running in batch mode, which is the usual setting. > > >Just set Debug = 1 and now it is not even scanning messages. However, it > >is now delivering replies! > > Don't run it in debug mode, it will behave differently from normal. > I don't understand why that has an effect on the replies though, sorry. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From valianp at SOUTHWESTERN.EDU Thu Nov 22 03:54:24 2001 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:06 2006 Subject: Full Header to Postmaster Message-ID: <3BFC76F0.5289DB86@southwestern.edu> Hi all, Was wondering if there was an easy way to get MailScanner to include the full original header in the warning message to the postmaster. or can anyone provide a quick hack to get this somehow. thanks, peter -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- From luka at ffzd.hr Thu Nov 22 08:45:26 2001 From: luka at ffzd.hr (Luka Kolanovic) Date: Thu Jan 12 21:14:06 2006 Subject: Can't restart.... In-Reply-To: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> Message-ID: <200111220945260946.0A42B04C@donat.ffzd.hr> Hi. I'm trying to let thorugh some file w/ extension .prj.doc, and don't succed. I tried to restart mailscanner with line: /opt/mailscanner/bin/mailscanner /opt/mailscanner/etc/mailscanner.conf I took care of tabs, those two (three) lines from filename.rules.conf are: # Deny all other double file extensions. This catches any hidden filenames. deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Found possible filename hiding allow \.[a-z][a-z0-9]{2,3}\.doc$ What am I doing wrong. Thanks in advance. Luka. luka.kolanovic@ffzd.hr www.geocities.com/Colosseum/Stadium/6991 UIN: 7935741 From nwp at LEMON-COMPUTING.COM Thu Nov 22 09:38:23 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: Can't restart.... In-Reply-To: <200111220945260946.0A42B04C@donat.ffzd.hr>; from luka@FFZD.HR on Thu, Nov 22, 2001 at 09:45:26AM +0100 References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> <200111220945260946.0A42B04C@donat.ffzd.hr> Message-ID: <20011122093823.A19334@lemon-computing.com> On Thu, Nov 22, 2001 at 09:45:26AM +0100, Luka Kolanovic wrote: > Hi. > I'm trying to let thorugh some file w/ extension .prj.doc, and don't succed. I tried to restart mailscanner with line: > /opt/mailscanner/bin/mailscanner /opt/mailscanner/etc/mailscanner.conf > I took care of tabs, those two (three) lines from filename.rules.conf are: > # Deny all other double file extensions. This catches any hidden filenames. > deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Found possible filename hiding > allow \.[a-z][a-z0-9]{2,3}\.doc$ > What am I doing wrong. You probably want: > allow \.prj\.doc$ - - > # Deny all other double file extensions. This catches any hidden filenames. > deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Found possible filename hiding as the first matching rule gets used. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Write yourself a threatening letter and pen a defiant reply. From viers at UNILIM.FR Thu Nov 22 16:30:57 2001 From: viers at UNILIM.FR (Nicolas Viers - SCI Limoges) Date: Thu Jan 12 21:14:06 2006 Subject: Mailscanner log Message-ID: <4.2.0.58.20011122172819.00adfe70@pop.unilim.fr> Hi, fisrt of all, i'm french. Excuse my bad english I had install mailscanner 2.60-2 with a mandrake 8.1. But i had no log in my sendmail logfile do i must active a parameter somewhere in config files ? Thanks a lot ____________________________________________________________ Nicolas Viers | Service Commun Informatique M?l: viers@unilim.fr | 123, avenue Albert Thomas | 87060 Limoges cedex Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95 http://www.unilim.fr/sci ____________________________________________________________ From jkf at ecs.soton.ac.uk Thu Nov 22 18:38:47 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:06 2006 Subject: Mailscanner log In-Reply-To: <4.2.0.58.20011122172819.00adfe70@pop.unilim.fr> Message-ID: <5.1.0.14.2.20011122183801.03327e90@hawk.ecs.soton.ac.uk> At 16:30 22/11/2001, you wrote: >fisrt of all, i'm french. Excuse my bad english >I had install mailscanner 2.60-2 with a mandrake 8.1. >But i had no log in my sendmail logfile >do i must active a parameter somewhere in config files ? Read the Installation FAQ available on the web at http://www.sng.ecs.soton.ac.uk/mailscanner/faq.shtml The first item there should answer your question. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Nov 22 18:45:55 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: dns@QUARRYHOUSE.CO.UK left the JISCmail list Message-ID: <200111221845.SAA17978@magpie.ecs.soton.ac.uk> Thu, 22 Nov 2001 18:45:55 Richard Sidlin has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Thu Nov 22 19:04:04 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: marcelo@MARCOSJULIANO.ADV.BR requested to join Message-ID: <200111221904.TAA18667@magpie.ecs.soton.ac.uk> Thu, 22 Nov 2001 19:04:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Marcelo Martins You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER marcelo@MARCOSJULIANO.ADV.BR Marcelo Martins PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER marcelo@MARCOSJULIANO.ADV.BR Marcelo Martins // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Nov 23 05:17:15 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: y.huang@UTORONTO.CA requested to join Message-ID: <200111230517.FAA09339@magpie.ecs.soton.ac.uk> Fri, 23 Nov 2001 05:17:15 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Bruce Huang You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER y.huang@UTORONTO.CA Bruce Huang PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER y.huang@UTORONTO.CA Bruce Huang // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Nov 23 12:29:36 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: Andrzej.Nosek@KSG.PL requested to join Message-ID: <200111231229.MAA28515@magpie.ecs.soton.ac.uk> Fri, 23 Nov 2001 12:29:36 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Andrzej Nosek You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Andrzej.Nosek@KSG.PL Andrzej Nosek PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Andrzej.Nosek@KSG.PL Andrzej Nosek // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Nov 23 17:36:20 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: tlyons@DIGITALVOODOO.ORG requested to join Message-ID: <200111231736.RAA15580@magpie.ecs.soton.ac.uk> Fri, 23 Nov 2001 17:36:20 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tim Lyons You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tlyons@DIGITALVOODOO.ORG Tim Lyons PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tlyons@DIGITALVOODOO.ORG Tim Lyons // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Nov 26 12:30:40 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: marc@ODTSL.COM requested to join Message-ID: <200111261230.MAA14064@magpie.ecs.soton.ac.uk> Mon, 26 Nov 2001 12:30:40 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Marc Balcells You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER marc@ODTSL.COM Marc Balcells PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER marc@ODTSL.COM Marc Balcells // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Nov 26 19:40:39 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:06 2006 Subject: MAILSCANNER: ryan@MARINOCRANE.COM requested to join Message-ID: <200111261940.TAA11500@magpie.ecs.soton.ac.uk> Mon, 26 Nov 2001 19:40:39 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ryan Pitt You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ryan@MARINOCRANE.COM Ryan Pitt PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ryan@MARINOCRANE.COM Ryan Pitt // EOJ From ryan at MARINOCRANE.COM Mon Nov 26 20:13:17 2001 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:14:06 2006 Subject: Email Domain Names Message-ID: I am running Sendmail along with Mailscanner and Sophos Antivirus. Everything is working fine except for an address problem. The name of the mail server is "ctmail.marinocrane.com" and I serve 3 different domains with this one server ie. "marinocrane.com", "aycockrigging.com", "marinoheavytec.com" Now when a user from any of these domains sends an email, the recipient sees the sender email address as "user@ctmail.marinocrane.com" instead of "user@marinocrane.com" or "user@aycockrigging.com" The only changes that I remember making that I think would have an effect on this would be the instructions on your installation guide ie. "The first thing left to do is to tell the sendmail program where to find your mail server. Edit the file /etc/sendmail.cf. Look for a couple of lines somewhere near the start of the file that start with "DM" and "DH". Replace the text after these letters with the full name of your existing mail server, e.g. "mailserver.your.domain"." This is where I added "ctmail.marinocrane.com" Do I need to add all the domain names here or do I add them somewhere else? Thank you Ryan Pitt SG Marino Crane Service Corp USA From jkf at ecs.soton.ac.uk Tue Nov 27 09:24:55 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:06 2006 Subject: Email Domain Names In-Reply-To: Message-ID: <5.1.0.14.2.20011127092351.03c62bc8@imap.ecs.soton.ac.uk> At 20:13 26/11/2001, you wrote: >The only changes that I remember making that I think would have an effect on >this would be the instructions on your installation guide ie. > >"The first thing left to do is to tell the sendmail program where to find >your mail server. Edit the file /etc/sendmail.cf. Look for a couple of lines >somewhere near the start of the file that start with "DM" and "DH". Replace >the text after these letters with the full name of your existing mail >server, e.g. "mailserver.your.domain"." > >This is where I added "ctmail.marinocrane.com" > >Do I need to add all the domain names here or do I add them somewhere else? You want to get your sendmail setup working perfectly before installing MailScanner. Then just leave your sendmail.cf file alone, install MailScanner without touching it, and everything will work fine. Sorry if the docs are misleading, I will fix them. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From marcelo at MARCOSJULIANO.ADV.BR Tue Nov 27 13:56:56 2001 From: marcelo at MARCOSJULIANO.ADV.BR (Marcelo Martins) Date: Thu Jan 12 21:14:06 2006 Subject: Filtering clsid extension Message-ID: How to filtering test.txt.{73A4C9C1-D68D-11D0-98BF-00A0C90DC8D9} Thank's Marcelo marcelo@marcosjuliano.adv.br From jkf at ecs.soton.ac.uk Tue Nov 27 14:48:26 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:06 2006 Subject: Filtering clsid extension In-Reply-To: Message-ID: <5.1.0.14.2.20011127144444.08cd4bc8@imap.ecs.soton.ac.uk> At 13:56 27/11/2001, you wrote: >How to filtering test.txt.{73A4C9C1-D68D-11D0-98BF-00A0C90DC8D9} Out of interest, why do you need to? I haven't seen this problem myself yet! Try something like this: deny \.[a-z][a-z0-9]{2,3}\.\{[A-F0-9-]{30,}\}$ Found CLSID in extension Attempt to hide CLSID in filename extension Note that there should be exactly 3 tab characters in the line above. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gcrothers at SHELOB.NET Wed Nov 28 12:54:05 2001 From: gcrothers at SHELOB.NET (gcrothers) Date: Thu Jan 12 21:14:06 2006 Subject: Sophos + Mailscanner Why both?? References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> <1006360917.9673.23.camel@molehill.ccso> Message-ID: <035b01c1780b$c5251640$580a0a0a@nin> I've been lurking in this list for some time, trying to understand mailscanner and its relationship with Sophos Sweep. Can someone enlighten me and tell me why I need mailscanner as well as Sweep... Is sweep on its own not sufficient to act as an email scanner. tia garry crothers From s.kelly at ayrcoll.ac.uk Wed Nov 28 14:15:57 2001 From: s.kelly at ayrcoll.ac.uk (Shane Kelly) Date: Thu Jan 12 21:14:06 2006 Subject: Sophos + Mailscanner Why both?? In-Reply-To: <035b01c1780b$c5251640$580a0a0a@nin> References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> <1006360917.9673.23.camel@molehill.ccso> <035b01c1780b$c5251640$580a0a0a@nin> Message-ID: <0111281415571E.00655@ned> Hi Garry, Mailscanner is an engine that checks filenames, expands compressed emails, checks against rules, but does not scan for virus signatures within e-mails. It uses Sophos sweep (or McAfee) to do the this for it. Therefore for protection against viruses, and perhaps mailicious attachments that can do damage to your computer, you need both. Its pretty much all we use here for fontline mailscanning and virus detection. Regards, Shane Kelly -- Shane Kelly Network Controller Ayr College 01292 265184 s.kelly@ayrcoll.ac.uk On Wednesday 28 November 2001 12:54, you wrote: > I've been lurking in this list for some time, trying to understand > mailscanner and its relationship with Sophos Sweep. > > Can someone enlighten me and tell me why I need mailscanner as well as > Sweep... > > Is sweep on its own not sufficient to act as an email scanner. > > tia > garry crothers -- Shane Kelly Network Controller Ayr College 01292 265184 s.kelly@ayrcoll.ac.uk From ryan at MARINOCRANE.COM Wed Nov 28 13:13:22 2001 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:14:06 2006 Subject: Sophos + Mailscanner Why both?? References: <5.1.0.14.2.20011121163647.03421c28@hawk.ecs.soton.ac.uk> <1006360917.9673.23.camel@molehill.ccso> <035b01c1780b$c5251640$580a0a0a@nin> Message-ID: <3C04E2F2.7060005@marinocrane.com> Mailscanner is an application that filters all incoming and outgoing email on my Linux mail server. Mailscanner by itself scans and filters Spam email but when you add Sophos Sweep to the mix, it also scans for email viruses in the email itself and email attachments. Sophos Sweep automatically checks for new virus definitions from the Sophos website, thereby keeping your virus scanning software up to date. I have only been using them for about 2 weeks and they work very well. When a virus is found, Mailscanner emails everyone concerned including a user specified mail admin address. I have managed to get rampant email viruses under control in just a few days. I recommend it! Hope this helped clear things up for you. gcrothers wrote: >I've been lurking in this list for some time, trying to understand >mailscanner and its relationship with Sophos Sweep. > >Can someone enlighten me and tell me why I need mailscanner as well as >Sweep... > >Is sweep on its own not sufficient to act as an email scanner. > >tia >garry crothers > From y.huang at UTORONTO.CA Wed Nov 28 15:07:35 2001 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:14:06 2006 Subject: E-mail scan with McAfee Message-ID: Hi, I am new to MailScanner and need some advise. I have MailScanner 2.60-2 with McAfee installed on Sun Solaris 2.7 with sendmail 8.12.1. Everything seems woking fine except when system sights a file with virus, mailscanner think this with two files. Thanks for any advise in advance. Regards, Bruce p.s. The following are the report I got: The report: The following e-mail messages were found to have viruses inside the attachement: Sender: Recipient: Subject: Spa paper 1 MessageID: fAP9dDCc007036 Report: Attempt to hide real filename extension in Spa paper1.doc.com Sender: Recipient: Subject: MessageID: opt Report: /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa paper 1.doc.com Found the W32/SirCam@MM virus !!! The system log Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: from=, size=216456, class=0, nrcpts=1, msgid=<20011126133235.E6A8D1FD54@bom6.vsnl.net.in>, proto=ESMTP, daemon=MTA, relay=bom6.vsnl.net.in [202.54.4.38] Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: to=, delay=00:00:07, mailer=esmtp, pri=250658, stat=queued Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock /var/spool/mqueue.in/qffAQD1KCc019684 Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/MailScanner/incoming/fAQD1KCc019684.header Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Scanning 1 messages, 217558 bytes Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Going to scan 1 messages Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Commencing scanning... Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Completed scanning Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found possible filename hiding in 2.doc.com Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found 2 viruses in messages opt,fAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Scanned 1 messages, 217558 bytes in 1 seconds Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved infections to /var/spool/MailScanner/quarantine/20011126/opt Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved infections to /var/spool/MailScanner/quarantine/20011126/fAQD1KCc0196 84 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Deleting unparsable message opt from queue Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/mqueue/dffAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/mqueue/tffAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: About to deliver 2 messages Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19694]: fAQD1t6U019694: from=root, size=505, class=0, nrcpts=1, msgid=<200111261301.fAQD1t6U019694@hudson.geog.utoronto.ca>, relay=root@localhost Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19693]: fAQD1KCc019684: to=, delay=00:00:33, xdelay=00:00:00, mailer=esmtp, pri=340658, relay=cirque.geog.utoronto.ca. [128.100.66.10], dsn=2.0.0, stat=Sent (Data received OK.) From Edward_Ortiz at SSA-SA.SEL.SONY.COM Wed Nov 28 15:29:01 2001 From: Edward_Ortiz at SSA-SA.SEL.SONY.COM (Ed Ortiz) Date: Thu Jan 12 21:14:06 2006 Subject: E-mail scan with McAfee Message-ID: Bruce, I think it is because the message triggered two "alerts" within mailscanner. It first caught that it had a hidden extension, the .doc.com, so it marks this as a virus, secondly McAfee found the Sircam virus, which would be where the second alert comes in. I've noticed that Mailscanner flags any extensions that break the rules configured in filename.rules.conf as a virus. Hope this helps. Ed. >>> Bruce Huang 11/28/01 9:07:35 AM >>> Hi, I am new to MailScanner and need some advise. I have MailScanner 2.60-2 with McAfee installed on Sun Solaris 2.7 with sendmail 8.12.1. Everything seems woking fine except when system sights a file with virus, mailscanner think this with two files. Thanks for any advise in advance. Regards, Bruce p.s. The following are the report I got: The report: The following e-mail messages were found to have viruses inside the attachement: Sender: Recipient: Subject: Spa paper 1 MessageID: fAP9dDCc007036 Report: Attempt to hide real filename extension in Spa paper1.doc.com Sender: Recipient: Subject: MessageID: opt Report: /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa paper 1.doc.com Found the W32/SirCam@MM virus !!! The system log Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: from=, size=216456, class=0, nrcpts=1, msgid=<20011126133235.E6A8D1FD54@bom6.vsnl.net.in>, proto=ESMTP, daemon=MTA, relay=bom6.vsnl.net.in [202.54.4.38] Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: to=, delay=00:00:07, mailer=esmtp, pri=250658, stat=queued Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock /var/spool/mqueue.in/qffAQD1KCc019684 Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/MailScanner/incoming/fAQD1KCc019684.header Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Scanning 1 messages, 217558 bytes Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Going to scan 1 messages Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Commencing scanning... Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Completed scanning Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found possible filename hiding in 2.doc.com Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found 2 viruses in messages opt,fAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Scanned 1 messages, 217558 bytes in 1 seconds Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved infections to /var/spool/MailScanner/quarantine/20011126/opt Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved infections to /var/spool/MailScanner/quarantine/20011126/fAQD1KCc0196 84 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Deleting unparsable message opt from queue Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/mqueue/dffAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() to lock >/var/spool/mqueue/tffAQD1KCc019684 Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: About to deliver 2 messages Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19694]: fAQD1t6U019694: from=root, size=505, class=0, nrcpts=1, msgid=<200111261301.fAQD1t6U019694@hudson.geog.utoronto.ca>, relay=root@localhost Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19693]: fAQD1KCc019684: to=, delay=00:00:33, xdelay=00:00:00, mailer=esmtp, pri=340658, relay=cirque.geog.utoronto.ca. [128.100.66.10], dsn=2.0.0, stat=Sent (Data received OK.) From valianp at SOUTHWESTERN.EDU Wed Nov 28 16:22:25 2001 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected Message-ID: <3C050F41.4010507@southwestern.edu> Hello, Im having an interesting problem. It seems my message bodies are lost and all scanned email goes through with the correct header and the X-ECS-Mailscanner tag but the body just contains " <<< No Message Collected >>> ". any ideas? thanks, peter -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- From nwp at LEMON-COMPUTING.COM Wed Nov 28 16:29:59 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected In-Reply-To: <3C050F41.4010507@southwestern.edu>; from valianp@SOUTHWESTERN.EDU on Wed, Nov 28, 2001 at 10:22:25AM -0600 References: <3C050F41.4010507@southwestern.edu> Message-ID: <20011128162959.C11664@lemon-computing.com> On Wed, Nov 28, 2001 at 10:22:25AM -0600, Peter Valian wrote: > Hello, > > Im having an interesting problem. It seems my message bodies are lost > and all scanned email goes through with the correct header and the > X-ECS-Mailscanner tag but the body just contains " <<< No Message > Collected >>> ". > > any ideas? Could you give us a bit more to work with, please? Like sendmail or exim with version number, mailscanner version number, check that your queues are all on the same partition... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com This life is yours. Some of it was given to you; the rest, you made yourself. From Paul.Haldane at NEWCASTLE.AC.UK Wed Nov 28 16:31:08 2001 From: Paul.Haldane at NEWCASTLE.AC.UK (Paul Haldane) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected Message-ID: > Im having an interesting problem. It seems my message bodies > are lost and all scanned email goes through with the correct > header and the X-ECS-Mailscanner tag but the body just > contains " <<< No Message Collected >>> ". > > any ideas? Are your mqueue.in and mqueue directories within the same file system? They need to be (my understanding is that if they're not then the mail system's locks get lost when the messages are moved from mqueue.in to mqueue). Paul -- Paul Haldane Unix Systems, Computing Service, University of Newcastle upon Tyne From valianp at SOUTHWESTERN.EDU Wed Nov 28 16:34:21 2001 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected References: <3C050F41.4010507@southwestern.edu> Message-ID: <3C05120D.3000407@southwestern.edu> To follow up on this, I did read the FAQ #2 about the queues being on the same filesystem. My queues are NFS mounted and Im suspecting this is the problem. But I have them individually mounted...perhaps if they were on the same mount? anyone have experience with NFS mounting mqueue and mqueue.in with mailscanner? sendmail doesn't seem to care that mqueue is NFS mounted. Peter Valian wrote: > Hello, > > Im having an interesting problem. It seems my message bodies are lost > and all scanned email goes through with the correct header and the > X-ECS-Mailscanner tag but the body just contains " <<< No Message > Collected >>> ". > > any ideas? > > thanks, > peter > > -- > Peter Valian > Network & Systems Administrator > Southwestern University > Georgetown, Texas > -- -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From nwp at LEMON-COMPUTING.COM Wed Nov 28 16:53:53 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected In-Reply-To: <3C05120D.3000407@southwestern.edu>; from valianp@SOUTHWESTERN.EDU on Wed, Nov 28, 2001 at 10:34:21AM -0600 References: <3C050F41.4010507@southwestern.edu> <3C05120D.3000407@southwestern.edu> Message-ID: <20011128165353.D11664@lemon-computing.com> On Wed, Nov 28, 2001 at 10:34:21AM -0600, Peter Valian wrote: > To follow up on this, I did read the FAQ #2 about the queues being on > the same filesystem. My queues are NFS mounted and Im suspecting this > is the problem. But I have them individually mounted...perhaps if they > were on the same mount? > > anyone have experience with NFS mounting mqueue and mqueue.in with > mailscanner? sendmail doesn't seem to care that mqueue is NFS mounted. mailscanner moves the queue body file from its queue to the MTA's queue by hardlinking it and then deleting it from its own queue. If you are able to hardlink files from one queue to the other then it should work. If not, it won't. In your case this means it won't work; the queues are not on the same filesystem (even if on the machine that's hosting them, they are), and so trying to hardlink between them will fail. Mailscanner really should detect this, I suppose. I'll fix it now. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Don't look back, the lemmings are gaining on you. From y.huang at UTORONTO.CA Wed Nov 28 17:02:27 2001 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:14:06 2006 Subject: E-mail scan with McAfee Message-ID: Hello Ed, Thanks for your advise. I notice this one, too. One problem is: it breaks down into two messages: one with the mail message id, fAP9dDCc007036, and the other is opt which I beleive taking from the full path of this file /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa_paper1.doc.com, when McAfee scanned this virus. For more detail, I spot a message on console when McAfee found the virus: cp: cannot access /opt/local/mailscanner/var/incoming/opt By testing with sophos, there is no such break down. Thanks for any advise. Bruce On Wed, 28 Nov 2001 09:29:01 -0600, Ed Ortiz wrote: >Bruce, I think it is because the message triggered two "alerts" within mailscanner. It first caught that it had a hidden extension, the .doc.com, so it marks this as a virus, secondly McAfee found the Sircam virus, which would be where the second alert comes in. I've noticed that Mailscanner flags any extensions that break the rules configured in filename.rules.conf as a virus. Hope this helps. > >Ed. > >>>> Bruce Huang 11/28/01 9:07:35 AM >>> >Hi, > >I am new to MailScanner and need some advise. I have >MailScanner 2.60-2 with McAfee installed on Sun Solaris 2.7 with >sendmail 8.12.1. Everything seems woking fine except when system >sights a file with virus, mailscanner think this with two files. >Thanks for any advise in advance. > >Regards, > >Bruce > > >p.s. The following are the report I got: > >The report: > >The following e-mail messages were found to have viruses inside the >attachement: > > Sender: >Recipient: > Subject: Spa paper 1 >MessageID: fAP9dDCc007036 > Report: Attempt to hide real filename extension in Spa paper1.doc.com > > Sender: >Recipient: > Subject: >MessageID: opt > Report: /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa paper >1.doc.com Found the W32/SirCam@MM virus !!! > > >The system log > >Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: >from=, size=216456, class=0, nrcpts=1, >msgid=<20011126133235.E6A8D1FD54@bom6.vsnl.net.in>, proto=ESMTP, >daemon=MTA, relay=bom6.vsnl.net.in [202.54.4.38] >Nov 26 08:01:29 hudson.geog.utoronto.ca sm-mta[19684]: fAQD1KCc019684: >to=, delay=00:00:07, mailer=esmtp, pri=250658, stat=queued > >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() >to lock /var/spool/mqueue.in/qffAQD1KCc019684 >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() >to lock >/var/spool/MailScanner/incoming/fAQD1KCc019684.header >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Scanning 1 >messages, 217558 bytes >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Going to scan 1 >messages >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Commencing >scanning... >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Completed >scanning >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found possible >filename hiding in 2.doc.com >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found 2 viruses >in messages opt,fAQD1KCc019684 >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Scanned 1 >messages, 217558 bytes in 1 seconds >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved >infections to /var/spool/MailScanner/quarantine/20011126/opt >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved >infections to /var/spool/MailScanner/quarantine/20011126/fAQD1KCc0196 >84 >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Deleting >unparsable message opt from queue >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() >to lock >/var/spool/mqueue/dffAQD1KCc019684 >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Using flock() >to lock >/var/spool/mqueue/tffAQD1KCc019684 >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: About to >deliver 2 messages >Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19694]: fAQD1t6U019694: >from=root, size=505, class=0, nrcpts=1, >msgid=<200111261301.fAQD1t6U019694@hudson.geog.utoronto.ca>, >relay=root@localhost >Nov 26 08:01:55 hudson.geog.utoronto.ca sendmail[19693]: >fAQD1KCc019684: to=, delay=00:00:33, xdelay=00:00:00, >mailer=esmtp, pri=340658, relay=cirque.geog.utoronto.ca. >[128.100.66.10], dsn=2.0.0, stat=Sent (Data received OK.) From nwp at LEMON-COMPUTING.COM Wed Nov 28 17:07:52 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:06 2006 Subject: No Message Collected In-Reply-To: <20011128165353.D11664@lemon-computing.com>; from nwp@LEMON-COMPUTING.COM on Wed, Nov 28, 2001 at 04:53:53PM +0000 References: <3C050F41.4010507@southwestern.edu> <3C05120D.3000407@southwestern.edu> <20011128165353.D11664@lemon-computing.com> Message-ID: <20011128170752.E11664@lemon-computing.com> On Wed, Nov 28, 2001 at 04:53:53PM +0000, Nick Phillips wrote: > In your case this means it won't work; the queues are not on the same > filesystem (even if on the machine that's hosting them, they are), and so > trying to hardlink between them will fail. > > Mailscanner really should detect this, I suppose. I'll fix it now. I've done this now; we'll have to test it a little, but I'll have a word with Julian about getting an updated release ASAP. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Your aim is high and to the right. From valianp at SOUTHWESTERN.EDU Wed Nov 28 17:13:22 2001 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:07 2006 Subject: No Message Collected References: <3C050F41.4010507@southwestern.edu> <3C05120D.3000407@southwestern.edu> <20011128165353.D11664@lemon-computing.com> <20011128170752.E11664@lemon-computing.com> Message-ID: <3C051B32.6020604@southwestern.edu> FYI, If your mqueue and mqueue.in are on the same NFS mount, the hard link is allowed. I'll be putting this scenario into production in a couple hours and let the list know if something horrible happens. Thanks, peter Nick Phillips wrote: >On Wed, Nov 28, 2001 at 04:53:53PM +0000, Nick Phillips wrote: > >>In your case this means it won't work; the queues are not on the same >>filesystem (even if on the machine that's hosting them, they are), and so >>trying to hardlink between them will fail. >> >>Mailscanner really should detect this, I suppose. I'll fix it now. >> > >I've done this now; we'll have to test it a little, but I'll have a word >with Julian about getting an updated release ASAP. > > >Cheers, > > >Nick > >-- >Nick Phillips -- nwp@lemon-computing.com >Your aim is high and to the right. > -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From tyler at beloit.edu Wed Nov 28 17:05:12 2001 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? Message-ID: <200111281705.LAA33770@beloit.edu> Mailscanner experts! I am running sendmail 8.10 with mailscanner. I am not sure if this can be addressed by Mailscanner or Sendmail or neither, but one of the things that I have observed is that email viruses can add up in the sendmail queue when it is addressed to a registered domain that for whatever reason is not accepting a smtp connection. Therefore, instead of returning to the sender or postmaster, it sits in queue waiting for delivery for 5 days. Fortunately, mailscanner removes the body minimizing the size somewhat, but student infected computers can send out quite a few messages over the course of 5 days. Is there a solution that would prevent queueing of virus related email? Note: I don't mind messages going to both the sender and recipient if they can be delivered without sitting in queue. I just don't like the message having to wait 5 days. I also don't want to really change the 5 day setting as it is appropriate for noninfected email (in my opinion). So an ideal solution would be one that tries to process it to the recipient and sender (if configured) and if it can't be delivered, it discards it instead of queueing it. It seems to me that it would have to involve Mailscanner some how since this should only apply to infected email messages. Thoughts anyone? -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu From howard at harper-adams.ac.uk Wed Nov 28 17:34:39 2001 From: howard at harper-adams.ac.uk (hrobinson@harper-adams.ac.uk) Date: Thu Jan 12 21:14:07 2006 Subject: I should know the answer to this but here goes In-Reply-To: Message-ID: <200111281731.fASHVMU08372@blackhole.harper-adams.ac.uk> Dear list Is the Virus 'W32/Badtrans-B' disinfectable? I have a request from a student to recover a file but I thought that mailscanner cleaned the file, if it could, and send an appropriate message confirming this to the sender and recipient. That implies that this virus is 'undisinfectable'. Am I correct? Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From nwp at LEMON-COMPUTING.COM Wed Nov 28 18:26:37 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <200111281705.LAA33770@beloit.edu>; from tyler@BELOIT.EDU on Wed, Nov 28, 2001 at 11:05:12AM -0600 References: <200111281705.LAA33770@beloit.edu> Message-ID: <20011128182637.H11664@lemon-computing.com> On Wed, Nov 28, 2001 at 11:05:12AM -0600, Tim Tyler wrote: > if they can be delivered without sitting in queue. I just don't like the > message having to wait 5 days. I also don't want to really change the 5 day > setting as it is appropriate for noninfected email (in my opinion). So an > ideal solution would be one that tries to process it to the recipient and > sender (if configured) and if it can't be delivered, it discards it instead I can't see how this could be possible; you can configure mailscanner to pass parameters to the mailer when it sends the message, but I don't know of any mailer that's capable of taking command-line parameters to specify how a message should be handled with regard to retries etc.; there is nowhere for the mailer to store this information in the queue. If you really really think about it, I suspect you'll find that it's not the right thing to do anyway. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Caution: Keep out of reach of children. From S.R.Patterson at SOTON.AC.UK Wed Nov 28 18:27:30 2001 From: S.R.Patterson at SOTON.AC.UK (Steven Patterson) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <20011128182637.H11664@lemon-computing.com> Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Nick Phillips > Sent: Wednesday, November 28, 2001 6:27 PM > > I can't see how this could be possible; you can configure mailscanner to > pass parameters to the mailer when it sends the message, but I don't know > of any mailer that's capable of taking command-line parameters to specify > how a message should be handled with regard to retries Perhaps (with sendmail) you can set Timeout.Queuereturn=0d when you're pushing the delivery of a virus message or something? Steve From nwp at LEMON-COMPUTING.COM Wed Nov 28 18:37:24 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: ; from S.R.Patterson@SOTON.AC.UK on Wed, Nov 28, 2001 at 06:27:30PM -0000 References: <20011128182637.H11664@lemon-computing.com> Message-ID: <20011128183724.K11664@lemon-computing.com> On Wed, Nov 28, 2001 at 06:27:30PM -0000, Steven Patterson wrote: > Perhaps (with sendmail) you can set Timeout.Queuereturn=0d when you're > pushing the delivery of a virus message or something? I'm no sendmail expert. If this will actually prevent it from ever getting into the queue then I suppose it might work. I guess it depends on how the logic is structured in sendmail (is it? ;)... if "sending a message right now" is basically a special case, then I suppose it might work. If "sending a message right now" uses the same logic as "run a delivery attempt on this queued message", then probably not. We'll see? -- Nick Phillips -- nwp@lemon-computing.com Courage is your greatest present need. From nwp at LEMON-COMPUTING.COM Wed Nov 28 18:47:15 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee In-Reply-To: ; from y.huang@UTORONTO.CA on Wed, Nov 28, 2001 at 05:02:27PM +0000 References: Message-ID: <20011128184715.L11664@lemon-computing.com> On Wed, Nov 28, 2001 at 05:02:27PM +0000, Bruce Huang wrote: > Thanks for your advise. I notice this one, too. One problem is: it > breaks down into two messages: one with the mail message id, > fAP9dDCc007036, and the other is opt which I beleive taking from the full > path of this > file /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa_paper1.doc.com, > when McAfee scanned this virus. For more detail, I spot a message on > console when McAfee found the virus: > > cp: cannot access /opt/local/mailscanner/var/incoming/opt As in "on the console from which you started mailscanner"? > By testing with sophos, there is no such break down. So presumably mcafee is doing something odd. > >The report: > > > >The following e-mail messages were found to have viruses inside the > >attachement: > > > > Sender: > >Recipient: > > Subject: Spa paper 1 > >MessageID: fAP9dDCc007036 > > Report: Attempt to hide real filename extension in Spa paper1.doc.com > > > > Sender: > >Recipient: > > Subject: > >MessageID: opt > > Report: /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa paper > >1.doc.com Found the W32/SirCam@MM virus !!! Does this all appear in the same mail, or in two separate ones? > >The system log > > ... > >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Scanning 1 > >messages, 217558 bytes > >Nov 26 08:01:54 hudson.geog.utoronto.ca mailscanner[18965]: Going to scan 1 > >messages ... > >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found possible > >filename hiding in 2.doc.com Was the filename originally this? Or is something failing to handle spaces in filenames correctly? (looks like it might have been "Something 2.doc.com") > >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Found 2 viruses > >in messages opt,fAQD1KCc019684 This looks like maybe something has created an extra file/directory in mailscanner's working area - McAfee, no doubt. As to why, I'm not sure. How are you calling McAfee? Are you using the mcafeewrapper script? What is your "Sweep" option set to in your mailscanner.conf? > >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved > >infections to /var/spool/MailScanner/quarantine/20011126/opt > >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Saved > >infections to /var/spool/MailScanner/quarantine/20011126/fAQD1KCc0196 > >84 > >Nov 26 08:01:55 hudson.geog.utoronto.ca mailscanner[18965]: Deleting > >unparsable message opt from queue Again, looks like mcafee's been dumping extra files somewhere. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com The time is right to make new friends. From LISTSERV at JISCMAIL.AC.UK Wed Nov 28 18:26:36 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:07 2006 Subject: MAILSCANNER: syshelp@SOTON.AC.UK left the JISCmail list Message-ID: <200111281826.SAA08029@magpie.ecs.soton.ac.uk> Wed, 28 Nov 2001 18:26:36 Soton Uni SUCS Systems has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Wed Nov 28 19:44:20 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:07 2006 Subject: MAILSCANNER: marcelo@MARCOSJULIANO.ADV.BR left the JISCmail list Message-ID: <200111281944.TAA12482@magpie.ecs.soton.ac.uk> Wed, 28 Nov 2001 19:44:20 marcelo@MARCOSJULIANO.ADV.BR has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From tyler at beloit.edu Wed Nov 28 19:52:08 2001 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <20011128183724.K11664@lemon-computing.com> from "Nick Phillips" at Nov 28, 2001 06:37:24 PM Message-ID: <200111281952.NAA22760@beloit.edu> Nick and all, Yes, my hope was for something like a Timeout.Queuereturn header being attached to virus messages, but I don't know if this is compliant with how sendmail works. I can even live with a reduced time setting such as 1 day if that were an alternative for virus email. In some ways I agree with the point that it may be the wrong thing to do. However, there is the potential for a DoS aspect to this if enough students with viruses fill up queue space with messages to legitimate (but unreachable) domains. Currently, we try to get students to clean up their viruses, but that takes time and many students don't update their definitions very often if they even have antivirus software. The nice thing about an "expire" setting is that it would force the message to return to the sender or POstmaster sooner. This would be ideal. If the body will be stripped away by Mailscanner, then there is even less reason to keep the message in queue since the objective from the sender's and recipient's perspective is going to fail anyways. Tim > >On Wed, Nov 28, 2001 at 06:27:30PM -0000, Steven Patterson wrote: > >> Perhaps (with sendmail) you can set Timeout.Queuereturn=0d when you're >> pushing the delivery of a virus message or something? > >I'm no sendmail expert. If this will actually prevent it from ever getting >into the queue then I suppose it might work. > >I guess it depends on how the logic is structured in sendmail (is it? ;)... >if "sending a message right now" is basically a special case, then I >suppose it might work. If "sending a message right now" uses the same logic >as "run a delivery attempt on this queued message", then probably not. > > >We'll see? >-- >Nick Phillips -- nwp@lemon-computing.com >Courage is your greatest present need. > -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu Go Packers! Go Badgers! 1999&2000 Rose Bowl Champions! From y.huang at UTORONTO.CA Wed Nov 28 20:08:24 2001 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee Message-ID: Hi Nick, >> cp: cannot access /opt/local/mailscanner/var/incoming/opt > >As in "on the console from which you started mailscanner"? > Yes. >> > Sender: >> >Recipient: >> > Subject: Spa paper 1 >> >MessageID: fAP9dDCc007036 >> > Report: Attempt to hide real filename extension in Spa paper1.doc.com >> > >> > Sender: >> >Recipient: >> > Subject: >> >MessageID: opt >> > Report: /opt/local/mailscanner/var/incoming/fAP9dDCc007036/Spa paper >> >1.doc.com Found the W32/SirCam@MM virus !!! > >Does this all appear in the same mail, or in two separate ones? Yes, they are from the same e-mail. >This looks like maybe something has created an extra file/directory in >mailscanner's working area - McAfee, no doubt. As to why, I'm not sure. Hmmm.... > >How are you calling McAfee? Are you using the mcafeewrapper script? What >is your "Sweep" option set to in your mailscanner.conf? From dennis at YTN.CO.NZ Wed Nov 28 20:14:32 2001 From: dennis at YTN.CO.NZ (Dennis Monks) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? Message-ID: <3C0545A8.5A3CB6E2@ytn.co.nz> I think it is the later. Another solution is to be able to tell mailscanner to use another MTA for sending virus reports. This MTA could the be setup to have no queueing, or at least take the pressure of main MTA. Dennis Monks Nick Phillips wrote: > > On Wed, Nov 28, 2001 at 06:27:30PM -0000, Steven Patterson wrote: > > > Perhaps (with sendmail) you can set Timeout.Queuereturn=0d when you're > > pushing the delivery of a virus message or something? > > I'm no sendmail expert. If this will actually prevent it from ever getting > into the queue then I suppose it might work. > > I guess it depends on how the logic is structured in sendmail (is it? ;)... > if "sending a message right now" is basically a special case, then I > suppose it might work. If "sending a message right now" uses the same logic > as "run a delivery attempt on this queued message", then probably not. > > We'll see? > -- > Nick Phillips -- nwp@lemon-computing.com > Courage is your greatest present need. From andrewh at CQG.COM Wed Nov 28 20:30:47 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <3C0545A8.5A3CB6E2@ytn.co.nz> Message-ID: A third solution is to set up a mail queue just for the mailscanner and have a .cf file with a 0 or 1 day limit on messages in that queue. You'd have to run another sendmail daemon to process the queue, but that could also be run from a cron job. Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dennis Monks > Sent: Wednesday, November 28, 2001 1:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Minimizing virus email in queue? > > > I think it is the later. > > Another solution is to be able to tell mailscanner to use another MTA > for sending virus reports. This MTA could the be setup to have no > queueing, or at least take the pressure of main MTA. > > Dennis Monks > > Nick Phillips wrote: > > > > On Wed, Nov 28, 2001 at 06:27:30PM -0000, Steven Patterson wrote: > > > > > Perhaps (with sendmail) you can set Timeout.Queuereturn=0d when you're > > > pushing the delivery of a virus message or something? > > > > I'm no sendmail expert. If this will actually prevent it from > ever getting > > into the queue then I suppose it might work. > > > > I guess it depends on how the logic is structured in sendmail > (is it? ;)... > > if "sending a message right now" is basically a special case, then I > > suppose it might work. If "sending a message right now" uses > the same logic > > as "run a delivery attempt on this queued message", then probably not. > > > > We'll see? > > -- > > Nick Phillips -- nwp@lemon-computing.com > > Courage is your greatest present need. > From LISTSERV at JISCMAIL.AC.UK Wed Nov 28 23:43:20 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:07 2006 Subject: MAILSCANNER: beheer@SPIRIT.NL requested to join Message-ID: <200111282343.XAA26658@magpie.ecs.soton.ac.uk> Wed, 28 Nov 2001 23:43:20 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "R. Zeestraten" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER beheer@SPIRIT.NL R. Zeestraten PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER beheer@SPIRIT.NL R. Zeestraten // EOJ From viers at UNILIM.FR Thu Nov 29 08:46:15 2001 From: viers at UNILIM.FR (Nicolas Viers - SCI Limoges) Date: Thu Jan 12 21:14:07 2006 Subject: options inline in mailscanner.con Message-ID: <4.2.0.58.20011129094444.00a4d3c0@pop.unilim.fr> Hello, is it possible to have two lines with the inline option in mailscanner.conf Because i want to put noth a french et a english message Thanks a lot ____________________________________________________________ Nicolas Viers | Service Commun Informatique M?l: viers@unilim.fr | 123, avenue Albert Thomas | 87060 Limoges cedex Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95 http://www.unilim.fr/sci ____________________________________________________________ From m.sapsed at BANGOR.AC.UK Thu Nov 29 08:47:19 2001 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:07 2006 Subject: I should know the answer to this but here goes References: <200111281731.fASHVMU08372@blackhole.harper-adams.ac.uk> Message-ID: <3C05F617.99BA3979@bangor.ac.uk> Hi Howard, "hrobinson@harper-adams.ac.uk" wrote: > Is the Virus 'W32/Badtrans-B' disinfectable? No > I have a request from a student to recover a file but I thought that > mailscanner cleaned the file, if it could, and send an appropriate > message confirming this to the sender and recipient. That implies > that this virus is 'undisinfectable'. The attachment is an executable program pure and simple. If you removed the malicious code there would be nothing left! Most of the current worms (Magistr, Sircam etc) are like this rather than the traditional parasitic type. That's probably because they're easier to write? I have a number of "customers" who really want to get at what's in these attachments - it seems that there must be something useful in there somewhere... Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From nwp at LEMON-COMPUTING.COM Thu Nov 29 09:43:44 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee In-Reply-To: ; from y.huang@UTORONTO.CA on Wed, Nov 28, 2001 at 08:08:24PM +0000 References: Message-ID: <20011129094344.N11664@lemon-computing.com> On Wed, Nov 28, 2001 at 08:08:24PM +0000, Bruce Huang wrote: Create a temporary directory. Create a subdirectory called "virusdir" inside the temporary directory. Put a copy of an infected file (from quarantine) into "virusdir". Then cd to the tmp dir and run: "/usr/local/bin/mcafeewrapper --recursive --ignore-links --analyze --secure ./virusdir" Then do an "ls -lR". Then run: "/usr/local/bin/mcafeewrapper --clean --recursive --ignore-links --analyze --secure ./virusdir" and do an "ls -lR". Then send me/us the output. If you do "script ~/mcafee_output_for_mailscanner" first, and "exit" at the end, you'll just be able to send the typescript file. It'd be helpful to know whether you have any environment variables set to help control how mcafee runs, too (output of "env" minus any secret bits ;) Sorry if some of this seems patronising; it's just better to be safe than sorry. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will soon forget this. From nwp at LEMON-COMPUTING.COM Thu Nov 29 09:48:19 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <3C0545A8.5A3CB6E2@ytn.co.nz>; from dennis@YTN.CO.NZ on Thu, Nov 29, 2001 at 09:14:32AM +1300 References: <3C0545A8.5A3CB6E2@ytn.co.nz> Message-ID: <20011129094819.O11664@lemon-computing.com> On Thu, Nov 29, 2001 at 09:14:32AM +1300, Dennis Monks wrote: > I think it is the later. I'd have thought so; hence my first reply. > Another solution is to be able to tell mailscanner to use another MTA > for sending virus reports. This MTA could the be setup to have no > queueing, or at least take the pressure of main MTA. [evil grin] Yup, you could do that... -- Nick Phillips -- nwp@lemon-computing.com Today is the last day of your life so far. From nwp at LEMON-COMPUTING.COM Thu Nov 29 09:55:35 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: options inline in mailscanner.con In-Reply-To: <4.2.0.58.20011129094444.00a4d3c0@pop.unilim.fr>; from viers@UNILIM.FR on Thu, Nov 29, 2001 at 09:46:15AM +0100 References: <4.2.0.58.20011129094444.00a4d3c0@pop.unilim.fr> Message-ID: <20011129095535.P11664@lemon-computing.com> On Thu, Nov 29, 2001 at 09:46:15AM +0100, Nicolas Viers - SCI Limoges wrote: > Hello, > is it possible to have two lines with the inline option in > mailscanner.conf > Because i want to put noth a french et a english message Try just sticking a "\n" between the two, whilst keeping them in the same line in the conf file. -- Nick Phillips -- nwp@lemon-computing.com You can rent this space for only $5 a week. From y.huang at UTORONTO.CA Thu Nov 29 15:07:08 2001 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee Message-ID: Hi nick and all, >Create a temporary directory. Create a subdirectory called "virusdir" inside >the temporary directory. Put a copy of an infected file (from quarantine) >into "virusdir". Then cd to the tmp dir and run: >"/usr/local/bin/mcafeewrapper --recursive --ignore-links --analyze -- secure ./virusdir" >Then do an "ls -lR". >Then run: >"/usr/local/bin/mcafeewrapper --clean --recursive --ignore-links -- analyze --secure ./virusdir" >and do an "ls -lR". > >Then send me/us the output. If you do "script ~/mcafee_output_for_mailscanner" >first, and "exit" at the end, you'll just be able to send the typescript >file. Here is my ouput: Script started on Thu Nov 29 09:26:32 2001 esker.geog# /usr/local/bin/mcafeewrapper --recursive --ignore-links -- analyze --secure ./virusdir /tmp/test/virusdir/HONGKONG.DOC.pif Found the W32/SirCam@MM virus !!! esker.geog# ls -lR .: total 16 -rw-r----- 1 root daemon 0 Nov 29 09:26 mcafee_output_for_mailscanner drwxr-x--- 2 root daemon 69 Nov 29 09:23 script drwxr-x--- 2 root daemon 118 Nov 29 09:26 virusdir ./script: total 0 ./virusdir: total 328 -rw------- 1 root daemon 166905 Nov 29 09:26 HONGKONG.DOC.pif esker.geog# /usr/local/bin/mcafeewrapper --clean --recursive --ignore -- links --analyze --secure ./virusdir /tmp/test/virusdir/HONGKONG.DOC.pif Found the W32/SirCam@MM virus !!! The file has been deleted. esker.geog# ls -lR .: total 16 -rw-r----- 1 root daemon 0 Nov 29 09:26 mcafee_output_for_mailscanner drwxr-x--- 2 root daemon 69 Nov 29 09:23 script drwxr-x--- 2 root daemon 69 Nov 29 09:27 virusdir ./script: total 0 ./virusdir: total 0 esker.geog# exit script done on Thu Nov 29 09:27:27 2001 Thanks for any advise, Bruce From nwp at LEMON-COMPUTING.COM Thu Nov 29 17:04:04 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee In-Reply-To: ; from y.huang@UTORONTO.CA on Thu, Nov 29, 2001 at 03:07:08PM +0000 References: Message-ID: <20011129170404.R11664@lemon-computing.com> On Thu, Nov 29, 2001 at 03:07:08PM +0000, Bruce Huang wrote: > Hi nick and all, > script done on Thu Nov 29 09:27:27 2001 > > Thanks for any advise, That would appear to be all as expected & OK. Does it behave the same when the infected file has spaces in its name? -- Nick Phillips -- nwp@lemon-computing.com Lady Luck brings added income today. Lady friend takes it away tonight. From tyler at beloit.edu Thu Nov 29 17:09:50 2001 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <20011129094819.O11664@lemon-computing.com> from "Nick Phillips" at Nov 29, 2001 09:48:19 AM Message-ID: <200111291709.LAA24870@beloit.edu> Ok I am intrigued. I don't see a configuration option that would allow me to have Mailscanner use a different MTA for infected files only. Is this something that would ultimately have to be developed into Mailscanner in the future or is this something I might be able to tweak? Tim > >On Thu, Nov 29, 2001 at 09:14:32AM +1300, Dennis Monks wrote: >> I think it is the later. > >I'd have thought so; hence my first reply. > >> Another solution is to be able to tell mailscanner to use another MTA >> for sending virus reports. This MTA could the be setup to have no >> queueing, or at least take the pressure of main MTA. > >[evil grin] Yup, you could do that... > >-- >Nick Phillips -- nwp@lemon-computing.com >Today is the last day of your life so far. > -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu Go Packers! Go Badgers! 1999&2000 Rose Bowl Champions! From nwp at LEMON-COMPUTING.COM Thu Nov 29 18:09:36 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:07 2006 Subject: Minimizing virus email in queue? In-Reply-To: <200111291709.LAA24870@beloit.edu>; from tyler@BELOIT.EDU on Thu, Nov 29, 2001 at 11:09:50AM -0600 References: <20011129094819.O11664@lemon-computing.com> <200111291709.LAA24870@beloit.edu> Message-ID: <20011129180936.S11664@lemon-computing.com> On Thu, Nov 29, 2001 at 11:09:50AM -0600, Tim Tyler wrote: > Ok I am intrigued. I don't see a configuration option that would allow me > to have Mailscanner use a different MTA for infected files only. Is this > something that would ultimately have to be developed into Mailscanner in the > future or is this something I might be able to tweak? For all messages that are *generated* by mailscanner, the "Sendmail" command defined in mailscanner.conf is used. The desired mail is piped to the command, and envelope information pulled from the headers. So you could do pretty much whatever you like with that. It's not used for anything else, but that's the kind of thing that you'd *really* need to test every time you upgrade ;) For messages that mailscanner has dumped directly into a queue, the "Sendmail2" setting is used. There's not much point changing that too much, as the message is placed in the queue rather than piped to the command. Messages that mailscanner *generates* include: warnings to postmaster warnings to sender disinfected attachments sent to original recipient Messages that mailscanner munges and dumps directly into the queue include: clean messages (hardly even munged!) messages that were dirty but have had dirty bits replaced with warnings Armed with this information, you should be able to go away and decide whether or not you want to modify the "Sendmail" setting, and if so, to what. Any particularly magic recipies or plans of weasel-like cunning might be worth posting here... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You are only young once, but you can stay immature indefinitely. From y.huang at UTORONTO.CA Fri Nov 30 20:51:41 2001 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee Message-ID: Hi Nick and all, >That would appear to be all as expected & OK. Does it behave the same when >the infected file has spaces in its name? I am not sure since I have no infected file. By thinking I maybe did some not correct, I deleted the mailscanner and resinatlled from scartch. I still get the same result. Folloing the placese I changed: ./etc/mailscanner.conf: mailscanner.conf:Virus Scanner = mcafee mailscanner.conf:Sweep = /usr/local/mcafee/mcafeewrapper I am not should I chnage config.pl. But I found it does not make any difference if they are specified as sophos or mcafee. ./bin/config.pl # $Config::Sweep = "/opt/sophos/bin/sophoswrapper"; $Config::Sweep = "/usr/local/mcafee"; # $Config::VirusScanner = 'sophos'; $Config::VirusScanner = 'mcafee'; Thanks for any advise. Bruce From LISTSERV at JISCMAIL.AC.UK Fri Nov 30 18:42:51 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:07 2006 Subject: MAILSCANNER: David.Sullivan@BARNET.AC.UK requested to join Message-ID: <200111301842.SAA20442@magpie.ecs.soton.ac.uk> Fri, 30 Nov 2001 18:42:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from David Sullivan You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER David.Sullivan@BARNET.AC.UK David Sullivan PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER David.Sullivan@BARNET.AC.UK David Sullivan // EOJ From jkf at ecs.soton.ac.uk Fri Nov 30 21:38:24 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:07 2006 Subject: E-mail scan with McAfee In-Reply-To: Message-ID: <5.1.0.14.2.20011130213643.035b01c8@hawk.ecs.soton.ac.uk> Bruce, At 20:51 30/11/2001, you wrote: > >That would appear to be all as expected & OK. Does it behave the same when > >the infected file has spaces in its name? >I am not sure since I have no infected file. By thinking I maybe did some >not correct, I deleted the mailscanner and resinatlled from scartch. I >still get the same result. > > >Folloing the placese I changed: > >./etc/mailscanner.conf: >mailscanner.conf:Virus Scanner = mcafee >mailscanner.conf:Sweep = /usr/local/mcafee/mcafeewrapper That's good. >I am not should I chnage config.pl. But I found it does not make any >difference if they are specified as sophos or mcafee. You should not need to change config.pl. If you are installing from the RPM distribution, all the paths will be set correctly already. In the worst case, all you should need to do is put the path to the mailscanner.conf file on the command line of the "mailscanner" script in your init.d script. But that should be set correctly already anyway. >./bin/config.pl ># $Config::Sweep = "/opt/sophos/bin/sophoswrapper"; >$Config::Sweep = "/usr/local/mcafee"; > ># $Config::VirusScanner = 'sophos'; >$Config::VirusScanner = 'mcafee'; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From splee at PLEXIO.COM Fri Nov 30 21:58:58 2001 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:07 2006 Subject: Alternatives to Sophos Message-ID: <1007157540.2291.2.camel@ralph.plexio.private> Hi, I am currently running Mailscanner 2.60-2 and the demo version of Sophos on a Redhat7.1 - Sendmail 8.11.6. It works very well but the Sophos license for 10 users is $600 USD. When converted to Canadian dollars, that is very expensive for us. We only have 5-6 mail users so it's hard to justify the cost especially when you consider that each desktop copy of Norton AV is around $40. Are there alternatives to Sophos that work with Mailscanner which might be more friendly on the pocket for small businesses? Thanks for any suggestions. Stephen From valianp at SOUTHWESTERN.EDU Fri Nov 30 22:21:49 2001 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:07 2006 Subject: Alternatives to Sophos References: <1007157540.2291.2.camel@ralph.plexio.private> Message-ID: <3C08067D.2040007@southwestern.edu> If Im not mistaken, you technically only need one license to run on your mail server. Only one user is *technically* scanning mail (root). we use mcafee on our campus...we have some sort of site license for desktop scanning software and they just gave us the unix scanner as part of that agreement. I have no idea what we paid. -peter Stephen Lee wrote: >Hi, > >I am currently running Mailscanner 2.60-2 and the demo version of Sophos >on a Redhat7.1 - Sendmail 8.11.6. It works very well but the Sophos >license for 10 users is $600 USD. When converted to Canadian dollars, >that is very expensive for us. We only have 5-6 mail users so it's hard >to justify the cost especially when you consider that each desktop copy >of Norton AV is around $40. Are there alternatives to Sophos that work >with Mailscanner which might be more friendly on the pocket for small >businesses? > >Thanks for any suggestions. > >Stephen > -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- From hamish at TRAVELLINGKIWI.COM Fri Nov 30 23:36:32 2001 From: hamish at TRAVELLINGKIWI.COM (Hamish Marson) Date: Thu Jan 12 21:14:07 2006 Subject: Alternatives to Sophos References: <1007157540.2291.2.camel@ralph.plexio.private> <3C08067D.2040007@southwestern.edu> Message-ID: <3C081800.E9352440@travellingkiwi.com> Peter Valian wrote: > If Im not mistaken, you technically only need one license to run on your > mail server. Only one user is *technically* scanning mail (root). > You're mistaken. The license is actually for the number of users to be protected by the software... > > we use mcafee on our campus...we have some sort of site license for > desktop scanning software and they just gave us the unix scanner as part > of that agreement. I have no idea what we paid. > > -peter > > Stephen Lee wrote: > > >Hi, > > > >I am currently running Mailscanner 2.60-2 and the demo version of Sophos > >on a Redhat7.1 - Sendmail 8.11.6. It works very well but the Sophos > >license for 10 users is $600 USD. When converted to Canadian dollars, > >that is very expensive for us. We only have 5-6 mail users so it's hard > >to justify the cost especially when you consider that each desktop copy > >of Norton AV is around $40. Are there alternatives to Sophos that work > >with Mailscanner which might be more friendly on the pocket for small > >businesses? > > > >Thanks for any suggestions. > > > >Stephen > > > > -- > Peter Valian > Network & Systems Administrator > Southwestern University > Georgetown, Texas > -- -- I don't suffer from Insanity... | Linux User #237369 I enjoy every minute of it... | | http://www.travellingkiwi.com/ |