From jkf at ecs.soton.ac.uk Tue Jan 1 15:04:25 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: ORDB in mailscanner.conf In-Reply-To: Message-ID: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> At 18:50 31/12/2001, you wrote: >In mailscanner.conf it lists a few anti-relay services (such as ORDB). Do >I need to configure sendmail to use those for that to work or is it working >already? MailScanner uses the lists such as ORDB to tag spam. It doesn't prevent delivery, it just tags the messages with an extra header (and optionally some extra text at the start of the Subject: line). If you want to completely prevent delivery of messages from hosts listed in ORDB, then you'll have to configure sendmail to do it. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 2 04:31:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: chicks@CHICKS.NET requested to join Message-ID: <200201020432.EAA01830@magpie.ecs.soton.ac.uk> Wed, 2 Jan 2002 04:31:58 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Christopher Hicks You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER chicks@CHICKS.NET Christopher Hicks PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER chicks@CHICKS.NET Christopher Hicks // EOJ From sjaak at VSM-HOSTING.NL Wed Jan 2 13:20:24 2002 From: sjaak at VSM-HOSTING.NL (Sjaak Nabuurs VSM Hosting) Date: Thu Jan 12 21:14:11 2006 Subject: reject on text in subject References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> Message-ID: <00b501c19390$3c95aba0$1d5afea9@SJAAK> Hi I would like to find bad e-mail based on the subject how can I do this. Second this could be a spam resolving. Would be nice to return all e-mail with the subject "credit card" "sex" and so on. Where can i do this is it possible ? Thanks Sjaak From sjaak at VSM-HOSTING.NL Wed Jan 2 13:32:34 2002 From: sjaak at VSM-HOSTING.NL (Sjaak Nabuurs VSM Hosting) Date: Thu Jan 12 21:14:11 2006 Subject: reject on text in subject References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> <00b501c19390$3c95aba0$1d5afea9@SJAAK> Message-ID: <00c201c19391$eff90560$1d5afea9@SJAAK> > Hi > > I would like to find bad e-mail based on the subject how can I do this. > Second this could be a spam resolving. > Would be nice to return all e-mail with the subject "credit card" "sex" and > so on. > Where can i do this is it possible ? > Something like this would be lovely http://www.gtoal.com/spam/Subject.txt > Thanks > > Sjaak From jkf at ecs.soton.ac.uk Wed Jan 2 13:54:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: reject on text in subject In-Reply-To: <00b501c19390$3c95aba0$1d5afea9@SJAAK> References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020102135157.06b09aa0@imap.ecs.soton.ac.uk> At 13:20 02/01/2002, you wrote: >I would like to find bad e-mail based on the subject how can I do this. >Second this could be a spam resolving. >Would be nice to return all e-mail with the subject "credit card" "sex" and >so on. >Where can i do this is it possible ? The new version will support the SpamAssassin perl module, which you can use to identify a very wide range of spam. This is much better than just keyword spotting in the subject line. To read more about SpamAssassin, go to http://spamassassin.taint.org/ There are a zillion reasons for not just trying to spot things in the subject line, which I won't go into here, but basically almost anything word/phrase you can think of may legitimately appear in an innocent subject line. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 2 13:52:25 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: rusw@BEE.NET left the JISCmail list Message-ID: <200201021352.NAA21749@magpie.ecs.soton.ac.uk> Wed, 2 Jan 2002 13:52:25 Rus Wetherill has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From miguelk at KONSULTEX.COM.BR Wed Jan 2 14:07:19 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:14:11 2006 Subject: Virus Found Statistics Message-ID: <3C331417.5ECDFF81@konsultex.com.br> Julian has a graph which shows the messages scanned and the virii found in those mails as a function of time. I wonder if it's possible to describe how this was done or post the code that would let me duplicate this on my system. Miguel From jkf at ecs.soton.ac.uk Wed Jan 2 14:10:49 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Virus Found Statistics In-Reply-To: <3C331417.5ECDFF81@konsultex.com.br> Message-ID: <5.1.0.14.2.20020102141040.03c9f778@imap.ecs.soton.ac.uk> At 14:07 02/01/2002, you wrote: >Julian has a graph which shows the messages scanned and the virii found >in those mails as a function of time. I wonder if it's possible to >describe how this was done or post the code that would let me duplicate >this on my system. It's all on the web site at http://www.sng.ecs.soton.ac.uk/mailscanner/mrtg.shtml -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From R.A.Gardener at SHU.AC.UK Wed Jan 2 15:03:07 2002 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:14:11 2006 Subject: mailscanner version 3.0 release date info request References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020102135157.06b09aa0@imap.ecs.soton.ac.uk> Message-ID: <006201c1939e$966b1300$5a14348f@VIDEOPRODUCER> Is there any update on the expected release date for version 3.0 please? Regards, Ray Gardener ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, January 02, 2002 1:54 PM Subject: Re: reject on text in subject > The new version will support the SpamAssassin perl module, which you can > use to identify a very wide range of spam. This is much better than just > keyword spotting in the subject line. To read more about SpamAssassin, go > to http://spamassassin.taint.org/ > From nwp at LEMON-COMPUTING.COM Wed Jan 2 15:32:48 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:11 2006 Subject: mailscanner version 3.0 release date info request In-Reply-To: <006201c1939e$966b1300$5a14348f@VIDEOPRODUCER>; from R.A.Gardener@SHU.AC.UK on Wed, Jan 02, 2002 at 03:03:07PM -0000 References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020102135157.06b09aa0@imap.ecs.soton.ac.uk> <006201c1939e$966b1300$5a14348f@VIDEOPRODUCER> Message-ID: <20020102153248.J604@lemon-computing.com> On Wed, Jan 02, 2002 at 03:03:07PM -0000, Ray Gardener wrote: > Is there any update on the expected release date for version 3.0 please? When I stop adding support for new scanners (and hence stop finding niggles in the existing code)... ...but I've just got off the phone to Julian and promised him that I'll behave; I'm going to retest the F-Prot, F-Secure & Kaspersky support now, then check it in and leave it to Julian to package up. Sorry, no Panda this time. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Today is National Existential Ennui Awareness Day. From jkf at ecs.soton.ac.uk Wed Jan 2 18:20:39 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: mailscanner version 3.0 release date info request In-Reply-To: <006201c1939e$966b1300$5a14348f@VIDEOPRODUCER> References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020102135157.06b09aa0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020102182018.034d8dd8@hawk.ecs.soton.ac.uk> At 15:03 02/01/2002, you wrote: >Is there any update on the expected release date for version 3.0 please? This week, I hope. I'll mail the list as soon as it is ready for download. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sevans at FOUNDATION.SDSU.EDU Wed Jan 2 20:00:09 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A767F@foundation.foundation.sdsu.edu> Is there a way to make certain users not have their incoming mail scanned? Steve From LISTSERV at JISCMAIL.AC.UK Wed Jan 2 19:52:23 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: mats@INTERVJUBOLAGET.SE requested to join Message-ID: <200201021952.TAA09488@magpie.ecs.soton.ac.uk> Wed, 2 Jan 2002 19:52:23 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mats Jonsson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mats@INTERVJUBOLAGET.SE Mats Jonsson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mats@INTERVJUBOLAGET.SE Mats Jonsson // EOJ From jkf at ecs.soton.ac.uk Thu Jan 3 08:42:54 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A767F@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> At 20:00 02/01/2002, you wrote: >Is there a way to make certain users not have their incoming mail >scanned? No. People here have asked for that feature too, and I have flatly refused to implement it. What happens if they receive a virus, then forward the mail onto 50 other people inside your organisation? Slightly negates the point of having a virus scanner, doesn't it? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From R.A.Gardener at SHU.AC.UK Thu Jan 3 09:04:43 2002 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients References: <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> Message-ID: <000e01c19435$af7d3340$5a14348f@VIDEOPRODUCER> ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, January 03, 2002 8:42 AM Subject: Re: Excluding Certain Recipients > At 20:00 02/01/2002, you wrote: > >Is there a way to make certain users not have their incoming mail > >scanned? > > No. > People here have asked for that feature too, and I have flatly refused to > implement it. What happens if they receive a virus, then forward the mail > onto 50 other people inside your organisation? Slightly negates the point > of having a virus scanner, doesn't it? Julian's logic make sense to me - but even though mailscanner doesn't do it you can of course set up different directors/router and rulesets within Exim and Sendmail to achieve the same sort of thing. Regards > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From LISTSERV at JISCMAIL.AC.UK Thu Jan 3 09:23:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: paul-w@BLUEYONDER.CO.UK requested to join Message-ID: <200201030923.JAA08094@magpie.ecs.soton.ac.uk> Thu, 3 Jan 2002 09:23:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Paul Welsh You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER paul-w@BLUEYONDER.CO.UK Paul Welsh PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER paul-w@BLUEYONDER.CO.UK Paul Welsh // EOJ From paul.welsh at INAME.COM Thu Jan 3 09:21:53 2002 From: paul.welsh at INAME.COM (Paul Welsh) Date: Thu Jan 12 21:14:11 2006 Subject: Inflex References: <200201030038.g030c6J85236@spf2.us4.outblaze.com> Message-ID: <002d01c19438$15065320$6a0110ac@sbsplc.com> Has anyone tried the MailScanner competitor Inflex (http://www.pldaniels.com/inflex/)? There is a good deal of interest in this product on a pretty active Cobalt (now Sun) RAQ3 mailing list I'm subscribed to (http://groups.yahoo.com/group/raq/) because of its support for the (currently) free F-Prot virus scanner. I'm urging the members to wait for MailScanner v3 with its support for F-Prot, but I'm too much of a Linux newby to compare the two products myself. From R.A.Gardener at SHU.AC.UK Thu Jan 3 09:53:15 2002 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:14:11 2006 Subject: Compatibility with sophie Message-ID: <003101c1943c$77870310$5a14348f@VIDEOPRODUCER> Hi all, Sophie is a daemon which provides a interface to the Sophos Savi library. http://www.vanja.com/tools/sophie/ The reason for my interest is that it promises a faster mechanism of scanning than Sophos's own sweep program. "Since virus patterns are always in memory, scanning is fast (fast in 'startup', not fast in 'execution' :) and takes much less resources. For one 'run', it probably doesn't make a difference if you will use Sophie of Sweep. However, if you have a program (local mail delivery agent, for example) that needs to scan every few seconds/minutes - things are way different. The 'difference' I am talking about is not in scanning itself - when scanning is in progress, Sophie is little involved in it. Scanning speed depends on the SAVI setup, and on the size of the file being scanned (and if it is an archive, there might be hundreds, even thousands of files inside). However, the initialization of the engine is what count in this case" Will mailscanner work with sophie? Regards, Ray Gardener From jkf at ecs.soton.ac.uk Thu Jan 3 10:08:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Compatibility with sophie In-Reply-To: <003101c1943c$77870310$5a14348f@VIDEOPRODUCER> Message-ID: <5.1.0.14.2.20020103100456.03574c30@imap.ecs.soton.ac.uk> At 09:53 03/01/2002, you wrote: >Will mailscanner work with sophie? No. Not currently, anyway. The reason I haven't used it is to guard against resource leaks. As Sophie starts up and runs as a daemon, calling the Sophos SAVI library, it is highly likely that either the Sophie code or the SAVI code leaks memory somewhere. This will make MailScanner unstable (my regular restarts are to guard against memory leaks). So I would need some way of killing off sophie and restarting it on a regular basis, which is awkward. Also, if Sophie died, I would have to detect this death and again restart it. So it all becomes a bit of a mess. To keep load to a minimum I scan messages in batches already, so the startup cost of Sophos Sweep isn't very high per message anyway. The busier the mail server, the larger the batches, so the smaller the cost per message of starting up Sophos Sweep. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Jan 3 10:38:48 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: ANNOUNCE: Version 3.00 released Message-ID: <5.1.0.14.2.20020103103159.035bc970@imap.ecs.soton.ac.uk> Okay folks, Version 3.00 is out there for you. Loads of new features in this release, including - Support for new virus scanning engines (as well as Sophos and McAfee): F-Prot -- free for Linux at the time of writing this message F-Secure Kaspersky CommandAV InoculateIT - Add a signature to clean messages showing they were scanned by MailScanner, in either/both text and HTML - Include the full message headers in virus reports to the local Postmaster - Support for the SpamAssassin project to greatly improve the success of spam identification. See http://spamassassin.taint.org/ for installation instructions. - Stop messages that ever had a virus in them leaving your site, even after they have been cleaned up and had viruses removed. Saves washing your dirty linen in public! - Set the attachment warning filename so it doesn't have to be VirusWarning.txt any more - Support for Sophos' (undocumented) built-in TNEF decoder to improve the decoding of Microsoft Outlook Rich Text Format attachments. - Latest version of the public domain TNEF decoder included. - Revised filename.rules.conf file to set the order of the rules correctly And there are probably some I have forgotten to include... Read the new mailscanner.conf file and the mailscanner.conf documentation for all the new switches and options available. You will discover that some of the virus scanning engine support code is marked as "beta" (read the docs or the mailscanner.conf file and you'll find out the exact meaning of this). We would be grateful to hear from people who have success or problems with any of this code, so that we can rapidly update its status to being fully "supported". All downloadable, as ever, from www.mailscanner.info -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Thu Jan 3 13:03:06 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:11 2006 Subject: ORDB in mailscanner.conf In-Reply-To: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> Message-ID: I must be doing something wrong for I have never seen a message tagged as spam. What exactly do you have to do to enable the optional extra text on the subject line? I was looking at the mailscanner.conf file and need a hint. How do I put the correct text in the conf file? Gerry On Tue, 1 Jan 2002, Julian Field wrote: > At 18:50 31/12/2001, you wrote: > >In mailscanner.conf it lists a few anti-relay services (such as ORDB). Do > >I need to configure sendmail to use those for that to work or is it working > >already? > > MailScanner uses the lists such as ORDB to tag spam. It doesn't prevent > delivery, it just tags the messages with an extra header (and optionally > some extra text at the start of the Subject: line). > > If you want to completely prevent delivery of messages from hosts listed in > ORDB, then you'll have to configure sendmail to do it. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- "The lyfe so short, the craft so long to learne" Chaucer From sevans at FOUNDATION.SDSU.EDU Thu Jan 3 15:40:54 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A7685@foundation.foundation.sdsu.edu> Our mail server routes all the mail through the smarthost running mailscanner. We block all exe attachments but there are 2 or 3 users that have a legitimate reason to receive EXE's. Is there a way so there mail still is scanned but it doesn't block exe's just for those few users. Steve -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Thursday, January 03, 2002 12:43 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Excluding Certain Recipients At 20:00 02/01/2002, you wrote: >Is there a way to make certain users not have their incoming mail >scanned? No. People here have asked for that feature too, and I have flatly refused to implement it. What happens if they receive a virus, then forward the mail onto 50 other people inside your organisation? Slightly negates the point of having a virus scanner, doesn't it? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 3 16:18:50 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: dustin.baer@IHS.COM requested to join Message-ID: <200201031618.QAA28435@magpie.ecs.soton.ac.uk> Thu, 3 Jan 2002 16:18:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dustin Baer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dustin.baer@IHS.COM Dustin Baer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dustin.baer@IHS.COM Dustin Baer // EOJ From jkf at ecs.soton.ac.uk Thu Jan 3 16:32:27 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A7685@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020103163200.03644d00@imap.ecs.soton.ac.uk> At 15:40 03/01/2002, you wrote: >Our mail server routes all the mail through the smarthost running >mailscanner. We block all exe attachments but there are 2 or 3 users >that have a legitimate reason to receive EXE's. Is there a way so there >mail still is scanned but it doesn't block exe's just for those few >users. Not at the moment I'm afraid. They could always just ask the senders to rename them... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From zhangm at R3.SANYOSHK.COM Thu Jan 3 16:58:16 2002 From: zhangm at R3.SANYOSHK.COM (Zhang Ming) Date: Thu Jan 12 21:14:11 2006 Subject: Inflex References: <200201030038.g030c6J85236@spf2.us4.outblaze.com> <002d01c19438$15065320$6a0110ac@sbsplc.com> Message-ID: <00ac01c19477$d8b76040$16021bac@mis1n> We were using this product for about 3 Months and switched to mailscanner 2 months ago. it's not bad one, but uses more resources. seems mailscanner is more stable... ----- Original Message ----- From: "Paul Welsh" To: Sent: Thursday, January 03, 2002 5:21 PM Subject: Inflex > Has anyone tried the MailScanner competitor Inflex > (http://www.pldaniels.com/inflex/)? There is a good deal of interest in > this product on a pretty active Cobalt (now Sun) RAQ3 mailing list I'm > subscribed to (http://groups.yahoo.com/group/raq/) because of its support > for the (currently) free F-Prot virus scanner. I'm urging the members to > wait for MailScanner v3 with its support for F-Prot, but I'm too much of a > Linux newby to compare the two products myself. > From dustin.baer at IHS.COM Thu Jan 3 16:55:07 2002 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:14:11 2006 Subject: 3.00-1 error: Not a HASH reference Message-ID: <3C348CEB.5F556055@ihs.com> While starting mailscanner v. 3.00-1 (with check_mailscanner), I receive the following error message: Not a HASH reference at /opt/mailscanner/bin/sendmail.pl line 86. Line 86 of sendmail.pl is: %$Headers = {}; Has anyone else received this error? If so, what did you do to correct the problem? I am running perl 5.6.1. Thanks, Dustin Baer Unix Administrator Information Handling Services 15 Inverness Way East Englewood, CO 80112 303-397-2836 From ntk at ru.acad.bg Thu Jan 3 16:58:56 2002 From: ntk at ru.acad.bg (Nikolay Kabaivanov) Date: Thu Jan 12 21:14:11 2006 Subject: ANNOUNCE: Version 3.00 released References: <5.1.0.14.2.20020103103159.035bc970@imap.ecs.soton.ac.uk> Message-ID: <3C348DD0.9C4F4976@ru.acad.bg> Hello I have download and installed mailscanner-3.00-1 from rpm package on my RedHat 7.2 system. But in /var/log/maillog file I see this message : Jan 3 18:44:42 elmo mailscanner[31452]: MailScanner E-Mail Virus Scanner version 2.70 starting. Jan 3 18:44:42 elmo mailscanner[31452]: Configuring mailscanner for sendmail... I think that you have forgot to change version string. Is that true ? Also I have problem with f-prot (may be), but I will try to investigate the problem on my own. If you have any aditional information wich may help me pleace provide it. ___________________________________________________________________ Jan 3 18:48:24 elmo mailscanner[31655]: Scanning 2 messages, 155143 bytes FATAL: Encountered code that does not meet configured acceptable stability at /usr/local/MailScanner/bin/logger.pl line 60. Jan 3 18:49:04 elmo mailscanner[31655]: Going to scan 2 messages Jan 3 18:49:04 elmo mailscanner[31655]: Looks like a problem... dumping status information Jan 3 18:49:04 elmo mailscanner[31655]: Minimum acceptable stability = 4 (supported) Jan 3 18:49:04 elmo mailscanner[31655]: Using Scanner "f-prot" Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "f-secure": scanning code status 3 - disinfect code status 3 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "sophos": scanning code status 4 - disinfect code status 4 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "none": scanning code status 0 - disinfect code status 0 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "inoculate": scanning code status 4 - disinfect code status 4 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "command": scanning code status 4 - disinfect code status 4 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "mcafee": scanning code status 4 - disinfect code status 4 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "f-prot": scanning code status 3 - disinfect code status 3 Jan 3 18:49:04 elmo mailscanner[31655]: Scanner "kaspersky": scanning code status 3 - disinfect code status 2 Jan 3 18:49:04 elmo mailscanner[31655]: FATAL: Encountered code that does not meet configured acceptable stability ___________________________________________________________________________ Julian Field wrote: > > Okay folks, Version 3.00 is out there for you. > > Loads of new features in this release, including > > - Support for new virus scanning engines (as well as Sophos and McAfee): > F-Prot -- free for Linux at the time of writing this message > F-Secure > Kaspersky > CommandAV > InoculateIT > - Add a signature to clean messages showing they were scanned by MailScanner, > in either/both text and HTML > - Include the full message headers in virus reports to the local Postmaster > - Support for the SpamAssassin project to greatly improve the success of spam > identification. See http://spamassassin.taint.org/ for installation > instructions. > - Stop messages that ever had a virus in them leaving your site, even after > they have been cleaned up and had viruses removed. Saves washing your dirty > linen in public! > - Set the attachment warning filename so it doesn't have to be > VirusWarning.txt any more > - Support for Sophos' (undocumented) built-in TNEF decoder to improve the > decoding of Microsoft Outlook Rich Text Format attachments. > - Latest version of the public domain TNEF decoder included. > - Revised filename.rules.conf file to set the order of the rules correctly > > And there are probably some I have forgotten to include... > Read the new mailscanner.conf file and the mailscanner.conf documentation > for all the new switches and options available. > > You will discover that some of the virus scanning engine support code is > marked as "beta" (read the docs or the mailscanner.conf file and you'll > find out the exact meaning of this). We would be grateful to hear from > people who have success or problems with any of this code, so that we can > rapidly update its status to being fully "supported". > > All downloadable, as ever, from > www.mailscanner.info > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- __________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From jkf at ecs.soton.ac.uk Thu Jan 3 17:10:17 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Notes about Version 3.00 Message-ID: <5.1.0.14.2.20020103170555.055834b8@imap.ecs.soton.ac.uk> 2 things: Firstly, if you are using a fairly old (<8.10) version of sendmail, and you get a few "Failed to link, are the queues on the same filesystem" warnings, then don't worry because that is just sendmail using the same queue id twice in quick succession which causes a slight problem. Secondly, if MailScanner appears to stop for no reason, switch it into debug mode (set "Debug = 1" in the mailscanner.conf file) and run it. It should run 1 batch of messages and then stop. If you get any errors such as "segmentation fault - core dumped" then your copy of Perl has bugs in it (in places where the version of Perl I use doesn't!). In this case I suggest you upgrade your version of Perl to the very latest and try again. I don't use any features specific to 5.6 so you may like to try the most recent version prior to 5.6 if you have problems with the very latest version. Due to the complexity of MailScanner now, I am starting to run into one or two Perl bugs occasionally. These can normally be solved by upgrading the version of Perl you are using. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 3 17:00:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: jbayer@BAYERFAMILY.NET requested to join Message-ID: <200201031700.RAA00848@magpie.ecs.soton.ac.uk> Thu, 3 Jan 2002 17:00:05 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jonathan Bayer The following membership options have been requested: SUBJECTHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jbayer@BAYERFAMILY.NET Jonathan Bayer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jbayer@BAYERFAMILY.NET Jonathan Bayer SET MAILSCANNER SUBJECTHDR FOR jbayer@BAYERFAMILY.NET // EOJ From jkf at ecs.soton.ac.uk Thu Jan 3 17:14:23 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: 3.00-1 error: Not a HASH reference In-Reply-To: <3C348CEB.5F556055@ihs.com> Message-ID: <5.1.0.14.2.20020103171403.05583600@imap.ecs.soton.ac.uk> At 16:55 03/01/2002, you wrote: >While starting mailscanner v. 3.00-1 (with check_mailscanner), I receive >the following error message: > > Not a HASH reference at /opt/mailscanner/bin/sendmail.pl line 86. > >Line 86 of sendmail.pl is: > > %$Headers = {}; > >Has anyone else received this error? If so, what did you do to correct >the problem? > >I am running perl 5.6.1. Sorry about this, it was a packaging mistake on my part. Just download the latest 3.00-2 and the problem is solved. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sevans at FOUNDATION.SDSU.EDU Thu Jan 3 17:53:08 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:11 2006 Subject: Starting Mailscanner Error Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A768A@foundation.foundation.sdsu.edu> When I try to start mailscanner it says Can't lookup Yoda at /usr/local/Mailscanner/bin/logger.pl line 71 It was working until I messed with the network configuration. Any idea what to do? Steve From LISTSERV at JISCMAIL.AC.UK Thu Jan 3 17:50:28 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: MAILSCANNER: robert.jonsson@IT.SU.SE requested to join Message-ID: <200201031750.RAA03549@magpie.ecs.soton.ac.uk> Thu, 3 Jan 2002 17:50:28 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Robert Jonsson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER robert.jonsson@IT.SU.SE Robert Jonsson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER robert.jonsson@IT.SU.SE Robert Jonsson // EOJ From jkf at ecs.soton.ac.uk Thu Jan 3 18:03:07 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Starting Mailscanner Error In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A768A@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020103180207.0352ee28@hawk.ecs.soton.ac.uk> At 17:53 03/01/2002, you wrote: >When I try to start mailscanner it says Can't lookup Yoda at >/usr/local/Mailscanner/bin/logger.pl line 71 Can't lookup Yoda??? What on earth is Yoda??? Certainly nothing to do with MailScanner. Have you screwed up the DNS lookups? You have killed syslog somehow, check /etc/syslog.conf. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Jan 3 18:05:10 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Version 3.00-3 Message-ID: <5.1.0.14.2.20020103180313.035f6388@hawk.ecs.soton.ac.uk> I will release it in the morning (of 4th Jan 2002). It contains a great improvement to the code that links messages from the incoming queue to the outgoing queue. Only 1 file has changed (sendmail.pl) so upgrading should be very easy if you have already downloaded 3.00-2. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sevans at FOUNDATION.SDSU.EDU Thu Jan 3 18:05:51 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:11 2006 Subject: Starting Mailscanner Error Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A768B@foundation.foundation.sdsu.edu> The machine name -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Thursday, January 03, 2002 10:03 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Starting Mailscanner Error At 17:53 03/01/2002, you wrote: >When I try to start mailscanner it says Can't lookup Yoda at >/usr/local/Mailscanner/bin/logger.pl line 71 Can't lookup Yoda??? What on earth is Yoda??? Certainly nothing to do with MailScanner. Have you screwed up the DNS lookups? You have killed syslog somehow, check /etc/syslog.conf. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Jan 3 18:16:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Starting Mailscanner Error In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A768B@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020103181544.033d3b00@hawk.ecs.soton.ac.uk> At 18:05 03/01/2002, you wrote: >The machine name Try changing the hostname so it is all lower-case. It may be the capital Y that has broken it. Also, check /etc/hosts to ensure it can actually look up its own name. Does "ping yoda" work? >-----Original Message----- >From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] >Sent: Thursday, January 03, 2002 10:03 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Starting Mailscanner Error > > >At 17:53 03/01/2002, you wrote: > >When I try to start mailscanner it says Can't lookup Yoda at > >/usr/local/Mailscanner/bin/logger.pl line 71 > >Can't lookup Yoda??? >What on earth is Yoda??? > >Certainly nothing to do with MailScanner. Have you screwed up the DNS >lookups? You have killed syslog somehow, check /etc/syslog.conf. >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sevans at FOUNDATION.SDSU.EDU Thu Jan 3 18:52:18 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:11 2006 Subject: Files stacked up in mqueue.in Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A768C@foundation.foundation.sdsu.edu> I had some problems with my mailscanner. I built a new box and I want to move the messages that were queued on the old box to the new box so they can be sent out. Can I just move the files from mqueue.in on the old box and put them in mqueue on the new box? Steve From mdchaney at MICHAELCHANEY.COM Thu Jan 3 19:50:54 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients In-Reply-To: <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Thu, Jan 03, 2002 at 08:42:54AM +0000 References: <20C245C5F9A41949A359CCDBF4B3ADED2A767F@foundation.foundati on.sdsu.edu> <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> Message-ID: <20020103135054.D4613@michaelchaney.com> On Thu, Jan 03, 2002 at 08:42:54AM +0000, Julian Field wrote: > At 20:00 02/01/2002, you wrote: > >Is there a way to make certain users not have their incoming mail > >scanned? > > No. > People here have asked for that feature too, and I have flatly refused to > implement it. What happens if they receive a virus, then forward the mail > onto 50 other people inside your organisation? Slightly negates the point > of having a virus scanner, doesn't it? That's making the [incorrect] assumption that my mail server serves only my organization. In my case, I'm adding the above functionality to allow access by domain, although I could do it on the Exim level. Basically, because the licensing for the virus scanning software costs a lot, I can bypass that for domains that don't want to pay extra (but still get the rest of what mailscanner has to offer, which IMHO is significant anyway). So people don't get virus scanning unless they pay, but we can still catch a lot of them by looking for double extensions and the like. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From chicks at CHICKS.NET Thu Jan 3 20:41:57 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:11 2006 Subject: Excluding Certain Recipients In-Reply-To: <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> Message-ID: On Thu, 3 Jan 2002, Julian Field wrote: > No. People here have asked for that feature too, and I have flatly > refused to implement it. What happens if they receive a virus, then > forward the mail onto 50 other people inside your organisation? > Slightly negates the point of having a virus scanner, doesn't it? Maybe so, but I'm currently using mailscanner primarily for anti-spam and I've got the virus chunk of things cut off on all my production machines. I don't want to run the virus software without paying for it. :) I like the fact that mailscanner will tag the spam and still send it to the user so I don't get anybody annoyed for deleting e-mail they want. I'm very much looking forward to the release of mailscanner with junkbuster integrated. I found that 2.6 still tries to run /usr/local/Sophos/bin/sophoswrapper with "Virus Scanning = no", however. I was waiting to mention it until I could investigate and send in a patch, but I haven't gotten there yet. -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From LISTSERV at JISCMAIL.AC.UK Fri Jan 4 00:56:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:11 2006 Subject: Rejected posting to MAILSCANNER@JISCMAIL.AC.UK Message-ID: <200201040056.AAA23135@magpie.ecs.soton.ac.uk> Your message is being returned to you unprocessed because it appears to have already been distributed to the MAILSCANNER list. That is, a message with identical text (but possibly with different mail headers) has been posted to the list recently, either by you or by someone else. If you have a good reason to resend this message to the list (for instance because you have been notified of a hardware failure with loss of data), please alter the text of the message in some way and resend it to the list. Note that altering the "Subject:" line or adding blank lines at the top or bottom of the message is not sufficient; you should instead add a sentence or two at the top explaining why you are resending the message, so that the other subscribers understand why they are getting two copies of the same message. ------------------------ Rejected message (53 lines) -------------------------- Return-Path: Received: from ori.rl.ac.uk by jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <6.000AF507@jiscmail.ac.uk>; Fri, 4 Jan 2002 0:30:39 +0000 Received: from selenium.mcis.singnet.com.sg (selenium.singnet.com.sg [165.21.74.70]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g040Ub712510 for ; Fri, 4 Jan 2002 00:30:37 GMT Received: from mail pickup service by selenium.mcis.singnet.com.sg with Microsoft SMTPSVC; Fri, 4 Jan 2002 08:29:34 +0800 Received: from mx14.singnet.com.sg ([165.21.74.114]) by tellurium.mcis.singnet.com.sg with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 4 Jan 2002 02:04:05 +0800 Received: from jiscmail.ac.uk (jiscmail.ac.uk [130.246.192.48]) by mx14.singnet.com.sg (8.11.5/8.11.5) with ESMTP id g03I1Hm25632 for ; Fri, 4 Jan 2002 02:01:17 +0800 Received: from jiscmail (jiscmail.ac.uk) by jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <9.000AF4D1@jiscmail.ac.uk>; Thu, 3 Jan 2002 18:03:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8d) with spool id 8751853 for MAILSCANNER@JISCMAIL.AC.UK; Thu, 3 Jan 2002 18:03:59 +0000 Received: from ori.rl.ac.uk by jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <8.000AF4A2@jiscmail.ac.uk>; Thu, 3 Jan 2002 18:03:59 +0000 Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g03I3w728144 for ; Thu, 3 Jan 2002 18:03:58 GMT Received: from host213-123-147-27.in-addr.btopenworld.com ([213.123.147.27] helo=roo.ecs.soton.ac.uk) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16MCDe-0005C9-00 for MAILSCANNER@JISCMAIL.AC.UK; Thu, 03 Jan 2002 18:03:58 +0000 X-Sender: jkf@hawk.ecs.soton.ac.uk (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-ID: <5.1.0.14.2.20020103180207.0352ee28@hawk.ecs.soton.ac.uk> Date: Thu, 3 Jan 2002 18:03:07 +0000 Reply-To: MailScanner mailing list Sender: MailScanner mailing list From: Julian Field Subject: Re: Starting Mailscanner Error To: MAILSCANNER@jiscmail.ac.uk In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A768A@foundation.foundati on.sdsu.edu> At 17:53 03/01/2002, you wrote: >When I try to start mailscanner it says Can't lookup Yoda at >/usr/local/Mailscanner/bin/logger.pl line 71 Can't lookup Yoda??? What on earth is Yoda??? Certainly nothing to do with MailScanner. Have you screwed up the DNS lookups? You have killed syslog somehow, check /etc/syslog.conf. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From paul-w at BLUEYONDER.CO.UK Fri Jan 4 00:30:35 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:11 2006 Subject: Inflex References: Message-ID: <027101c194b7$09a63ca0$dde230d5@espmail00053> Any chance of repeating that? It appears to have got mangled. ------------------------------ Date: Fri, 4 Jan 2002 00:58:16 +0800 From: Zhang Ming Subject: Re: Inflex V2Ugd2VyZSB1c2luZyB0aGlzIHByb2R1Y3QgZm9yIGFib3V0IDMgTW9udGhzIGFuZCBzd2l0 Y2hl ZCB0byBtYWlsc2Nhbm5lciAyIG1vbnRocyBhZ28uDQoNCml0J3Mgbm90IGJhZCBvbmUsIGJ1 dCB1 etc From jkf at ecs.soton.ac.uk Fri Jan 4 08:58:44 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: 3.00-3 released Message-ID: <5.1.0.14.2.20020104085454.053e7260@imap.ecs.soton.ac.uk> I have just tested and released 3.00-3. I have improved the code that links messages between queues to deliver clean messages, this should result in far less syslog warnings about "Are the 2 queues on the same filesystem?". It behaves quietly like the original code did, but works more reliably in situations where old versions of sendmail re-use the same queue id twice in quick succession (which can and does happen). I thoroughly advise you all to upgrade to this release if you have downloaded version 3.00 at all. I don't plan on supporting production configurations using 3.00-1 or 3.00-2 if I can possibly avoid it :-) Good luck! Jules. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Jan 4 10:10:09 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:11 2006 Subject: Files stacked up in mqueue.in In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A768C@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020104100950.0386f5f0@imap.ecs.soton.ac.uk> At 18:52 03/01/2002, you wrote: >I had some problems with my mailscanner. I built a new box and I want >to move the messages that were queued on the old box to the new box so >they can be sent out. Can I just move the files from mqueue.in on the >old box and put them in mqueue on the new box? Ideally mqueue.in to mqueue.in so they get virus scanned, but basically you are on the right track, yes. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Jan 4 10:13:02 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Excluding Certain Recipients In-Reply-To: References: <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020104101118.0386e718@imap.ecs.soton.ac.uk> At 20:41 03/01/2002, you wrote: >Maybe so, but I'm currently using mailscanner primarily for anti-spam and >I've got the virus chunk of things cut off on all my production machines. >I don't want to run the virus software without paying for it. :) Agreed, this isn't a situation I had come across before. Maybe a feature for the next version... > I like >the fact that mailscanner will tag the spam and still send it to the user >so I don't get anybody annoyed for deleting e-mail they want. I'm very >much looking forward to the release of mailscanner with junkbuster >integrated. Now released :-) >I found that 2.6 still tries to run /usr/local/Sophos/bin/sophoswrapper >with "Virus Scanning = no", however. I was waiting to mention it until I >could investigate and send in a patch, but I haven't gotten there yet. There is now explicit support for a virus scanner called "none" which will make MailScanner operate as a complete package without the need for any nasty hack or a commercial virus scanner. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 4 11:11:14 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: mk@QUADSTONE.COM requested to join Message-ID: <200201041111.LAA11906@magpie.ecs.soton.ac.uk> Fri, 4 Jan 2002 11:11:14 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Michael Keightley You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mk@QUADSTONE.COM Michael Keightley PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mk@QUADSTONE.COM Michael Keightley // EOJ From t.d.lee at DURHAM.AC.UK Fri Jan 4 12:34:36 2002 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:14:12 2006 Subject: Solaris "pkg" format? Message-ID: Firstly: a huge thanks to Julian for providing, enhancing and supporting MailScanner. It has been most useful. Next: a suggestion. We have MailScanner installed on three Solaris machines, and I am now trying to migrate to MailScanner-3.00-3. It would be great if the installation process could be automated, and the most natural way to do this would be using the Solaris "pkg" mechanism (analogous to the Redhat RPM stuff). Am I a lone voice in the wilderness wondering about Solaris/pkg or would other Solaris sites also find this useful? 1. Julian: could you consider doing this, please? Or at least commenting on the possibility of its being done. 2. If the idea meets with Julian's approval, and if there are several other sites which would positively wish for Solaris/pkg, then I might be able to volunteer to take an initial look at it (although it would have to be at low priority...). 3. If, subject to Julian's looking favourably on the principle, anyone else wishes to volunteer instead of me, please feel free to do so! Thoughts? -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From nwp at LEMON-COMPUTING.COM Fri Jan 4 13:07:37 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:12 2006 Subject: Solaris "pkg" format? In-Reply-To: ; from t.d.lee@DURHAM.AC.UK on Fri, Jan 04, 2002 at 12:34:36PM +0000 References: Message-ID: <20020104130737.X14366@lemon-computing.com> > It would be great if the installation process could be automated, I'm (very slowly) working on it. > and the > most natural way to do this would be using the Solaris "pkg" mechanism > (analogous to the Redhat RPM stuff). Er, no, it wouldn't. The first and most important stage is to come up with a nice easy way to go from a tarball to a configured and installed system on *any* platform. (i.e. something similar or equivalent to "configure; make install") Once that's done, then it should be easier to create packages for any of the popular package management systems (by causing the installer to put everything under a previously-empty subdirectory). In the end I would expect that rpm, solaris pkg, *bsd pkg, and debs at least would be worth having. > 2. If the idea meets with Julian's approval, and if there are several > other sites which would positively wish for Solaris/pkg, then I might > be able to volunteer to take an initial look at it (although it would > have to be at low priority...). Once a generic installer is done, it should be much easier to create platform-specific packages; I'd encourage anyone who's considering trying to make packages for any particular platform to mail me and offer to help with the generic installation system, so that we can: a) get it done, and b) make sure that it really does make it easier to create their particular type of packages. I'd particularly appreciate help/advice from anyone who fits any of the following: * has lots of experience creating similar packaging/installation systems * knows GNU autoconf like the back of their hand * knows GNU make like the back of their hand (less important, this one) * knows why any particular platform will require special treatment * has any really cunning ideas to make this really easy Once the basic installer is done, I'll do a package for Debian. I'd probably need someone else to do (or hand-hold me through doing) packages for solaris and *bsd. And Julian seems to be able to handle RPMs, although I'm sure he'd probably appreciate someone(s) else helping to automate that (and hence reduce the amount of work he has to do), too. So, volunteers, ideas, advice, warnings please step forward... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Tomorrow will be cancelled due to lack of interest. From nwp at LEMON-COMPUTING.COM Fri Jan 4 13:17:07 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:12 2006 Subject: Excluding Certain Recipients In-Reply-To: <20020103135054.D4613@michaelchaney.com>; from mdchaney@MICHAELCHANEY.COM on Thu, Jan 03, 2002 at 01:50:54PM -0600 References: <20C245C5F9A41949A359CCDBF4B3ADED2A767F@foundation.foundati <5.1.0.14.2.20020103084155.03513918@imap.ecs.soton.ac.uk> <20020103135054.D4613@michaelchaney.com> Message-ID: <20020104131707.A14366@lemon-computing.com> On Thu, Jan 03, 2002 at 01:50:54PM -0600, Michael Chaney wrote: > my organization. In my case, I'm adding the above functionality to > allow access by domain, although I could do it on the Exim level. Be very interested to see this once you've done it... -- Nick Phillips -- nwp@lemon-computing.com Bridge ahead. Pay troll. From jkf at ecs.soton.ac.uk Fri Jan 4 14:05:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Solaris "pkg" format? In-Reply-To: Message-ID: <5.1.0.14.2.20020104140425.03152bd8@imap.ecs.soton.ac.uk> At 12:34 04/01/2002, you wrote: >Firstly: a huge thanks to Julian for providing, enhancing and supporting >MailScanner. It has been most useful. No worries! >It would be great if the installation process could be automated, and the >most natural way to do this would be using the Solaris "pkg" mechanism >(analogous to the Redhat RPM stuff). Yes, agreed a Solaris pkg would be a good idea. Just takes time... >1. Julian: could you consider doing this, please? Or at least commenting > on the possibility of its being done. It's definitely possible. I don't know anything about building pkgs at the moment, so would have to do some reading. Any pointers you can give would be most welcome. >2. If the idea meets with Julian's approval, and if there are several > other sites which would positively wish for Solaris/pkg, then I might > be able to volunteer to take an initial look at it (although it would > have to be at low priority...). That would be much appreciated. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jbayer at bayerfamily.net Fri Jan 4 14:07:26 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:12 2006 Subject: install question Message-ID: <677878558.20020104090726@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello MAILSCANNER, I'm trying to install MailScanner on a RedHat 7.2 system. I downloaded and installed the RPM file. At the beginning of the install the following message appears: ==== Stopping sendmail until you correct start of /etc/sendmail.cf file Now, I've checked all the docs, and they specifically state that no changes are required to sendmail.cf. So why am I getting this message? thanks. JBB Jonathan B. Bayer mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw1tx8ACgkQLWek1tt+K52RPQCaAprzoUG9VaEdA5U8u65cTNdR JLsAn2aIuccmBTSWNK4z33dgT6+B1t1a =B1sn -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: vCard.vcf Type: text/x-vcard Size: 613 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020104/b1257143/vCard.vcf From dustin.baer at IHS.COM Fri Jan 4 15:19:25 2002 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:14:12 2006 Subject: syslog reporting of viruses found Message-ID: <3C35C7FD.9531716A@ihs.com> Julian, I have noticed that if a file extension is being blocked (e.g. \.exe$) and an infected attachment arrives with that extension (e.g. zacker.exe), the syslog report says that there are two viruses found: Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: >>> Virus 'W32/Maldal-G' found in file ./g04FEIrM025524/ZaCker1.exe Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: .exe file in ZaCker1.exe Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: Found 2 viruses in messages g04FEIrM025524 This isn't a big deal, but just wanted to make you aware of it, if you weren't already. I do like the fact that the syslog now reports when attachments are quarantined due to the filename.rules.conf file. Thanks, Dustin Baer Unix Administrator Information Handling Services 15 Inverness Way East Englewood, CO 80112 303-397-2836 From jkf at ecs.soton.ac.uk Fri Jan 4 15:22:48 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: syslog reporting of viruses found In-Reply-To: <3C35C7FD.9531716A@ihs.com> Message-ID: <5.1.0.14.2.20020104152204.03211618@imap.ecs.soton.ac.uk> At 15:19 04/01/2002, you wrote: >I have noticed that if a file extension is being blocked (e.g. \.exe$) >and an infected attachment arrives with that extension (e.g. >zacker.exe), the syslog report says that there are two viruses found: > >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: >>> Virus >'W32/Maldal-G' found in file ./g04FEIrM025524/ZaCker1.exe >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: .exe file in >ZaCker1.exe >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: Found 2 viruses in >messages g04FEIrM025524 > >This isn't a big deal, but just wanted to make you aware of it, if you >weren't already. I decided not to change it as doing so would break people's automatic log analysis scripts. > I do like the fact that the syslog now reports when >attachments are quarantined due to the filename.rules.conf file. > >Thanks, > >Dustin Baer >Unix Administrator >Information Handling Services >15 Inverness Way East >Englewood, CO 80112 >303-397-2836 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dustin.baer at IHS.COM Fri Jan 4 15:38:45 2002 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:14:12 2006 Subject: syslog reporting of viruses found References: <5.1.0.14.2.20020104152204.03211618@imap.ecs.soton.ac.uk> Message-ID: <3C35CC85.DA11FC72@ihs.com> Julian Field wrote: > > At 15:19 04/01/2002, you wrote: > >I have noticed that if a file extension is being blocked (e.g. \.exe$) > >and an infected attachment arrives with that extension (e.g. > >zacker.exe), the syslog report says that there are two viruses found: > > > >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: >>> Virus > >'W32/Maldal-G' found in file ./g04FEIrM025524/ZaCker1.exe > >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: .exe file in > >ZaCker1.exe > >Jan 4 08:14:29 mail2.ihs.com mailscanner[25522]: Found 2 viruses in > >messages g04FEIrM025524 > > > >This isn't a big deal, but just wanted to make you aware of it, if you > >weren't already. > > I decided not to change it as doing so would break people's automatic log > analysis scripts. Unless the log analysis script counts how many viruses were caught based on that line...which will lead to a "virus + 1" total in this situation and any other filename included in filename.rules.conf that also contains a virus. -- Dustin From t.d.lee at DURHAM.AC.UK Fri Jan 4 16:08:36 2002 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:14:12 2006 Subject: Solaris "pkg" format? In-Reply-To: <20020104130737.X14366@lemon-computing.com> Message-ID: On Fri, 4 Jan 2002, Nick Phillips wrote: > > It would be great if the installation process could be automated, > > I'm (very slowly) working on it. > > > and the > > most natural way to do this would be using the Solaris "pkg" mechanism > > (analogous to the Redhat RPM stuff). > > Er, no, it wouldn't. > > The first and most important stage is to come up with a nice easy way to > go from a tarball to a configured and installed system on *any* platform. > > (i.e. something similar or equivalent to "configure; make install") Thanks for the reply, Nick. Actually we agree. I was describing the ultimate outcome for a Solaris-based end-user. You are describing the means by which we, as "producers", enable that outcome to be achieved. [ Aside: About a year ago I asked a question on the "automake" list about the possibility of adding support for something likedoing a "make pkg" model of activity and there was a small flurry of discussion. As far as I recall there was no strong dissension (but I must confess, no other wild enthusiasm, either). Since then I was in private email contact with someone who was considering taking the idea forward. ] From nwp at LEMON-COMPUTING.COM Fri Jan 4 17:41:21 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:12 2006 Subject: Solaris "pkg" format? In-Reply-To: ; from t.d.lee@DURHAM.AC.UK on Fri, Jan 04, 2002 at 04:08:36PM +0000 References: <20020104130737.X14366@lemon-computing.com> Message-ID: <20020104174121.C14366@lemon-computing.com> On Fri, Jan 04, 2002 at 04:08:36PM +0000, David Lee wrote: > Agreed: something like > gmake install DESTDIR=temp-build-dir > cd temp-build-dir > Exactly. > Given this encourage from you (and from Julian in a separate message) I'm > trying to knock up a small automake+autoconf scheme at the moment... [very big grin] -- Nick Phillips -- nwp@lemon-computing.com You will be Told about it Tomorrow. Go Home and Prepare Thyself. From jkf at ecs.soton.ac.uk Fri Jan 4 17:50:13 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Announce: Version 3.01-1 released Message-ID: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> This fixes an important bug for F-Prot users, where viruses inside Zip files and other archives could be missed. It is available for download, as ever, from www.mailscanner.info P.S. I only ever claimed the F-Prot code was beta, and not fully tested by other users yet, so I'm not slapping my wrist too hard over this... :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From rfowkar at YAHOO.COM Sat Jan 5 00:20:43 2002 From: rfowkar at YAHOO.COM (Rajesh Fowkar) Date: Thu Jan 12 21:14:12 2006 Subject: [OT] Temporary unsubscription - HOW ? In-Reply-To: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> Message-ID: <20020105002043.GA754@debian> Hi, I will be out of station for next two weeks. How can I temporarily unsubscribe myself from this list. I want to still stay in the list but don't want to receive list mail for the next two weeks. Sorry for this OT question. Peace -- Rajesh http://www.symonds.net/~rajesh/ ***** Powered By: Debian GNU/Linux Kernel 2.4.17(ext3) Let him choose out of my files, his projects to accomplish. -- Shakespeare, "Coriolanus" From nwp at LEMON-COMPUTING.COM Fri Jan 4 19:17:15 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:12 2006 Subject: [OT] Temporary unsubscription - HOW ? In-Reply-To: <20020105002043.GA754@debian>; from rfowkar@YAHOO.COM on Sat, Jan 05, 2002 at 12:20:43AM +0000 References: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> <20020105002043.GA754@debian> Message-ID: <20020104191715.B3590@lemon-computing.com> On Sat, Jan 05, 2002 at 12:20:43AM +0000, Rajesh Fowkar wrote: > Hi, > > I will be out of station for next two weeks. How can I temporarily > unsubscribe myself from this list. I want to still stay in the list but > don't want to receive list mail for the next two weeks. See http://www.jiscmail.ac.uk/user-manual/summary-user-commands.htm (send a mail containing "set * nomail" to jiscmail@jiscmail.ac.uk) -- Nick Phillips -- nwp@lemon-computing.com Don't look back, the lemmings are gaining on you. From nwp at LEMON-COMPUTING.COM Fri Jan 4 19:18:46 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:12 2006 Subject: Announce: Version 3.01-1 released In-Reply-To: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Fri, Jan 04, 2002 at 05:50:13PM +0000 References: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> Message-ID: <20020104191846.C3590@lemon-computing.com> On Fri, Jan 04, 2002 at 05:50:13PM +0000, Julian Field wrote: > P.S. I only ever claimed the F-Prot code was beta, and not fully tested by > other users yet, so I'm not slapping my wrist too hard over this... :-) Besides which it was my fault... -- Nick Phillips -- nwp@lemon-computing.com You're being followed. Cut out the hanky-panky for a few days. From rfowkar at YAHOO.COM Sat Jan 5 01:09:05 2002 From: rfowkar at YAHOO.COM (Rajesh Fowkar) Date: Thu Jan 12 21:14:12 2006 Subject: [OT] Temporary unsubscription - HOW ? In-Reply-To: <20020104191715.B3590@lemon-computing.com> References: <5.1.0.14.2.20020104174829.0629f248@imap.ecs.soton.ac.uk> <20020105002043.GA754@debian> <20020104191715.B3590@lemon-computing.com> Message-ID: <20020105010905.GA1346@debian> Nick Phillips saw fit to inform me that: >On Sat, Jan 05, 2002 at 12:20:43AM +0000, Rajesh Fowkar wrote: >> Hi, >> >> I will be out of station for next two weeks. How can I temporarily >> unsubscribe myself from this list. I want to still stay in the list but >> don't want to receive list mail for the next two weeks. > >See http://www.jiscmail.ac.uk/user-manual/summary-user-commands.htm > >(send a mail containing "set * nomail" to jiscmail@jiscmail.ac.uk) Thanks Nick and Sorry for the trouble. Peace -- Rajesh http://www.symonds.net/~rajesh/ ***** Powered By: Debian GNU/Linux Kernel 2.4.17(ext3) Don't tell any big lies today. Small ones can be just as effective. From LISTSERV at JISCMAIL.AC.UK Fri Jan 4 20:45:49 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: justin@SOPHOS.COM left the JISCmail list Message-ID: <200201042045.UAA10773@magpie.ecs.soton.ac.uk> Fri, 4 Jan 2002 20:45:49 justin@SOPHOS.COM has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From gerry at DORFAM.CA Fri Jan 4 21:07:16 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> Message-ID: I have never seen any indication that spam checking is operational with my install of mailscanner. That includes the 2.6 version as well as the new 3.01 version. The virus checking certainly works as it picked up a virus just last night. I installed spamassassin yesterday and it also doesn't seem to be called by mailscanner...at least there is no header being added regarding spam hits. On the other hand when I activate spamassassin in my procmailrc file it does add the spam headers. I have edited the mailscanner.conf file turning on all spam options. I'm now at a loss of where to go from here?? Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From jkf at ecs.soton.ac.uk Fri Jan 4 23:17:27 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: References: <5.1.0.14.2.20020101150302.03472318@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020104231411.03565008@hawk.ecs.soton.ac.uk> At 21:07 04/01/2002, you wrote: >I have never seen any indication that spam checking is operational with my >install of mailscanner. That includes the 2.6 version as well as the new >3.01 version. The virus checking certainly works as it picked up a virus >just last night. > >I installed spamassassin yesterday and it also doesn't seem to be called >by mailscanner...at least there is no header being added regarding spam >hits. On the other hand when I activate spamassassin in my procmailrc >file it does add the spam headers. > >I have edited the mailscanner.conf file turning on all spam options. I'm >now at a loss of where to go from here?? You should just get the X-MailScanner-SpamCheck: header, none of the other SpamAssassin headers will appear. Try sending the SpamAssassin sample spam message through it, that should show you. What RBL's are you using? the MAPS-RBL+ is only available to JANET sites unless you pay MAPS yourself, and the only other one I have left in is ORDB (I think). Find an open relay in ORDB and send yourself some mail via it. If you can't find an open relay, drop me a line and I'll dig one out for you to try. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From doko at cs.tu-berlin.de Sat Jan 5 01:48:02 2002 From: doko at cs.tu-berlin.de (Matthias Klose) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner can't construct exim file names. Message-ID: <15414.23378.279409.163490@gargle.gargle.HOWL> Trying to setup mailscanner-3.01-2 on a Debian system with exim-3.33, mails get to the correct spool directory, but mailscanner seems to construct a wrong filename: Jan 5 02:29:49 hal mailscanner[30529]: Could not open file /var/spool/exim_incoming/input/16MfQO-00081e-00-H-D: No such file or directory -rw------- 1 mail mail 25 Jan 5 02:15 16MfQO-00081e-00-D -rw------- 1 mail mail 597 Jan 5 02:15 16MfQO-00081e-00-H Btw, is the -2 in the version number part of the version, or is it the release number of the rpm package ... but then the tar package has the -2 as well. From sfarrell at ICCONSULTING.COM.AU Sat Jan 5 04:35:39 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: Inoculate support fix Message-ID: Sorry if this inconvenienced anyone, a small change in sweep.pl existing code: # Ino prints the whole path as opposed to # ./messages/part so make it the same $line =~ s/$BaseDir//; new code : # Ino prints the whole path as opposed to # ./messages/part so make it the same $line =~ s/$Config::SrcDir\///; $BaseDir seemed to be returning HASH(0x8158bbc) instead of the directory name I was after. Other than that 3.01 looks great, good work Julian. I am now going to try the spam assassin support out. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020105/2027e140/attachment.html From gerry at DORFAM.CA Sat Jan 5 03:32:28 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020104231411.03565008@hawk.ecs.soton.ac.uk> Message-ID: Well, I've been having all kinds of problems trying to get spam detection working in MailScanner. I eventually messed up everything so badly that I went back to the 2.6 version and started again. On my system I have been totally unable to get any kind of internal spam screening running with either the 2.6 or the 3.0 versions. Watching top I can see that sendmail and mailscanner run but spamassassin is never executed by mailscanner. Even without using spamassassin mailscanner doesn't tag any emails no matter what they contain. However, when I enable spamassassin using procmail it runs perfectly. I have bounced mail off external mail servers for testing. It doesn't matter what I send to myself it is never flagged by mailscanner's internal spam detection. I have commented out the MAPS-RBL+ site and only have ORDB enabled. I am using an old but functional 486 system to play with this. Could it be that the mailscanner spam code isn't compatible with a 486 cpu? By the way, this isn't a big deal as I only have a home network with four systems and three users including me! I just want to see if I can get it to work!!! Gerry On Fri, 4 Jan 2002, Julian Field wrote: > At 21:07 04/01/2002, you wrote: > >I have never seen any indication that spam checking is operational with my > >install of mailscanner. That includes the 2.6 version as well as the new > >3.01 version. The virus checking certainly works as it picked up a virus > >just last night. > > > >I installed spamassassin yesterday and it also doesn't seem to be called > >by mailscanner...at least there is no header being added regarding spam > >hits. On the other hand when I activate spamassassin in my procmailrc > >file it does add the spam headers. > > > >I have edited the mailscanner.conf file turning on all spam options. I'm > >now at a loss of where to go from here?? > > You should just get the X-MailScanner-SpamCheck: header, none of the other > SpamAssassin headers will appear. Try sending the SpamAssassin sample spam > message through it, that should show you. > > What RBL's are you using? the MAPS-RBL+ is only available to JANET sites > unless you pay MAPS yourself, and the only other one I have left in is ORDB > (I think). Find an open relay in ORDB and send yourself some mail via it. > If you can't find an open relay, drop me a line and I'll dig one out for > you to try. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- "The lyfe so short, the craft so long to learne" Chaucer From sfarrell at ICCONSULTING.COM.AU Sat Jan 5 05:11:21 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? Message-ID: what version of spamassassin are you using - 1.5 seems to be supported (1.3 didnt connect with mailscanner) did you compile spammassion from source, or did you use one of the rpms? I would suggest compile from source - as the rpm's ar 686 and 586 - and not 486. do you get any errors on startup of mailscanner - I had to upgrade to 1.5 to get rid of library problems. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Gerry Doris Sent by: MailScanner mailing list 05/01/2002 01:32 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Can't get spam checking working? Well, I've been having all kinds of problems trying to get spam detection working in MailScanner. I eventually messed up everything so badly that I went back to the 2.6 version and started again. On my system I have been totally unable to get any kind of internal spam screening running with either the 2.6 or the 3.0 versions. Watching top I can see that sendmail and mailscanner run but spamassassin is never executed by mailscanner. Even without using spamassassin mailscanner doesn't tag any emails no matter what they contain. However, when I enable spamassassin using procmail it runs perfectly. I have bounced mail off external mail servers for testing. It doesn't matter what I send to myself it is never flagged by mailscanner's internal spam detection. I have commented out the MAPS-RBL+ site and only have ORDB enabled. I am using an old but functional 486 system to play with this. Could it be that the mailscanner spam code isn't compatible with a 486 cpu? By the way, this isn't a big deal as I only have a home network with four systems and three users including me! I just want to see if I can get it to work!!! Gerry On Fri, 4 Jan 2002, Julian Field wrote: > At 21:07 04/01/2002, you wrote: > >I have never seen any indication that spam checking is operational with my > >install of mailscanner. That includes the 2.6 version as well as the new > >3.01 version. The virus checking certainly works as it picked up a virus > >just last night. > > > >I installed spamassassin yesterday and it also doesn't seem to be called > >by mailscanner...at least there is no header being added regarding spam > >hits. On the other hand when I activate spamassassin in my procmailrc > >file it does add the spam headers. > > > >I have edited the mailscanner.conf file turning on all spam options. I'm > >now at a loss of where to go from here?? > > You should just get the X-MailScanner-SpamCheck: header, none of the other > SpamAssassin headers will appear. Try sending the SpamAssassin sample spam > message through it, that should show you. > > What RBL's are you using? the MAPS-RBL+ is only available to JANET sites > unless you pay MAPS yourself, and the only other one I have left in is ORDB > (I think). Find an open relay in ORDB and send yourself some mail via it. > If you can't find an open relay, drop me a line and I'll dig one out for > you to try. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- "The lyfe so short, the craft so long to learne" Chaucer -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020105/1a853066/attachment.html From gerry at DORFAM.CA Sat Jan 5 04:04:20 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: Message-ID: I'm using version 1.5 of spamassassin and compiled it from source. I noticed the rpm's were for 586 and 686 cpu's and didn't think they would work. I've seen no errors at all from either spamassassin or mailscanner. mailscanner just seems to ignore internal spam checking. I might try it on 1.8Ghz system to see if it works there. However, that system is in big demand and someone always wants it back into windows (the game players hate linux!!!). Gerry On Sat, 5 Jan 2002, Scott Farrell wrote: > what version of spamassassin are you using - 1.5 seems to be supported > (1.3 didnt connect with mailscanner) > > did you compile spammassion from source, or did you use one of the rpms? > > I would suggest compile from source - as the rpm's ar 686 and 586 - and > not 486. > > do you get any errors on startup of mailscanner - I had to upgrade to 1.5 > to get rid of library problems. > > regards > Scott Farrell From sfarrell at ICCONSULTING.COM.AU Sat Jan 5 05:31:10 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: spamassassin Message-ID: It seems to spam check no problem, and I get the log entry : Jan 5 15:21:54 icconsulting3 mailscanner[29215]: Message g054LWW29214 is spam according to SpamAssassin It then mangles the subject line as expected. The resulting email has a field : X_MailScanner_SpamCheck as expected, but its value is : SpamAssassin.. I was really expecting the spamassassin report. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020105/fa540ff1/attachment.html From sfarrell at ICCONSULTING.COM.AU Sat Jan 5 05:41:43 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? Message-ID: I guess you have the config right? here are my settings from a working system: Spam Checks = yes Spam Header = X-MailScanner-SpamCheck: Spam Modify Subject = yes Spam Subject Text = {SPAM?} Use SpamAssassin = yes Max SpamAssassin Size = 2000000 SpamAssassin Timeout = 120 Spam List = watch out for the last one, as I think the default file from the tarball came with 2 lines enabled, and I wasnt sure what the outcome would be. here is a excerpt from my maillog: Jan 5 15:35:58 icconsulting3 mailscanner[29215]: Forwarding 1 clean messages, 1720 bytes Jan 5 15:36:08 icconsulting3 mailscanner[29215]: Message g054YiW29255 is spam according to SpamAssassin Jan 5 15:36:08 icconsulting3 mailscanner[29215]: About to deliver 1 messages The system I am running mailscanner 3.01 and spamassassin on to test is a Pentium 200 and 64Mb of RAM - and I had to allow spamassassin more time to check the mails (note the 120 seconds in my config). I did sees a spamassassin timeout when I had it set to 10secs in my maillog. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Gerry Doris Sent by: MailScanner mailing list 05/01/2002 02:04 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Can't get spam checking working? I'm using version 1.5 of spamassassin and compiled it from source. I noticed the rpm's were for 586 and 686 cpu's and didn't think they would work. I've seen no errors at all from either spamassassin or mailscanner. mailscanner just seems to ignore internal spam checking. I might try it on 1.8Ghz system to see if it works there. However, that system is in big demand and someone always wants it back into windows (the game players hate linux!!!). Gerry On Sat, 5 Jan 2002, Scott Farrell wrote: > what version of spamassassin are you using - 1.5 seems to be supported > (1.3 didnt connect with mailscanner) > > did you compile spammassion from source, or did you use one of the rpms? > > I would suggest compile from source - as the rpm's ar 686 and 586 - and > not 486. > > do you get any errors on startup of mailscanner - I had to upgrade to 1.5 > to get rid of library problems. > > regards > Scott Farrell -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020105/32548f09/attachment.html From gerry at DORFAM.CA Sat Jan 5 12:39:38 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: Message-ID: I was using exactly the same config as you right down to the timing of 120 seconds...I was worried that spamassassin was dropping out because of it. However, I noticed using top that spamassassin (when called from procmail) always finishes in less than 10 sec on the 486. Although it's a very slow system it is idle about 94% of the time and spamassassin is only checking ORDB. Right now I am running mailscanner 2.6 and still can't get any spam internal checking to run...never did before either. There aren't any error messages. Internal spam checking simply doesn't run no matter what I do??? As I said before it isn't a big deal as this is just a home system and I'm using spamassassin from procmail. It's in the "inquiring minds want to know" category. If I get some time later today I'll try it on the 1.8Ghz system. Thanks for you help! Gerry On Sat, 5 Jan 2002, Scott Farrell wrote: > I guess you have the config right? > > here are my settings from a working system: > > Spam Checks = yes > Spam Header = X-MailScanner-SpamCheck: > Spam Modify Subject = yes > Spam Subject Text = {SPAM?} > Use SpamAssassin = yes > Max SpamAssassin Size = 2000000 > SpamAssassin Timeout = 120 > Spam List = > > watch out for the last one, as I think the default file from the tarball > came with 2 lines enabled, and I wasnt sure what the outcome would be. > > here is a excerpt from my maillog: > Jan 5 15:35:58 icconsulting3 mailscanner[29215]: Forwarding 1 clean > messages, 1720 bytes > Jan 5 15:36:08 icconsulting3 mailscanner[29215]: Message g054YiW29255 is > spam according to SpamAssassin > Jan 5 15:36:08 icconsulting3 mailscanner[29215]: About to deliver 1 > messages > > The system I am running mailscanner 3.01 and spamassassin on to test is a > Pentium 200 and 64Mb of RAM - and I had to allow spamassassin more time to > check the mails (note the 120 seconds in my config). I did sees a > spamassassin timeout when I had it set to 10secs in my maillog. > > regards > Scott Farrell > > http://www.icconsulting.com.au > ic Consulting - the people that make eBusiness happen. > We offer e-business consulting and perform services. We deliver high > impact consulting, and fast turn around projects for our clients. > Ask us about Web Content Management, Web Self Service, or working closer > with your customers or suppliers. > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au > > > > > Gerry Doris > Sent by: MailScanner mailing list > 05/01/2002 02:04 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: Can't get spam checking working? > I'm using version 1.5 of spamassassin and compiled it from source. I > noticed the rpm's were for 586 and 686 cpu's and didn't think they would > work. > > I've seen no errors at all from either spamassassin or mailscanner. > mailscanner just seems to ignore internal spam checking. I might try it > on 1.8Ghz system to see if it works there. However, that system is in big > demand and someone always wants it back into windows (the game players > hate linux!!!). > > Gerry > > > On Sat, 5 Jan 2002, Scott Farrell wrote: > > > what version of spamassassin are you using - 1.5 seems to be supported > > (1.3 didnt connect with mailscanner) > > > > did you compile spammassion from source, or did you use one of the rpms? > > > > I would suggest compile from source - as the rpm's ar 686 and 586 - and > > not 486. > > > > do you get any errors on startup of mailscanner - I had to upgrade to > 1.5 > > to get rid of library problems. > > > > regards > > Scott Farrell > > > > -- "The lyfe so short, the craft so long to learne" Chaucer From LISTSERV at JISCMAIL.AC.UK Sat Jan 5 01:27:06 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: change@WESECURETHE.NET requested to join Message-ID: <200201050127.BAA20031@magpie.ecs.soton.ac.uk> Sat, 5 Jan 2002 01:27:06 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Change Ling The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER change@WESECURETHE.NET Change Ling PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER change@WESECURETHE.NET Change Ling SET MAILSCANNER NOMIME DIGEST FOR change@WESECURETHE.NET // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Jan 5 01:37:28 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: doko@CS.TU-BERLIN.DE requested to join Message-ID: <200201050137.BAA20252@magpie.ecs.soton.ac.uk> Sat, 5 Jan 2002 01:37:28 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Matthias Klose You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER doko@CS.TU-BERLIN.DE Matthias Klose PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER doko@CS.TU-BERLIN.DE Matthias Klose // EOJ From jkf at ecs.soton.ac.uk Sat Jan 5 13:56:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: spamassassin In-Reply-To: Message-ID: <5.1.0.14.2.20020105135454.0339edb8@hawk.ecs.soton.ac.uk> At 05:31 05/01/2002, you wrote: >I was really expecting the spamassassin report. Unfortunately, due to the fact that I call SpamAssassin with a timeout, it is difficult to get anything more than a status integer back from it saying whether it was spam or not. Extracting just the SA report from SA doesn't appear possible with their API. Maybe a good idea for the next version of SA. I have to call it with a timeout as I've seen SA fail to terminate too many times! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sat Jan 5 13:52:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: References: <5.1.0.14.2.20020104231411.03565008@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> At 03:32 05/01/2002, you wrote: >On my system I have been totally unable to get any kind of internal spam >screening running with either the 2.6 or the 3.0 versions. Watching top I >can see that sendmail and mailscanner run but spamassassin is never >executed by mailscanner. You won't see it execute anything with "top". It just calls the perl code, it doesn't crank up any binaries to do it (much too slow and heavyweight). >I am using an old but functional 486 system to play with this. Could it >be that the mailscanner spam code isn't compatible with a 486 cpu? Nope. It's written in perl. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Sat Jan 5 21:36:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: evertjan@VANRAMSELAAR.NET requested to join Message-ID: <200201052136.VAA17773@magpie.ecs.soton.ac.uk> Sat, 5 Jan 2002 21:36:08 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Evert Jan van Ramselaar The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER evertjan@VANRAMSELAAR.NET Evert Jan van Ramselaar PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER evertjan@VANRAMSELAAR.NET Evert Jan van Ramselaar SET MAILSCANNER CONCEAL FOR evertjan@VANRAMSELAAR.NET // EOJ From evertjan at VANRAMSELAAR.NET Sat Jan 5 21:52:00 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam Message-ID: <1646.10.10.0.101.1010267520.squirrel@mail.vr-it.com> Hi list, When I configure Use SpamAssassin = yes ALL incoming mail is being marked as spam: Jan 5 22:38:48 ram1 mailscanner[21945]: MailScanner E-Mail Virus Scanner version 3.01 starting. Jan 5 22:38:48 ram1 mailscanner[21945]: Configuring mailscanner for sendmail... Jan 5 22:39:37 ram1 mailscanner[22182]: Forwarding 1 clean messages, 0 bytes Jan 5 22:39:37 ram1 mailscanner[22182]: About to deliver 1 messages Jan 5 22:40:07 ram1 mailscanner[22182]: Forwarding 1 clean messages, 1218 bytes Jan 5 22:40:08 ram1 mailscanner[22182]: Message WAA23193 is spam according to SpamAssassin Jan 5 22:40:08 ram1 mailscanner[22182]: About to deliver 1 messages I have tried sending mail from different hosts, but it all gets marked as spam(and I am sure it's not!). When I turn off SpamAssassin in mailscanner.conf everything is being scanned for viruses and forwarded normally... However, I really like using SpamAssassin with MailScanner. What could have gone wrong? -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From jkf at ecs.soton.ac.uk Sat Jan 5 22:12:13 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <1646.10.10.0.101.1010267520.squirrel@mail.vr-it.com> Message-ID: <5.1.0.14.2.20020105221040.02fb1548@hawk.ecs.soton.ac.uk> At 21:52 05/01/2002, you wrote: >When I configure >Use SpamAssassin = yes > >ALL incoming mail is being marked as spam: Find where SpamAssassin is installed (or where you installed it from) and run "spamassassin - t < somefile" for a few test messages, and see whether SA is reporting them wrongly. I assume you are using SpamAssassin version 1.5? >Jan 5 22:38:48 ram1 mailscanner[21945]: MailScanner E-Mail Virus Scanner >version 3.01 starting. >Jan 5 22:38:48 ram1 mailscanner[21945]: Configuring mailscanner for >sendmail... >Jan 5 22:39:37 ram1 mailscanner[22182]: Forwarding 1 clean messages, 0 >bytes >Jan 5 22:39:37 ram1 mailscanner[22182]: About to deliver 1 messages >Jan 5 22:40:07 ram1 mailscanner[22182]: Forwarding 1 clean messages, >1218 bytes >Jan 5 22:40:08 ram1 mailscanner[22182]: Message WAA23193 is spam >according to SpamAssassin >Jan 5 22:40:08 ram1 mailscanner[22182]: About to deliver 1 messages > >I have tried sending mail from different hosts, but it all gets marked as >spam(and I am sure it's not!). When I turn off SpamAssassin in >mailscanner.conf >everything is being scanned for viruses and forwarded normally... > >However, I really like using SpamAssassin with MailScanner. What could have >gone wrong? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Sat Jan 5 22:25:12 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020105221040.02fb1548@hawk.ecs.soton.ac.uk> Message-ID: <000001c19637$d799e7c0$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Saturday, January 05, 2002 11:12 PM > >When I configure > >Use SpamAssassin = yes > >ALL incoming mail is being marked as spam: > > Find where SpamAssassin is installed (or where you installed it from) and > run "spamassassin - t < somefile" for a few test messages, and see whether > SA is reporting them wrongly. I tried this on some messages, including headers, that had been marked as spam by MailScanner. In all cases, SA reported this: X-Spam-Status: No, hits=0 required=5 tests= SPAM: Content analysis details: (0 hits, 5 required) > I assume you are using SpamAssassin version 1.5? That is right. FYI, I also installed Vipul's Razor ( http://razor.sourceforge.net/ ) -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From jkf at ecs.soton.ac.uk Sat Jan 5 22:34:25 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <000001c19637$d799e7c0$65000a0a@ramws1> References: <5.1.0.14.2.20020105221040.02fb1548@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020105223043.02fcbe68@hawk.ecs.soton.ac.uk> At 22:25 05/01/2002, you wrote: > > -----Original Message----- > > From: MailScanner mailing list On Behalf Of Julian Field > > Sent: Saturday, January 05, 2002 11:12 PM > > > >When I configure > > >Use SpamAssassin = yes > > >ALL incoming mail is being marked as spam: > > > > Find where SpamAssassin is installed (or where you installed it from) and > > run "spamassassin - t < somefile" for a few test messages, and see whether > > SA is reporting them wrongly. > >I tried this on some messages, including headers, that had been marked as >spam by MailScanner. In all cases, SA reported this: > >X-Spam-Status: No, hits=0 required=5 tests= >SPAM: Content analysis details: (0 hits, 5 required) > > > I assume you are using SpamAssassin version 1.5? > >That is right. > >FYI, I also installed Vipul's Razor ( http://razor.sourceforge.net/ ) I haven't installed Vipul's Razor, that's the only difference I can see. Try inserting this before line 279 of sendmail.pl Log::WarnLog("SpamAssassin said " . $spamness->is_spam() . " so SAResult is $SAResult"); then sending yourself some messages. Tell me what it prints in your log. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Sat Jan 5 23:42:14 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020105223043.02fcbe68@hawk.ecs.soton.ac.uk> Message-ID: <000401c19642$9a6c95e0$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Saturday, January 05, 2002 11:34 PM > Try inserting this before line 279 of sendmail.pl > Log::WarnLog("SpamAssassin said " . $spamness->is_spam() . > " so SAResult is $SAResult"); > then sending yourself some messages. Tell me what it prints in your log. Jan 6 00:37:18 ram1 mailscanner[30665]: MailScanner E-Mail Virus Scanner version 3.01 starting. Jan 6 00:37:19 ram1 mailscanner[30665]: Configuring mailscanner for sendmail... Jan 6 00:37:37 ram1 mailscanner[30668]: Startup: found 1 messages waiting Jan 6 00:37:37 ram1 mailscanner[30668]: Forwarding 1 clean messages, 1215 bytes Jan 6 00:37:38 ram1 mailscanner[30669]: SpamAssassin said 1 so SAResult is 1 Jan 6 00:37:38 ram1 mailscanner[30668]: Message AAA29161 is spam according to SpamAssassin Jan 6 00:37:38 ram1 mailscanner[30668]: About to deliver 1 messages Jan 6 00:38:08 ram1 mailscanner[30668]: Forwarding 1 clean messages, 1221 bytes Jan 6 00:38:08 ram1 mailscanner[30676]: SpamAssassin said 1 so SAResult is 1 Jan 6 00:38:08 ram1 mailscanner[30668]: Message AAA30673 is spam according to SpamAssassin Jan 6 00:38:08 ram1 mailscanner[30668]: About to deliver 1 messages -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From gerry at DORFAM.CA Sun Jan 6 03:52:27 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> Message-ID: Hmmm, I think that I mis-understood what would be displayed when spam wasn't detected. I thought that there would be a header line (like when the message is scanned for virus') added in every message not just the spam messages. I get very little spam. I have been adding every site/sender of spam to my procmailrc file for a long time. These go directly to /dev/null. Since I have a home network I can get away with this. The end result is that I don't actually get to see very much non-solicted emails. However, I have another problem :(. The new version of mailscanner seems to stop working after a short time. I've gone back to version 2.6 and am using spamassassin in procmailrc. That works fine while I try and figger out what is going wrong. I've completely removed mailscanner and re-installed several times but it hasn't fixed anything so I'll have to dig deeper. It doesn't seem to matter whether I have spam detection turned on or not. After a short time emails just aren't sent or delivered. It looks like they just sit in the queue waiting. Tomorrow I'll try taking this one step at a time to try and isolate what is happening. Gerry On Sat, 5 Jan 2002, Julian Field wrote: > At 03:32 05/01/2002, you wrote: > >On my system I have been totally unable to get any kind of internal spam > >screening running with either the 2.6 or the 3.0 versions. Watching top I > >can see that sendmail and mailscanner run but spamassassin is never > >executed by mailscanner. > > You won't see it execute anything with "top". It just calls the perl code, > it doesn't crank up any binaries to do it (much too slow and heavyweight). > > >I am using an old but functional 486 system to play with this. Could it > >be that the mailscanner spam code isn't compatible with a 486 cpu? > > Nope. It's written in perl. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- "The lyfe so short, the craft so long to learne" Chaucer From jkf at ecs.soton.ac.uk Sun Jan 6 12:04:35 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <000401c19642$9a6c95e0$65000a0a@ramws1> References: <5.1.0.14.2.20020105223043.02fcbe68@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020106120330.03541e58@hawk.ecs.soton.ac.uk> At 23:42 05/01/2002, you wrote: >Jan 6 00:37:38 ram1 mailscanner[30669]: SpamAssassin said 1 so SAResult is >1 >Jan 6 00:38:08 ram1 mailscanner[30676]: SpamAssassin said 1 so SAResult is >1 As SpamAssassin is saying it is spam, so is my code. I suspect you have hit a SpamAssassin bug (I've seen some strange behaviour sometimes too). I suggest you contact the SpamAssassin guys for help. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sun Jan 6 12:06:18 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: References: <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> At 03:52 06/01/2002, you wrote: >Hmmm, I think that I mis-understood what would be displayed when spam >wasn't detected. I thought that there would be a header line (like when >the message is scanned for virus') added in every message not just the >spam messages. No, only just in actual spam. It doesn't say anything when it hasn't got anything to say :-) >However, I have another problem :(. The new version of mailscanner seems >to stop working after a short time. I've gone back to version 2.6 and am >using spamassassin in procmailrc. That works fine while I try and figger >out what is going wrong. >I've completely removed mailscanner and re-installed several times but it >hasn't fixed anything so I'll have to dig deeper. It doesn't seem to >matter whether I have spam detection turned on or not. After a short time >emails just aren't sent or delivered. It looks like they just sit in the >queue waiting. At this point is the mailscanner process still running? What's the last few mailscanner lines in your maillog when this happens? You may well need to upgrade your version of Perl, a few people are seeing Perl core-dump due to internal bugs in Perl itself. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Sun Jan 6 12:37:02 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020106120330.03541e58@hawk.ecs.soton.ac.uk> Message-ID: <000201c196ae$d74abd40$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Sunday, January 06, 2002 1:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin marks ALL mail as spam > > As SpamAssassin is saying it is spam, so is my code. I suspect > you have hit > a SpamAssassin bug (I've seen some strange behaviour sometimes too). I > suggest you contact the SpamAssassin guys for help. I think I hit a very strange situation. When I turn of SA in MailScanner and put the SA recipe in my .procmailrc, the mail checks out ok, with both the MailScanner and SA headers: X-Mailscanner: Found to be clean X-Spam-Status: No, hits=0 required=5 tests= So it's not really SA that marks the mail as spam when I do the test separate from the MailScanner proces. With these results, I don't have anything to 'slap' the SA developers with... I'll try to think of some more things I can test. I will post any results here. Thanks for your help. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From mhw at WITTSEND.COM Sun Jan 6 15:53:24 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> Message-ID: <20020106105324.A27449@alcove.wittsend.com> On Sun, Jan 06, 2002 at 12:06:18PM +0000, Julian Field wrote: > At 03:52 06/01/2002, you wrote: > >Hmmm, I think that I mis-understood what would be displayed when spam > >wasn't detected. I thought that there would be a header line (like when > >the message is scanned for virus') added in every message not just the > >spam messages. > No, only just in actual spam. It doesn't say anything when it hasn't got > anything to say :-) > >However, I have another problem :(. The new version of mailscanner seems > >to stop working after a short time. I've gone back to version 2.6 and am > >using spamassassin in procmailrc. That works fine while I try and figger > >out what is going wrong. > >I've completely removed mailscanner and re-installed several times but it > >hasn't fixed anything so I'll have to dig deeper. It doesn't seem to > >matter whether I have spam detection turned on or not. After a short time > >emails just aren't sent or delivered. It looks like they just sit in the > >queue waiting. I've also seen this happening. > At this point is the mailscanner process still running? What's the last few > mailscanner lines in your maillog when this happens? For me at least, the MailScanner process is gone. Last MailScanner messages I see in maillog is "Scanning x messages, xxx bytes". I restart the MailScanner by hand and get the same message (generally same x messages and xxx bytes) and if often continues. Last night, I had to restart it 6 times in the same spot (i.e. I looked after starting it and it was gone again) but then it worked and was running this morning when I got up. So it seems to be "non-deterministic" in some way. Sendmail processes continue to run even after the mailscanner process dumps. > You may well need to upgrade your version of Perl, a few people are seeing > Perl core-dump due to internal bugs in Perl itself. Because I installed SpamAssassin and used CPAN, I ended up with Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin disabled in the MailScanner script because of the errors (tagging all messages) being reported and discussed in the other thread on this list. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jkf at ecs.soton.ac.uk Sun Jan 6 16:20:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <20020106105324.A27449@alcove.wittsend.com> References: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020106161026.02b019c8@hawk.ecs.soton.ac.uk> At 15:53 06/01/2002, you wrote: > > At this point is the mailscanner process still running? What's the last few > > mailscanner lines in your maillog when this happens? > > For me at least, the MailScanner process is gone. > > Last MailScanner messages I see in maillog is "Scanning x messages, >xxx bytes". I restart the MailScanner by hand and get the same message >(generally same x messages and xxx bytes) and if often continues. Last >night, I had to restart it 6 times in the same spot (i.e. I looked after >starting it and it was gone again) but then it worked and was running >this morning when I got up. So it seems to be "non-deterministic" in >some way. Sendmail processes continue to run even after the mailscanner >process dumps. This has got to be bugs in Perl as it is non-deterministic. What error do you get when it dies? Just a "Segmentation fault" or something more useful? Unfortunately, quite a lot happens after that maillog entry before anything more happens that will log to maillog, so it's not a very good indicator of where in MailScanner it died. I'll look at reimplementing some of the timeout code, as that's the only code I have ever written that has repeatedly caused Perl to segmentation fault. Does it still segmentation fault with all the spam checking switched off? That would help narrow it down a bit. Can you also try starting it in debug mode and see if it still dies at the same place. And does it log anything more before it dies? The best way of starting it is with the check_mailscanner script. (Don't touch the sendmail processes while doing this, they will happily carry on working) > > You may well need to upgrade your version of Perl, a few people are seeing > > Perl core-dump due to internal bugs in Perl itself. > > Because I installed SpamAssassin and used CPAN, I ended up with >Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin disabled >in the MailScanner script because of the errors (tagging all messages) >being reported and discussed in the other thread on this list. Are you sure that you are using the upgraded Perl 5.6.1? You might have ended up with 2 copies of Perl installed on your system. Do a "/usr/bin/perl -v" just to check... I've seen SpamAssassin tag *a few* messages that it shouldn't have, but the SA is_spam() routine definitely always says they are spam, so my code is only doing exactly what SpamAssassin says it should be. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mhw at wittsend.com Sun Jan 6 17:37:40 2002 From: mhw at wittsend.com (Michael H. Warfield) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020106161026.02b019c8@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106161026.02b019c8@hawk.ecs.soton.ac.uk> Message-ID: <20020106123740.C27449@alcove.wittsend.com> On Sun, Jan 06, 2002 at 04:20:31PM +0000, Julian Field wrote: > At 15:53 06/01/2002, you wrote: > >> At this point is the mailscanner process still running? What's the last > >few > >> mailscanner lines in your maillog when this happens? > > > > For me at least, the MailScanner process is gone. > > > > Last MailScanner messages I see in maillog is "Scanning x messages, > >xxx bytes". I restart the MailScanner by hand and get the same message > >(generally same x messages and xxx bytes) and if often continues. Last > >night, I had to restart it 6 times in the same spot (i.e. I looked after > >starting it and it was gone again) but then it worked and was running > >this morning when I got up. So it seems to be "non-deterministic" in > >some way. Sendmail processes continue to run even after the mailscanner > >process dumps. > This has got to be bugs in Perl as it is non-deterministic. What error do > you get when it dies? Just a "Segmentation fault" or something more useful? None of the above. No "Segmentation fault" and no messages to standard out or standard error. The only message I see is "Starting virus scanner..." and the process later exits. Now, one thing I haven't done (but will the next time it does this) is to run it in debugging mode and keep it in the forground. > Unfortunately, quite a lot happens after that maillog entry before anything > more happens that will log to maillog, so it's not a very good indicator of > where in MailScanner it died. I'll look at reimplementing some of the > timeout code, as that's the only code I have ever written that has > repeatedly caused Perl to segmentation fault. > Does it still segmentation fault with all the spam checking switched off? > That would help narrow it down a bit. Right now, the only spam checking it's running is one of the RBLs. SpamAssassin is disabled. > Can you also try starting it in debug mode and see if it still dies at the > same place. And does it log anything more before it dies? The best way of > starting it is with the check_mailscanner script. (Don't touch the sendmail > processes while doing this, they will happily carry on working) I'll try that. > >> You may well need to upgrade your version of Perl, a few people are > >seeing > >> Perl core-dump due to internal bugs in Perl itself. > > > > Because I installed SpamAssassin and used CPAN, I ended up with > >Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin disabled > >in the MailScanner script because of the errors (tagging all messages) > >being reported and discussed in the other thread on this list. > Are you sure that you are using the upgraded Perl 5.6.1? You might have > ended up with 2 copies of Perl installed on your system. Do a > "/usr/bin/perl -v" just to check... Very sure. I remarked to some friends to watch out if they were running CPAN on a RedHat system and it tried to upgrade perl because the default would go into /usr/local/bin. I had caught that when I saw it and directed the perl build to use /usr for the prefix, but here is the double check, anyways... [mhw@alcove mhw]$ /usr/bin/perl -v This is perl, v5.6.1 built for i586-linux > I've seen SpamAssassin tag *a few* messages that it shouldn't have, but the > SA is_spam() routine definitely always says they are spam, so my code is > only doing exactly what SpamAssassin says it should be. Yeah, I've got SpamAssasin disabled in the MailScanner config right now and am only using it from procmail. There are definitely some problems there, expecially vis-a-vis exit codes. The code itself claims there is a -e switch to enable a non-zero exit code on spam, but the -e switch isn't even recognized. I haven't even looked into the API calls yet or followed up over on the SpamAssassin side of the house. The plain text reporting is working incredibly well, though, and I like Vipul's Razor. Getting it to play nicey nicey with MailScanner would be a nice benefit... Oh... BTW... In one of your earlier messages I noticed a remark that you had seen times when SpamAssassin didn't exit. I've noticed that there are times when it takes a LONG time to exit. Seems to center around the RBL checks and seems to correspond to sluggishness in the DNS (which would make some sense). I have yet to see the spamassassin command not eventually exit. I did have problems with MailScanner initially, which I tracked down to the default of including the JANET UK RBL which seems to cause the MailScanner to hang on my system. Don't know if that is still the default in the lastest bundles, but it caused me some serious headaches till I realized what was misconfigured. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From mhw at wittsend.com Sun Jan 6 17:37:40 2002 From: mhw at wittsend.com (Michael H. Warfield) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020106161026.02b019c8@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020105135134.034ebca0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020106161026.02b019c8@hawk.ecs.soton.ac.uk> Message-ID: <20020106123740.C27449@alcove.wittsend.com> On Sun, Jan 06, 2002 at 04:20:31PM +0000, Julian Field wrote: > At 15:53 06/01/2002, you wrote: > >> At this point is the mailscanner process still running? What's the last > >few > >> mailscanner lines in your maillog when this happens? > > > > For me at least, the MailScanner process is gone. > > > > Last MailScanner messages I see in maillog is "Scanning x messages, > >xxx bytes". I restart the MailScanner by hand and get the same message > >(generally same x messages and xxx bytes) and if often continues. Last > >night, I had to restart it 6 times in the same spot (i.e. I looked after > >starting it and it was gone again) but then it worked and was running > >this morning when I got up. So it seems to be "non-deterministic" in > >some way. Sendmail processes continue to run even after the mailscanner > >process dumps. > This has got to be bugs in Perl as it is non-deterministic. What error do > you get when it dies? Just a "Segmentation fault" or something more useful? None of the above. No "Segmentation fault" and no messages to standard out or standard error. The only message I see is "Starting virus scanner..." and the process later exits. Now, one thing I haven't done (but will the next time it does this) is to run it in debugging mode and keep it in the forground. > Unfortunately, quite a lot happens after that maillog entry before anything > more happens that will log to maillog, so it's not a very good indicator of > where in MailScanner it died. I'll look at reimplementing some of the > timeout code, as that's the only code I have ever written that has > repeatedly caused Perl to segmentation fault. > Does it still segmentation fault with all the spam checking switched off? > That would help narrow it down a bit. Right now, the only spam checking it's running is one of the RBLs. SpamAssassin is disabled. > Can you also try starting it in debug mode and see if it still dies at the > same place. And does it log anything more before it dies? The best way of > starting it is with the check_mailscanner script. (Don't touch the sendmail > processes while doing this, they will happily carry on working) I'll try that. > >> You may well need to upgrade your version of Perl, a few people are > >seeing > >> Perl core-dump due to internal bugs in Perl itself. > > > > Because I installed SpamAssassin and used CPAN, I ended up with > >Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin disabled > >in the MailScanner script because of the errors (tagging all messages) > >being reported and discussed in the other thread on this list. > Are you sure that you are using the upgraded Perl 5.6.1? You might have > ended up with 2 copies of Perl installed on your system. Do a > "/usr/bin/perl -v" just to check... Very sure. I remarked to some friends to watch out if they were running CPAN on a RedHat system and it tried to upgrade perl because the default would go into /usr/local/bin. I had caught that when I saw it and directed the perl build to use /usr for the prefix, but here is the double check, anyways... [mhw@alcove mhw]$ /usr/bin/perl -v This is perl, v5.6.1 built for i586-linux > I've seen SpamAssassin tag *a few* messages that it shouldn't have, but the > SA is_spam() routine definitely always says they are spam, so my code is > only doing exactly what SpamAssassin says it should be. Yeah, I've got SpamAssasin disabled in the MailScanner config right now and am only using it from procmail. There are definitely some problems there, expecially vis-a-vis exit codes. The code itself claims there is a -e switch to enable a non-zero exit code on spam, but the -e switch isn't even recognized. I haven't even looked into the API calls yet or followed up over on the SpamAssassin side of the house. The plain text reporting is working incredibly well, though, and I like Vipul's Razor. Getting it to play nicey nicey with MailScanner would be a nice benefit... Oh... BTW... In one of your earlier messages I noticed a remark that you had seen times when SpamAssassin didn't exit. I've noticed that there are times when it takes a LONG time to exit. Seems to center around the RBL checks and seems to correspond to sluggishness in the DNS (which would make some sense). I have yet to see the spamassassin command not eventually exit. I did have problems with MailScanner initially, which I tracked down to the default of including the JANET UK RBL which seems to cause the MailScanner to hang on my system. Don't know if that is still the default in the lastest bundles, but it caused me some serious headaches till I realized what was misconfigured. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From chicks at CHICKS.NET Sun Jan 6 20:44:11 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:12 2006 Subject: Excluding Certain Recipients In-Reply-To: <5.1.0.14.2.20020104101118.0386e718@imap.ecs.soton.ac.uk> Message-ID: On Fri, 4 Jan 2002, Julian Field wrote: > At 20:41 03/01/2002, you wrote: > >Maybe so, but I'm currently using mailscanner primarily for anti-spam and > >I've got the virus chunk of things cut off on all my production machines. > >I don't want to run the virus software without paying for it. :) > > Agreed, this isn't a situation I had come across before. Maybe a > feature for the next version... I think there's an opportunity here for a more general feature. For instance, it'd be nice if certain recipients could be designated to delete spam instead of tagging spam. MailScanner's ability to tag spam without deleting it is its most important feature for me personally. However, we have lots of users for whom we forward mail to their local mail server that they POP from, and some of those users would prefer for us to delete their spam instead of them filtering it out. If I can avoid having to teach some in-duh-viduals how to setup filters in their mail programs it will make my life much easier too. :-) -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From gerry at DORFAM.CA Mon Jan 7 03:03:35 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:12 2006 Subject: Can't get spam checking working? In-Reply-To: <5.1.0.14.2.20020106120437.03632708@hawk.ecs.soton.ac.uk> Message-ID: On Sun, 6 Jan 2002, Julian Field wrote: > At this point is the mailscanner process still running? What's the last few > mailscanner lines in your maillog when this happens? My maillog shows mailscanner checked a test message being sent from my system. There is no other mention of mailscanner after that. sendmail is still running but mailscanner has disappeared. > You may well need to upgrade your version of Perl, a few people are seeing > Perl core-dump due to internal bugs in Perl itself. I upgrade my verison of perl today to 5.61 using CPAN. I also installed Bundle::CPAN to be sure everything was up to date. This is what I was running when I got the above results today. This is the same as I've been getting with the new version. There are no error messages anywhere. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From sfarrell at ICCONSULTING.COM.AU Sun Jan 6 04:37:16 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: spamassassin Message-ID: Thanks for reply Jules ... I stop looking for the report. Not that I really need it, its just my nature to like reading detailed reports on stats etc. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Julian Field Sent by: MailScanner mailing list 05/01/2002 11:56 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: spamassassin At 05:31 05/01/2002, you wrote: >I was really expecting the spamassassin report. Unfortunately, due to the fact that I call SpamAssassin with a timeout, it is difficult to get anything more than a status integer back from it saying whether it was spam or not. Extracting just the SA report from SA doesn't appear possible with their API. Maybe a good idea for the next version of SA. I have to call it with a timeout as I've seen SA fail to terminate too many times! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020106/b9cf3acf/attachment.html From sfarrell at ICCONSULTING.COM.AU Mon Jan 7 06:21:41 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying Message-ID: I am getting a similar result. The mailscanner perl task just vanishes. I set SpamAssassin to no. It was also fairly random, if I started mailscanner enough times the email finally got through. It was occuring on plaintext emails (that aren't scanned) and ones with attachments (scanned with innoculate). The innoculate part works fine. I never had mailscanner fail under mailscanner 2.53-1, even over a few month sof continuos running. under Debug=1, I ran the /usr/local/MailScanner/bin/check_mailscanner.linux directly, and saw a few segfaults in line 50, which is the close if I think, which doesn't make a lot of sense to me. One other time it said something about "$process $config " which appears in the script file just above line 50. I am running : This is perl, v5.6.0 built for i386-linux I have redhat 7.2 - I am going to try any redhat ways of upgrading perl first, then try CPAN if there isn't a redhat upgrade. ps. (I haven't tried the adjusted sweep.pl for innoculate fixes yet (from Nick), as I haven't got enough other things in 3.0 stable enough) pps. I have had to set mailscanner to process individual mails, 1 at a time, and check the mailscanner process often. I am keen to see if anyone else is having this problem. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au "Michael H. Warfield" To: MAILSCANNER@JISCMAIL.AC.UK cc: Sent by: Subject: Re: Can't get spam checking working? MailScanner mailing list 07/01/02 04:37 AM Please respond to MailScanner mailing list On Sun, Jan 06, 2002 at 04:20:31PM +0000, Julian Field wrote: > At 15:53 06/01/2002, you wrote: > >> At this point is the mailscanner process still running? What's the last > >few > >> mailscanner lines in your maillog when this happens? > > > > For me at least, the MailScanner process is gone. > > > > Last MailScanner messages I see in maillog is "Scanning x messages, > >xxx bytes". I restart the MailScanner by hand and get the same message > >(generally same x messages and xxx bytes) and if often continues. Last > >night, I had to restart it 6 times in the same spot (i.e. I looked after > >starting it and it was gone again) but then it worked and was running > >this morning when I got up. So it seems to be "non-deterministic" in > >some way. Sendmail processes continue to run even after the mailscanner > >process dumps. > This has got to be bugs in Perl as it is non-deterministic. What error do > you get when it dies? Just a "Segmentation fault" or something more useful? None of the above. No "Segmentation fault" and no messages to standard out or standard error. The only message I see is "Starting virus scanner..." and the process later exits. Now, one thing I haven't done (but will the next time it does this) is to run it in debugging mode and keep it in the forground. > Unfortunately, quite a lot happens after that maillog entry before anything > more happens that will log to maillog, so it's not a very good indicator of > where in MailScanner it died. I'll look at reimplementing some of the > timeout code, as that's the only code I have ever written that has > repeatedly caused Perl to segmentation fault. > Does it still segmentation fault with all the spam checking switched off? > That would help narrow it down a bit. Right now, the only spam checking it's running is one of the RBLs. SpamAssassin is disabled. > Can you also try starting it in debug mode and see if it still dies at the > same place. And does it log anything more before it dies? The best way of > starting it is with the check_mailscanner script. (Don't touch the sendmail > processes while doing this, they will happily carry on working) I'll try that. > >> You may well need to upgrade your version of Perl, a few people are > >seeing > >> Perl core-dump due to internal bugs in Perl itself. > > > > Because I installed SpamAssassin and used CPAN, I ended up with > >Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin disabled > >in the MailScanner script because of the errors (tagging all messages) > >being reported and discussed in the other thread on this list. > Are you sure that you are using the upgraded Perl 5.6.1? You might have > ended up with 2 copies of Perl installed on your system. Do a > "/usr/bin/perl -v" just to check... Very sure. I remarked to some friends to watch out if they were running CPAN on a RedHat system and it tried to upgrade perl because the default would go into /usr/local/bin. I had caught that when I saw it and directed the perl build to use /usr for the prefix, but here is the double check, anyways... [mhw@alcove mhw]$ /usr/bin/perl -v This is perl, v5.6.1 built for i586-linux > I've seen SpamAssassin tag *a few* messages that it shouldn't have, but the > SA is_spam() routine definitely always says they are spam, so my code is > only doing exactly what SpamAssassin says it should be. Yeah, I've got SpamAssasin disabled in the MailScanner config right now and am only using it from procmail. There are definitely some problems there, expecially vis-a-vis exit codes. The code itself claims there is a -e switch to enable a non-zero exit code on spam, but the -e switch isn't even recognized. I haven't even looked into the API calls yet or followed up over on the SpamAssassin side of the house. The plain text reporting is working incredibly well, though, and I like Vipul's Razor. Getting it to play nicey nicey with MailScanner would be a nice benefit... Oh... BTW... In one of your earlier messages I noticed a remark that you had seen times when SpamAssassin didn't exit. I've noticed that there are times when it takes a LONG time to exit. Seems to center around the RBL checks and seems to correspond to sluggishness in the DNS (which would make some sense). I have yet to see the spamassassin command not eventually exit. I did have problems with MailScanner initially, which I tracked down to the default of including the JANET UK RBL which seems to cause the MailScanner to hang on my system. Don't know if that is still the default in the lastest bundles, but it caused me some serious headaches till I realized what was misconfigured. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 02:37:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: amydiehl@HOTMAIL.COM requested to join Message-ID: <200201070237.CAA05226@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 02:37:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Amy Diehl The following membership options have been requested: NOMAIL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER amydiehl@HOTMAIL.COM Amy Diehl PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER amydiehl@HOTMAIL.COM Amy Diehl SET MAILSCANNER NOMAIL FOR amydiehl@HOTMAIL.COM // EOJ From LISTSERV at JISCMAIL.AC.UK Sun Jan 6 20:52:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: paal@NKI.NO requested to join Message-ID: <200201062052.UAA22137@magpie.ecs.soton.ac.uk> Sun, 6 Jan 2002 20:52:57 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Paal Hagerup You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER paal@NKI.NO Paal Hagerup PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER paal@NKI.NO Paal Hagerup // EOJ From jkf at ecs.soton.ac.uk Mon Jan 7 05:54:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying In-Reply-To: Message-ID: <5.1.0.14.2.20020107055144.03458008@hawk.ecs.soton.ac.uk> If someone is prepared to give me login and root access on one of these machines where MailScanner is dying, I can do some investigations. But without that, I just can't reproduce the problem :-( Any offers please? At 06:21 07/01/2002, you wrote: >I am getting a similar result. The mailscanner perl task just vanishes. >It was occuring on plaintext emails (that aren't scanned) and ones with >attachments (scanned with innoculate). The innoculate part works fine. >under Debug=1, I ran the /usr/local/MailScanner/bin/check_mailscanner.linux >directly, and saw a few segfaults in line 50, which is the close if I >think, which doesn't make a lot of sense to me. >This is perl, v5.6.0 built for i386-linux This is exactly the same version I am running, but under RedHat 7.1 instead of your 7.2 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 7 06:04:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <000201c196ae$d74abd40$65000a0a@ramws1> References: <5.1.0.14.2.20020106120330.03541e58@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> If you kill the mailscanner process ("ps -fe | grep mailscan" then kill it) then start it up with check_mailscanner, what does it print to the console? Anything about a lack of configuration text? I got this when I upgraded my perl but didn't re-install SpamAssassin afterwards. The perl previous-version-searching doesn't work with SpamAssassin. At 12:37 06/01/2002, you wrote: > > -----Original Message----- > > From: MailScanner mailing list On Behalf Of Julian Field > > Sent: Sunday, January 06, 2002 1:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: SpamAssassin marks ALL mail as spam > > > > As SpamAssassin is saying it is spam, so is my code. I suspect > > you have hit > > a SpamAssassin bug (I've seen some strange behaviour sometimes too). I > > suggest you contact the SpamAssassin guys for help. > >I think I hit a very strange situation. When I turn of SA in MailScanner and >put the SA recipe in my .procmailrc, the mail checks out ok, with both the >MailScanner and SA headers: > >X-Mailscanner: Found to be clean >X-Spam-Status: No, hits=0 required=5 tests= > >So it's not really SA that marks the mail as spam when I do the test >separate from the MailScanner proces. >With these results, I don't have anything to 'slap' the SA developers >with... > >I'll try to think of some more things I can test. I will post any results >here. > >Thanks for your help. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sfarrell at ICCONSULTING.COM.AU Mon Jan 7 07:22:29 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying Message-ID: no problem, as long as its from just one IP address - that I can allow through the firewall. You are on my spam.whitelist.conf (by default), so why don't I give you a root account also. Why dont you send the ip address(es) via direct email, and I can send you some other info also. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Julian Field cc: Sent by: Subject: Re: mailscanner dying MailScanner mailing list 07/01/02 04:54 PM Please respond to MailScanner mailing list If someone is prepared to give me login and root access on one of these machines where MailScanner is dying, I can do some investigations. But without that, I just can't reproduce the problem :-( Any offers please? At 06:21 07/01/2002, you wrote: >I am getting a similar result. The mailscanner perl task just vanishes. >It was occuring on plaintext emails (that aren't scanned) and ones with >attachments (scanned with innoculate). The innoculate part works fine. >under Debug=1, I ran the /usr/local/MailScanner/bin/check_mailscanner.linux >directly, and saw a few segfaults in line 50, which is the close if I >think, which doesn't make a lot of sense to me. >This is perl, v5.6.0 built for i386-linux This is exactly the same version I am running, but under RedHat 7.1 instead of your 7.2 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From tlyons at digitalvoodoo.org Mon Jan 7 06:32:10 2002 From: tlyons at digitalvoodoo.org (Tim Lyons) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying In-Reply-To: <5.1.0.14.2.20020107055144.03458008@hawk.ecs.soton.ac.uk> Message-ID: <002001c19745$096d7330$6e00a8c0@q45> Julian, I'd be willing to grant you the access providing you give me the IP you'll be coming from. Contact me off list as I'll have to re-install v3 (no big deal[tm]). --Tim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, January 07, 2002 00:55 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: mailscanner dying If someone is prepared to give me login and root access on one of these machines where MailScanner is dying, I can do some investigations. But without that, I just can't reproduce the problem :-( Any offers please? At 06:21 07/01/2002, you wrote: >I am getting a similar result. The mailscanner perl task just vanishes. >It was occuring on plaintext emails (that aren't scanned) and ones with >attachments (scanned with innoculate). The innoculate part works fine. >under Debug=1, I ran the /usr/local/MailScanner/bin/check_mailscanner.linux >directly, and saw a few segfaults in line 50, which is the close if I >think, which doesn't make a lot of sense to me. >This is perl, v5.6.0 built for i386-linux This is exactly the same version I am running, but under RedHat 7.1 instead of your 7.2 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sfarrell at ICCONSULTING.COM.AU Mon Jan 7 07:34:29 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying Message-ID: Just a quick question regarding: Spam Checks = yes Use SpamAssassin = yes Does setting "Spam Checks = no" stop spam assassin from being called, or does it only stop mailscanners RBL checks? These are my current settings: Spam List = Spam Checks = yes Use SpamAssassin = yes I am trying to bypass the RBL type checks from mailscanner and let SpamAssassin do them. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au From paal at NKI.NO Mon Jan 7 08:01:22 2002 From: paal at NKI.NO (Paal Hagerup) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying References: <5.1.0.14.2.20020107055144.03458008@hawk.ecs.soton.ac.uk> Message-ID: <3C3955D2.7050204@nki.no> I have the same problem. The MailScanner dies, each time leaving a new dfg* and zero sized tfg* in mqueue. Running i debug mode the scanner dies without any error message. This is with f-prot and RedHat 7.2. If you want access to the machine just send me an email. Paal Hagerup Julian Field wrote: > If someone is prepared to give me login and root access on one of these > machines where MailScanner is dying, I can do some investigations. But > without that, I just can't reproduce the problem :-( > > Any offers please? > > At 06:21 07/01/2002, you wrote: > >> I am getting a similar result. The mailscanner perl task just vanishes. >> It was occuring on plaintext emails (that aren't scanned) and ones with >> attachments (scanned with innoculate). The innoculate part works fine. >> under Debug=1, I ran the >> /usr/local/MailScanner/bin/check_mailscanner.linux >> directly, and saw a few segfaults in line 50, which is the close if I >> think, which doesn't make a lot of sense to me. > > >> This is perl, v5.6.0 built for i386-linux > > > This is exactly the same version I am running, but under RedHat 7.1 > instead > of your 7.2 > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 06:43:23 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: steven@JUBAL.COM requested to join Message-ID: <200201070643.GAA13204@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 06:43:23 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Stephen Nelson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER steven@JUBAL.COM Stephen Nelson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER steven@JUBAL.COM Stephen Nelson // EOJ From jkf at ecs.soton.ac.uk Mon Jan 7 08:55:02 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:12 2006 Subject: mailscanner dying In-Reply-To: Message-ID: <5.1.0.14.2.20020107085244.034ca008@hawk.ecs.soton.ac.uk> Many thanks for the offers, I'll just take up 1 for now (Scott's) and try to solve that one. I may contact the other offerers later. Let's take 1 thing at a time... At 07:34 07/01/2002, you wrote: >Just a quick question regarding: >Spam Checks = yes >Use SpamAssassin = yes > >Does setting "Spam Checks = no" stop spam assassin from being called, or >does it only stop mailscanners RBL checks? It stops all the spam checks. >These are my current settings: > >Spam List = >Spam Checks = yes >Use SpamAssassin = yes > >I am trying to bypass the RBL type checks from mailscanner and let >SpamAssassin do them. That should work fine. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 09:03:15 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: H.Hashim@MATHS.SOTON.AC.UK left the JISCmail list Message-ID: <200201070903.JAA19128@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 09:03:15 H Hashim has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 11:42:14 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:12 2006 Subject: MAILSCANNER: gennari@ECO.UNIBS.IT requested to join Message-ID: <200201071142.LAA29255@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 11:42:14 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Daniele Gennari You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER gennari@ECO.UNIBS.IT Daniele Gennari PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER gennari@ECO.UNIBS.IT Daniele Gennari // EOJ From jkf at ecs.soton.ac.uk Mon Jan 7 12:05:43 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <3C3955D2.7050204@nki.no> References: <5.1.0.14.2.20020107055144.03458008@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> Suggestion: Change "Multiple Headers" from "append" to "add" and see if it still dies. This has solved the problem for 1 user. I know this is only a temporary workaround, but it's better than not working at all :) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Mon Jan 7 11:58:21 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: ; from chicks@CHICKS.NET on Sun, Jan 06, 2002 at 03:44:11PM -0500 References: <5.1.0.14.2.20020104101118.0386e718@imap.ecs.soton.ac.uk> Message-ID: <20020107115821.F20462@lemon-computing.com> On Sun, Jan 06, 2002 at 03:44:11PM -0500, Christopher Hicks wrote: > I think there's an opportunity here for a more general feature. This could get ridiculously complex, couldn't it? Wouldn't it be better to use some kind of filter in the MTA config after it's passed through mailscanner? I'd rather not see too much duplicated complexity between mailscanner and MTAs - especially with MTAs' histories of getting it wrong. Just my HO. -- Nick Phillips -- nwp@lemon-computing.com Be different: conform. From m.sapsed at bangor.ac.uk Mon Jan 7 13:36:36 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> Message-ID: On Mon, 7 Jan 2002, Julian Field wrote: > Suggestion: Change "Multiple Headers" from "append" to "add" and see if it > still dies. This has solved the problem for 1 user. > > I know this is only a temporary workaround, but it's better than not > working at all :) I've just done this change and fed it with a message I had stored which I knew would break mailscanner and it worked ok. One of the common bits between the messages I'd stored which failed was an existing Mailscanner header... Thanks Julian... Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From m.sapsed at bangor.ac.uk Mon Jan 7 13:36:36 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> Message-ID: On Mon, 7 Jan 2002, Julian Field wrote: > Suggestion: Change "Multiple Headers" from "append" to "add" and see if it > still dies. This has solved the problem for 1 user. > > I know this is only a temporary workaround, but it's better than not > working at all :) I've just done this change and fed it with a message I had stored which I knew would break mailscanner and it worked ok. One of the common bits between the messages I'd stored which failed was an existing Mailscanner header... Thanks Julian... Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From mhw at WITTSEND.COM Mon Jan 7 13:56:59 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying In-Reply-To: <3C3955D2.7050204@nki.no> References: <5.1.0.14.2.20020107055144.03458008@hawk.ecs.soton.ac.uk> <3C3955D2.7050204@nki.no> Message-ID: <20020107085659.A3948@alcove.wittsend.com> On Mon, Jan 07, 2002 at 08:01:22AM +0000, Paal Hagerup wrote: > I have the same problem. The MailScanner dies, each time > leaving a new dfg* and zero sized tfg* in mqueue. Running i debug mode > the scanner dies without any error message. This is with f-prot and > RedHat 7.2. Suplimenting my own report, I also see the empty tf* files. Of course, the df* files are data files (third char is part of the sequence/ID for Sendmail). OTOH... I'm currently using Sophos, instead of f-prot, although I have both on the system. > If you want access to the machine just send me an email. > Paal Hagerup > Julian Field wrote: > > >If someone is prepared to give me login and root access on one of these > >machines where MailScanner is dying, I can do some investigations. But > >without that, I just can't reproduce the problem :-( At this point, mailscanner has not died on me in the last 72 hours. Next time it dies, I'm likely to take a snapshot of the queues before restarting it. > >Any offers please? > >At 06:21 07/01/2002, you wrote: > > > >>I am getting a similar result. The mailscanner perl task just vanishes. > >>It was occuring on plaintext emails (that aren't scanned) and ones with > >>attachments (scanned with innoculate). The innoculate part works fine. > >>under Debug=1, I ran the > >>/usr/local/MailScanner/bin/check_mailscanner.linux > >>directly, and saw a few segfaults in line 50, which is the close if I > >>think, which doesn't make a lot of sense to me. > > > > > >>This is perl, v5.6.0 built for i386-linux > > > > > >This is exactly the same version I am running, but under RedHat 7.1 > >instead > >of your 7.2 > >-- > >Julian Field Teaching Systems Manager > >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > >Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jbayer at bayerfamily.net Mon Jan 7 13:43:24 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying In-Reply-To: References: Message-ID: <1491644504.20020107084324@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Scott, What version of MailScanner are you running? I had this same problem and worked with Julian to get it fixed. The version I am running was installed via RPM and is mailscanner-3.01-2 This is on a RedHat 7.2 system with all updates installed from RedHat. JBB Monday, January 07, 2002, 1:21:41 AM, you wrote: SF> I am getting a similar result. The mailscanner perl task just vanishes. SF> I set SpamAssassin to no. SF> It was also fairly random, if I started mailscanner enough times the email SF> finally got through. SF> It was occuring on plaintext emails (that aren't scanned) and ones with SF> attachments (scanned with innoculate). The innoculate part works fine. SF> I never had mailscanner fail under mailscanner 2.53-1, even over a few SF> month sof continuos running. SF> under Debug=1, I ran the /usr/local/MailScanner/bin/check_mailscanner.linux SF> directly, and saw a few segfaults in line 50, which is the close if I SF> think, which doesn't make a lot of sense to me. One other time it said SF> something about "$process $config " which appears in the script file just SF> above line 50. SF> I am running : SF> This is perl, v5.6.0 built for i386-linux SF> I have redhat 7.2 - I am going to try any redhat ways of upgrading perl SF> first, then try CPAN if there isn't a redhat upgrade. SF> ps. (I haven't tried the adjusted sweep.pl for innoculate fixes yet (from SF> Nick), as I haven't got enough other things in 3.0 stable enough) SF> pps. I have had to set mailscanner to process individual mails, 1 at a SF> time, and check the mailscanner process often. I am keen to see if anyone SF> else is having this problem. SF> regards SF> Scott Farrell SF> http://www.icconsulting.com.au SF> ic Consulting - the people that make eBusiness happen. SF> We offer e-business consulting and perform services. We deliver high impact SF> consulting, and fast turn around projects for our clients. SF> Ask us about Web Content Management, Web Self Service, or working closer SF> with your customers or suppliers. SF> 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au SF> "Michael H. SF> Warfield" To: MAILSCANNER@JISCMAIL.AC.UK SF> cc: SF> Sent by: Subject: Re: Can't get spam checking working? SF> MailScanner SF> mailing list SF> AIL.AC.UK> SF> 07/01/02 04:37 AM SF> Please respond to SF> MailScanner SF> mailing list SF> On Sun, Jan 06, 2002 at 04:20:31PM +0000, Julian Field wrote: >> At 15:53 06/01/2002, you wrote: >> >> At this point is the mailscanner process still running? What's the SF> last >> >few >> >> mailscanner lines in your maillog when this happens? >> > >> > For me at least, the MailScanner process is gone. >> > >> > Last MailScanner messages I see in maillog is "Scanning x SF> messages, >> >xxx bytes". I restart the MailScanner by hand and get the same message >> >(generally same x messages and xxx bytes) and if often continues. Last >> >night, I had to restart it 6 times in the same spot (i.e. I looked after >> >starting it and it was gone again) but then it worked and was running >> >this morning when I got up. So it seems to be "non-deterministic" in >> >some way. Sendmail processes continue to run even after the mailscanner >> >process dumps. >> This has got to be bugs in Perl as it is non-deterministic. What error do >> you get when it dies? Just a "Segmentation fault" or something more SF> useful? SF> None of the above. No "Segmentation fault" and no messages to SF> standard out or standard error. The only message I see is "Starting SF> virus scanner..." and the process later exits. Now, one thing I haven't SF> done (but will the next time it does this) is to run it in debugging mode SF> and keep it in the forground. >> Unfortunately, quite a lot happens after that maillog entry before SF> anything >> more happens that will log to maillog, so it's not a very good indicator SF> of >> where in MailScanner it died. I'll look at reimplementing some of the >> timeout code, as that's the only code I have ever written that has >> repeatedly caused Perl to segmentation fault. >> Does it still segmentation fault with all the spam checking switched off? >> That would help narrow it down a bit. SF> Right now, the only spam checking it's running is one of the RBLs. SF> SpamAssassin is disabled. >> Can you also try starting it in debug mode and see if it still dies at SF> the >> same place. And does it log anything more before it dies? The best way of >> starting it is with the check_mailscanner script. (Don't touch the SF> sendmail >> processes while doing this, they will happily carry on working) SF> I'll try that. >> >> You may well need to upgrade your version of Perl, a few people are >> >seeing >> >> Perl core-dump due to internal bugs in Perl itself. >> > >> > Because I installed SpamAssassin and used CPAN, I ended up with >> >Perl upgraded to 5.6.1 anyways. I've currently got SpamAssassin SF> disabled >> >in the MailScanner script because of the errors (tagging all messages) >> >being reported and discussed in the other thread on this list. >> Are you sure that you are using the upgraded Perl 5.6.1? You might have >> ended up with 2 copies of Perl installed on your system. Do a >> "/usr/bin/perl -v" just to check... SF> Very sure. I remarked to some friends to watch out if they were SF> running CPAN on a RedHat system and it tried to upgrade perl because the SF> default would go into /usr/local/bin. I had caught that when I saw it SF> and directed the perl build to use /usr for the prefix, but here is the SF> double check, anyways... SF> [mhw@alcove mhw]$ /usr/bin/perl -v SF> This is perl, v5.6.1 built for i586-linux >> I've seen SpamAssassin tag *a few* messages that it shouldn't have, but SF> the >> SA is_spam() routine definitely always says they are spam, so my code is >> only doing exactly what SpamAssassin says it should be. SF> Yeah, I've got SpamAssasin disabled in the MailScanner config SF> right now and am only using it from procmail. There are definitely some SF> problems there, expecially vis-a-vis exit codes. The code itself claims SF> there is a -e switch to enable a non-zero exit code on spam, but the SF> -e switch isn't even recognized. I haven't even looked into the API SF> calls yet or followed up over on the SpamAssassin side of the house. SF> The plain text reporting is working incredibly well, though, and I SF> like Vipul's Razor. Getting it to play nicey nicey with MailScanner SF> would be a nice benefit... SF> Oh... BTW... In one of your earlier messages I noticed a remark SF> that you had seen times when SpamAssassin didn't exit. I've noticed that SF> there are times when it takes a LONG time to exit. Seems to center SF> around the RBL checks and seems to correspond to sluggishness in the SF> DNS (which would make some sense). I have yet to see the spamassassin SF> command not eventually exit. I did have problems with MailScanner SF> initially, which I tracked down to the default of including the JANET SF> UK RBL which seems to cause the MailScanner to hang on my system. SF> Don't know if that is still the default in the lastest bundles, but SF> it caused me some serious headaches till I realized what was misconfigured. >> -- >> Julian Field Teaching Systems Manager >> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >> Tel. 023 8059 2817 University of Southampton >> Southampton SO17 1BJ SF> Mike SF> -- SF> Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com SF> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ SF> NIC whois: MHW9 | An optimist believes we live in the best of all SF> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw5pf0ACgkQLWek1tt+K51O3ACcDTtX3U/UWjkLidwYE0Y6+I2a zGsAnR5unNLASnAFfLBnj3a78wHmeWEE =7UDY -----END PGP SIGNATURE----- From mhw at WITTSEND.COM Mon Jan 7 14:33:00 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: References: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> Message-ID: <20020107093300.B3948@alcove.wittsend.com> On Mon, Jan 07, 2002 at 01:36:36PM +0000, Martin Sapsed wrote: > On Mon, 7 Jan 2002, Julian Field wrote: > > > Suggestion: Change "Multiple Headers" from "append" to "add" and see if it > > still dies. This has solved the problem for 1 user. Make that 2 users. > > I know this is only a temporary workaround, but it's better than not > > working at all :) > I've just done this change and fed it with a message I had stored which I > knew would break mailscanner and it worked ok. One of the common bits > between the messages I'd stored which failed was an existing Mailscanner > header... After reporting that mailscanner had been running for over 48 hours (I think I said 72, but that was wrong) I found that it had just failed. Three attempts to start it back up all failed immediately. Changed the append to add and it fired right up and processed the queue. Unfortunately I lied when I said I would take a snapshot of the queues next time. I forgot to do that before trying this, so I lost that test data. Damn... > Thanks Julian... > Martin > -- > Martin Sapsed To have no errors > Information Services Would be life without meaning > University of Wales, Bangor, LL57 2UX No struggle, no joy. > Fax: +44 (0)1248 383826 Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 14:29:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: brandon@TRAINIX.COM requested to join Message-ID: <200201071429.OAA09052@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 14:29:44 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Brandon Rich You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER brandon@TRAINIX.COM Brandon Rich PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER brandon@TRAINIX.COM Brandon Rich // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 14:43:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: mailscanner.list@FREEMODEM.CO.UK requested to join Message-ID: <200201071443.OAA09974@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 14:43:24 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from David Stone You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mailscanner.list@FREEMODEM.CO.UK David Stone PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mailscanner.list@FREEMODEM.CO.UK David Stone // EOJ From mhw at WITTSEND.COM Mon Jan 7 14:39:05 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020106120330.03541e58@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> Message-ID: <20020107093905.C3948@alcove.wittsend.com> On Mon, Jan 07, 2002 at 06:04:46AM +0000, Julian Field wrote: > If you kill the mailscanner process ("ps -fe | grep mailscan" then kill it) > then start it up with check_mailscanner, what does it print to the console? > Anything about a lack of configuration text? I got this when I upgraded my > perl but didn't re-install SpamAssassin afterwards. The perl > previous-version-searching doesn't work with SpamAssassin. Just tried that. Shut down mailscanner, then enabled spamassassin, then ran check_mailscanner. Just got the "Starting virus scanner..." message and no complaint about configuration text. I'll leave spamassassin on for a bit. > At 12:37 06/01/2002, you wrote: > >> -----Original Message----- > >> From: MailScanner mailing list On Behalf Of Julian Field > >> Sent: Sunday, January 06, 2002 1:05 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: SpamAssassin marks ALL mail as spam > >> > >> As SpamAssassin is saying it is spam, so is my code. I suspect > >> you have hit > >> a SpamAssassin bug (I've seen some strange behaviour sometimes too). I > >> suggest you contact the SpamAssassin guys for help. > > > >I think I hit a very strange situation. When I turn of SA in MailScanner > >and > >put the SA recipe in my .procmailrc, the mail checks out ok, with both the > >MailScanner and SA headers: > > > >X-Mailscanner: Found to be clean > >X-Spam-Status: No, hits=0 required=5 tests= > > > >So it's not really SA that marks the mail as spam when I do the test > >separate from the MailScanner proces. > >With these results, I don't have anything to 'slap' the SA developers > >with... > > > >I'll try to think of some more things I can test. I will post any results > >here. > > > >Thanks for your help. > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jkf at ecs.soton.ac.uk Mon Jan 7 14:43:59 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <20020107093300.B3948@alcove.wittsend.com> References: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020107143619.02938d28@imap.ecs.soton.ac.uk> At 14:33 07/01/2002, you wrote: >On Mon, Jan 07, 2002 at 01:36:36PM +0000, Martin Sapsed wrote: > > On Mon, 7 Jan 2002, Julian Field wrote: > > > Suggestion: Change "Multiple Headers" from "append" to "add" and see > if it > > > still dies. This has solved the problem for 1 user. > > Make that 2 users. Cool. I've got a possible fix (has worked for 1 user so far), which I will publish as soon as it has been tested rather more. If you fancy trying it for yourself, I would be interested to see if it works: 1. Go back to using "Multiple Headers = append" 2. In mta-specific.pl, remove the "i" from right near the end of lines 316, 322, 586, 589. Please tell me how you get on with this fix. If you are at all nervous about doing this, then don't. This is strictly for experts only. If the proposed fix really does solve the problem, I will publish a new release very soon that incorporates it. I would advise even those trying this fix to upgrade to the proper release when I create it. > > > I know this is only a temporary workaround, but it's better than not > > > working at all :) > > > I've just done this change and fed it with a message I had stored which I > > knew would break mailscanner and it worked ok. One of the common bits > > between the messages I'd stored which failed was an existing Mailscanner > > header... > > After reporting that mailscanner had been running for over 48 hours >(I think I said 72, but that was wrong) I found that it had just failed. >Three attempts to start it back up all failed immediately. Changed the >append to add and it fired right up and processed the queue. Unfortunately >I lied when I said I would take a snapshot of the queues next time. I >forgot to do that before trying this, so I lost that test data. Damn... > > > Thanks Julian... > > > Martin -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From tom at TILMANT.COM Mon Jan 7 14:48:51 2002 From: tom at TILMANT.COM (Tom Tilmant) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <000401c19642$9a6c95e0$65000a0a@ramws1> Message-ID: Was there a fix to this? I am also having the same problem running Mailscanner, SpamAssassin 1.5, and Vipul's Razor. Any suggestions? Tom -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Evert Jan van Ramselaar Sent: Saturday, January 05, 2002 3:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin marks ALL mail as spam > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Saturday, January 05, 2002 11:34 PM > Try inserting this before line 279 of sendmail.pl > Log::WarnLog("SpamAssassin said " . $spamness->is_spam() . > " so SAResult is $SAResult"); > then sending yourself some messages. Tell me what it prints in your log. Jan 6 00:37:18 ram1 mailscanner[30665]: MailScanner E-Mail Virus Scanner version 3.01 starting. Jan 6 00:37:19 ram1 mailscanner[30665]: Configuring mailscanner for sendmail... Jan 6 00:37:37 ram1 mailscanner[30668]: Startup: found 1 messages waiting Jan 6 00:37:37 ram1 mailscanner[30668]: Forwarding 1 clean messages, 1215 bytes Jan 6 00:37:38 ram1 mailscanner[30669]: SpamAssassin said 1 so SAResult is 1 Jan 6 00:37:38 ram1 mailscanner[30668]: Message AAA29161 is spam according to SpamAssassin Jan 6 00:37:38 ram1 mailscanner[30668]: About to deliver 1 messages Jan 6 00:38:08 ram1 mailscanner[30668]: Forwarding 1 clean messages, 1221 bytes Jan 6 00:38:08 ram1 mailscanner[30676]: SpamAssassin said 1 so SAResult is 1 Jan 6 00:38:08 ram1 mailscanner[30668]: Message AAA30673 is spam according to SpamAssassin Jan 6 00:38:08 ram1 mailscanner[30668]: About to deliver 1 messages -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From jkf at ecs.soton.ac.uk Mon Jan 7 14:54:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: References: <000401c19642$9a6c95e0$65000a0a@ramws1> Message-ID: <5.1.0.14.2.20020107145226.03fb8168@imap.ecs.soton.ac.uk> At 14:48 07/01/2002, you wrote: >Was there a fix to this? I am also having the same problem running >Mailscanner, SpamAssassin 1.5, and Vipul's Razor. Any suggestions? Not yet. I am going to need login and root access on someone's box to try to diagnose this one. I can't reproduce it myself here at all :-( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mhw at WITTSEND.COM Mon Jan 7 14:55:46 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <5.1.0.14.2.20020107143619.02938d28@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020107120449.0591d008@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020107143619.02938d28@imap.ecs.soton.ac.uk> Message-ID: <20020107095546.D3948@alcove.wittsend.com> On Mon, Jan 07, 2002 at 02:43:59PM +0000, Julian Field wrote: > At 14:33 07/01/2002, you wrote: > >On Mon, Jan 07, 2002 at 01:36:36PM +0000, Martin Sapsed wrote: > >> On Mon, 7 Jan 2002, Julian Field wrote: > >> > Suggestion: Change "Multiple Headers" from "append" to "add" and see > >if it > >> > still dies. This has solved the problem for 1 user. > > > > Make that 2 users. > Cool. > I've got a possible fix (has worked for 1 user so far), which I will > publish as soon as it has been tested rather more. If you fancy trying it > for yourself, I would be interested to see if it works: > 1. Go back to using "Multiple Headers = append" > 2. In mta-specific.pl, remove the "i" from right near the end of lines 316, > 322, 586, 589. That's a case independent flag on the match, right? That would be a strange one to cause it to warf. > Please tell me how you get on with this fix. If you are at all nervous > about doing this, then don't. This is strictly for experts only. I've made the change and restarted and so far so good. Unfortunately, I was a doofus and didn't save the "bad queues" as test data, so all I can do is wait... But it leaves me in one of those nasty negative premise situations where I don't know if it would have broken otherwise, sigh... > If the proposed fix really does solve the problem, I will publish a new > release very soon that incorporates it. > I would advise even those trying this fix to upgrade to the proper release > when I create it. :-> > >> > I know this is only a temporary workaround, but it's better than not > >> > working at all :) > > > >> I've just done this change and fed it with a message I had stored which I > >> knew would break mailscanner and it worked ok. One of the common bits > >> between the messages I'd stored which failed was an existing Mailscanner > >> header... > > > > After reporting that mailscanner had been running for over 48 hours > >(I think I said 72, but that was wrong) I found that it had just failed. > >Three attempts to start it back up all failed immediately. Changed the > >append to add and it fired right up and processed the queue. Unfortunately > >I lied when I said I would take a snapshot of the queues next time. I > >forgot to do that before trying this, so I lost that test data. Damn... > > > >> Thanks Julian... > > > >> Martin > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From evertjan at VANRAMSELAAR.NET Mon Jan 7 14:58:28 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> Message-ID: <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com> Julian Field said: > If you kill the mailscanner process ("ps -fe | grep mailscan" then kill > it) then start it up with check_mailscanner, what does it print to the > console? Anything about a lack of configuration text? I got this when I > upgraded my perl but didn't re-install SpamAssassin afterwards. The > perl previous-version-searching doesn't work with SpamAssassin. I can't try it right now, but I have done this before several times. I am sure Iget no errors on stdout. The only line I get is that it's being started. Do I _have_ to upgrade to the latest Perl version? I am using 5.005something. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From mhw at WITTSEND.COM Mon Jan 7 15:02:31 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com> References: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com> Message-ID: <20020107100231.F3948@alcove.wittsend.com> On Mon, Jan 07, 2002 at 03:58:28PM +0100, Evert Jan van Ramselaar wrote: > Julian Field said: > > If you kill the mailscanner process ("ps -fe | grep mailscan" then kill > > it) then start it up with check_mailscanner, what does it print to the > > console? Anything about a lack of configuration text? I got this when I > > upgraded my perl but didn't re-install SpamAssassin afterwards. The > > perl previous-version-searching doesn't work with SpamAssassin. > I can't try it right now, but I have done this before several times. I am > sure Iget no errors on stdout. The only line I get is that it's being started. Yeah, I also get no errors and the problem persists. > Do I _have_ to upgrade to the latest Perl version? I am using 5.005something. ??? If you installed SpamAssassin through CPAN, how did you AVOID upgrading to 5.6.1? Following the instructions in the README for installing Mail::Audit pretty much results in that, unless you installed everything by hand. > -- > Evert Jan van Ramselaar > Van Ramselaar Info Tech Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From nwp at LEMON-COMPUTING.COM Mon Jan 7 15:02:47 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com>; from evertjan@VANRAMSELAAR.NET on Mon, Jan 07, 2002 at 03:58:28PM +0100 References: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com> Message-ID: <20020107150247.R20462@lemon-computing.com> On Mon, Jan 07, 2002 at 03:58:28PM +0100, Evert Jan van Ramselaar wrote: > Do I _have_ to upgrade to the latest Perl version? I am using 5.005something. Stick with it if I were you, unless this Razor thingy absolutely requires 5.6; 5.005 doesn't seem to segfault left right and centre. Touch wood. -- Nick Phillips -- nwp@lemon-computing.com Today is National Existential Ennui Awareness Day. From jkf at ecs.soton.ac.uk Mon Jan 7 15:10:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <23286.80.79.97.7.1010415508.squirrel@mail.vr-it.com> References: <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020107060301.033aa8d8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020107151048.03cdb7f0@imap.ecs.soton.ac.uk> At 14:58 07/01/2002, you wrote: >Julian Field said: > > If you kill the mailscanner process ("ps -fe | grep mailscan" then kill > > it) then start it up with check_mailscanner, what does it print to the > > console? Anything about a lack of configuration text? I got this when I > > upgraded my perl but didn't re-install SpamAssassin afterwards. The > > perl previous-version-searching doesn't work with SpamAssassin. > >I can't try it right now, but I have done this before several times. I am >sure Iget no errors on stdout. The only line I get is that it's being started. > >Do I _have_ to upgrade to the latest Perl version? I am using 5.005something. 5.005something should be fine. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Mon Jan 7 15:56:21 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: <20020107115821.F20462@lemon-computing.com> Message-ID: On Mon, 7 Jan 2002, Nick Phillips wrote: > On Sun, Jan 06, 2002 at 03:44:11PM -0500, Christopher Hicks wrote: > > I think there's an opportunity here for a more general feature. > This could get ridiculously complex, couldn't it? No. I think it would be much simpler. $RecipCfg = { bob@domain.com => { Scan => 'No', }, tom@domain.com => { Spam => 'Delete', }, kim@domain.com => { # gets lots of virus, lets be insanely thorough SpamScanners => [innoculate,fprot,sophos], }, }; How would you express that in sendmail.cf? > Wouldn't it be better to use some kind of filter in the MTA config > after it's passed through mailscanner? Better? Not noticably. Easier? Certainly not. I like sendmail, but I wouldn't want to have to force it to do this sort of thing. For one thing, I like the same sendmail.cf being usable for the incoming and outgoing queues. That wouldn't work if it the outgoing queue had to enable various filters. But even more importantly, given the choice between making sendmail filter or adding the functionality into mailscanner myself, I'd much rather write perl. And that way, once I add mailscanner to my qmail boxes I don't have to worry about dorking with qmail to get it to do what I want either. > I'd rather not see too much duplicated complexity between mailscanner > and MTAs - especially with MTAs' histories of getting it wrong. Broke MTA's would seem to make doing it right once much more sensible. :) -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From nwp at LEMON-COMPUTING.COM Mon Jan 7 16:44:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: ; from chicks@CHICKS.NET on Mon, Jan 07, 2002 at 10:56:21AM -0500 References: <20020107115821.F20462@lemon-computing.com> Message-ID: <20020107164440.T20462@lemon-computing.com> On Mon, Jan 07, 2002 at 10:56:21AM -0500, Christopher Hicks wrote: > On Mon, 7 Jan 2002, Nick Phillips wrote: > > On Sun, Jan 06, 2002 at 03:44:11PM -0500, Christopher Hicks wrote: > > > I think there's an opportunity here for a more general feature. > > This could get ridiculously complex, couldn't it? > > No. I think it would be much simpler. You're mistaken. Honest. Trust me [cheesey smile]... > $RecipCfg = { > bob@domain.com => { > Scan => 'No', > }, > tom@domain.com => { > Spam => 'Delete', > }, > kim@domain.com => { > # gets lots of virus, lets be insanely thorough > SpamScanners => [innoculate,fprot,sophos], > }, > }; Users don't write perl. > How would you express that in sendmail.cf? I don't use sendmail. OK, so that's a cheat's answer, but I'd put something like this: if ("${if exists {/home/$sender_address_local_part/.nospam} {1}{0}}" is "1") and $h_X-MailScanner-Spam: contains "spamassassin" then fail text "This looks like spam to me..." endif in my Exim system filter. > > Wouldn't it be better to use some kind of filter in the MTA config > > after it's passed through mailscanner? > > Better? Not noticably. Better: the complexity is kept in one place (the MTA), which has had years of practice to get it right. MTAs have historically been insecure because they are complex. Speaking for myself, I don't want mailscanner to get more complex than it has to be, because that *will* introduce bugs. Better: one less thing for an admin to learn; an admin will almost certainly have to learn how to do things like delivery dependent on header matching with their MTA/MDA combination anyway, so why make them learn how to do it with mailscanner too? Better: less bloat. > Easier? Certainly not. I like sendmail, but I > wouldn't want to have to force it to do this sort of thing. For one > thing, I like the same sendmail.cf being usable for the incoming and > outgoing queues. That wouldn't work if it the outgoing queue had to > enable various filters. But even more importantly, given the choice > between making sendmail filter or adding the functionality into > mailscanner myself, I'd much rather write perl. And that way, once I > add mailscanner to my qmail boxes I don't have to worry about dorking with > qmail to get it to do what I want either. Easier: one less thing to learn, as above. Easier: yes you could still use the same sendmail config. Easier: no perl coding to do. Easier: you only have to maintain filtering in one place. Easier: easier to configure mailscanner "correctly" (so as not to let bad things happen when/where they shouldn't). Seriously, if sendmail (or procmail) scares you to the point that you don't like the idea of making it filter based on a header, you shouldn't be using it - find something you can understand and make behave as desired. > > I'd rather not see too much duplicated complexity between mailscanner > > and MTAs - especially with MTAs' histories of getting it wrong. > > Broke MTA's would seem to make doing it right once much more sensible. :) To butcher several quotes: "Those that do not learn from history are condemned to repeat it, badly" Complexity == bad. Every time we make it possible to misconfigure mailscanner in such a way as to do Bad Things, we condemn some poor sod to lose mail/get viruses/whatever in exactly that way. Murphy's Law. Goodness me, the random .sig generator comes up with an appropriate one yet again... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson From jkha at HPLB.HPL.HP.COM Mon Jan 7 17:29:06 2002 From: jkha at HPLB.HPL.HP.COM (John Hawkes-Reed) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients References: <20020107115821.F20462@lemon-computing.com> <20020107164440.T20462@lemon-computing.com> Message-ID: <3C39DAE2.735DDDC3@hplb.hpl.hp.com> Nick Phillips wrote: [I'm only seeing half of this, unfortunately] > On Mon, Jan 07, 2002 at 10:56:21AM -0500, Christopher Hicks wrote: [ On per-user config within the MTA ] > > No. I think it would be much simpler. > > You're mistaken. Honest. Trust me [cheesey smile]... It won't scale, for one thing... [ ... ] > > How would you express that in sendmail.cf? It's not really sendmail's problem. The MTA should just be in the business of recieving messages, potentially implementing some domain-wide munging (outbound masquerade, for instance) and then handing the messages off for 'local' delivery to a mail-store. The mail-store's the only bit of kit that really needs to know anything about users, so if there's per-user decisions to be made, that would seem to be the place. For instance, tagging some perl onto the end of the 'change my POP/IMAP password' web-page that drops one of three procmail scripts into the user's homedir, depending on the state of a 'do nothing/tag spam/delete spam' radio-button would be easy. Well, that's what I plan to do, anyway... [ ... ] > Complexity == bad. > > Every time we make it possible to misconfigure mailscanner in such a way as > to do Bad Things, we condemn some poor sod to lose mail/get viruses/whatever > in exactly that way. Murphy's Law. Yes. Absolutely. -- John Hawkes-Reed Unix hacker. RIT Bristol. T:(0117) 312-8787 From chicks at CHICKS.NET Mon Jan 7 17:46:30 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: <20020107164440.T20462@lemon-computing.com> Message-ID: This has devolved almost beyond the point of being useful. I'm probably going to write something to do what I want within the next few months and put the patch out there if somebody else doesn't beat me to it. If anybody is interesting in participating in building something like this, plesae let me know directly. On Mon, 7 Jan 2002, Nick Phillips wrote: > On Mon, Jan 07, 2002 at 10:56:21AM -0500, Christopher Hicks wrote: > > On Mon, 7 Jan 2002, Nick Phillips wrote: > > > On Sun, Jan 06, 2002 at 03:44:11PM -0500, Christopher Hicks wrote: > > > > I think there's an opportunity here for a more general feature. > > > This could get ridiculously complex, couldn't it? > > No. I think it would be much simpler. > You're mistaken. Honest. Trust me [cheesey smile]... Err, no. > > $RecipCfg = { > > bob@domain.com => { > > Scan => 'No', > > }, > > tom@domain.com => { > > Spam => 'Delete', > > }, > > kim@domain.com => { > > # gets lots of virus, lets be insanely thorough > > SpamScanners => [innoculate,fprot,sophos], > > }, > > }; > > Users don't write perl. The point was to show the concept. Making a user-readable config file could be even simpler. > > How would you express that in sendmail.cf? > > I don't use sendmail. OK, so that's a cheat's answer, but I'd put something > like this: > > if ("${if exists {/home/$sender_address_local_part/.nospam} {1}{0}}" is "1") > and $h_X-MailScanner-Spam: contains "spamassassin" > then > fail text "This looks like spam to me..." > endif > > in my Exim system filter. That isn't even a cheat answer, it's a non-answer. > > > Wouldn't it be better to use some kind of filter in the MTA config > > > after it's passed through mailscanner? > > > > Better? Not noticably. > > Better: the complexity is kept in one place (the MTA), which has had > years of practice to get it right. MTAs have historically been > insecure because they are complex. Speaking for myself, I don't want > mailscanner to get more complex than it has to be, because that *will* > introduce bugs. Ah, but the complexity isn't kept in one place, it's kept in many. Many of us run a variety of MTA's. I run sendmail for user-level stuff and backup MX's, and qmail for ezmlm. All three contexts make mailscanner relevant and all of them may need to be customized based on the recipient. Maintaining what is essentially the customization of mailscanner within mailscanner makes much more sense than making a gazillion different MTA's do it. > Better: one less thing for an admin to learn; an admin will almost > certainly have to learn how to do things like delivery dependent on > header matching with their MTA/MDA combination anyway, so why make > them learn how to do it with mailscanner too? Because the issue exists beyond that. Everything mailscanner does can't be simplified to a header-based filter. You're trying to use a saw when you need a hammer. > Better: less bloat. Precisely what I'm looking for. > > Easier? Certainly not. I like sendmail, but I > > wouldn't want to have to force it to do this sort of thing. For one > > thing, I like the same sendmail.cf being usable for the incoming and > > outgoing queues. That wouldn't work if it the outgoing queue had to > > enable various filters. But even more importantly, given the choice > > between making sendmail filter or adding the functionality into > > mailscanner myself, I'd much rather write perl. And that way, once I > > add mailscanner to my qmail boxes I don't have to worry about dorking with > > qmail to get it to do what I want either. > > Easier: one less thing to learn, as above. I know perl, sendmail, and qmail. But I know perl a heck of a lot better and it integrates with everything else we're using and going to use for the forseeable future. > Easier: yes you could still use the same sendmail config. You haven't shown how to do the issues in question in sendmail and it is quite easy to conceive of situations where it can't be done by the MTA at all. > Easier: no perl coding to do. Take 100 admins who can code perl as well as Randal and sendmail as well as Eric Allman and most would prefer to code in perl! I suspect Eric would fall in that category himself. > Easier: you only have to maintain filtering in one place. (A) This isn't simply filtering. (B) Maintaining it in one place (within mailscanner) is the whole point. > Easier: easier to configure mailscanner "correctly" (so as not to let > bad things happen when/where they shouldn't). If you don't add user-specific configs, nothing changes. It's like pine. The feature isn't there unless you choose to go turn it on. No harm done. > Seriously, if sendmail (or procmail) scares you to the point that you > don't like the idea of making it filter based on a header, you > shouldn't be using it - find something you can understand and make > behave as desired. sendmail doesn't scare me. I do understand it. I like it even. I've played with the sendmail.cf calculator and all. But sendmail is poor at a variety of things and ghastly at others. sendmail makes a very poor tool with which to configure mailscanner, for instance. > > > I'd rather not see too much duplicated complexity between mailscanner > > > and MTAs - especially with MTAs' histories of getting it wrong. > > > > Broke MTA's would seem to make doing it right once much more sensible. :) > > To butcher several quotes: > "Those that do not learn from history are condemned to repeat it, badly" > > Complexity == bad. Precisely. Trying to configure mailscanner via the MTA is complex and will only get more complex as people try to do more interesting things. > Every time we make it possible to misconfigure mailscanner in such a > way as to do Bad Things, we condemn some poor sod to lose mail/get > viruses/whatever in exactly that way. Murphy's Law. If a recipient doesn't have anything specifically configured for them, they get the defaults. There's little harm done. -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From jkf at ecs.soton.ac.uk Mon Jan 7 18:31:07 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020107145226.03fb8168@imap.ecs.soton.ac.uk> References: <000401c19642$9a6c95e0$65000a0a@ramws1> Message-ID: <5.1.0.14.2.20020107182825.02c1f2d8@hawk.ecs.soton.ac.uk> At 14:54 07/01/2002, you wrote: >At 14:48 07/01/2002, you wrote: >>Was there a fix to this? I am also having the same problem running >>Mailscanner, SpamAssassin 1.5, and Vipul's Razor. Any suggestions? > >Not yet. I am going to need login and root access on someone's box to try >to diagnose this one. I can't reproduce it myself here at all :-( I have found a solution to this problem that works where I have so far tried it. If you want to try it out tonight, comment out line 49 of sendmail.pl (the line that calls "compile_now()"). It will cause a slight performance hit, but that's fine if it fixes a reliability issue. If you try out this fix, please tell me whether it works for you or not! The fix for this will be included in release 3.02-1, which I intend putting together tomorrow if I get time. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Mon Jan 7 18:47:59 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020107182825.02c1f2d8@hawk.ecs.soton.ac.uk> Message-ID: <000001c197ab$d43d6640$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Monday, January 07, 2002 7:31 PM > I have found a solution to this problem that works where I have so far > tried it. If you want to try it out tonight, comment out line 49 of > sendmail.pl (the line that calls "compile_now()"). It will cause a slight > performance hit, but that's fine if it fixes a reliability issue. Ok, I implemented this fix, and first tests work out fine. Messages get through without being marked as spam wrongly. Now let's hope real spam does get marked... Thank god I don't get that much of it... :D Seems we are on the right track now. Wouldn't it be nice to add an extra header to all messages when spam checking is turned on, stating if it's spam or not? Thanks for your efforts, -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From nwp at LEMON-COMPUTING.COM Mon Jan 7 18:56:11 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: ; from chicks@CHICKS.NET on Mon, Jan 07, 2002 at 12:46:30PM -0500 References: <20020107164440.T20462@lemon-computing.com> Message-ID: <20020107185611.V20462@lemon-computing.com> On Mon, Jan 07, 2002 at 12:46:30PM -0500, Christopher Hicks wrote: > This has devolved almost beyond the point of being useful. I'm probably > going to write something to do what I want within the next few months and > put the patch out there if somebody else doesn't beat me to it. If > anybody is interesting in participating in building something like this, > plesae let me know directly. I'm feel like there must be a better way; if discussing/arguing about it helps find that way, so much the better... > > Users don't write perl. > > The point was to show the concept. Making a user-readable config file > could be even simpler. OK, so a dead simple config file. Like one with a list of addresses for which spam should be bounced, or one with a list of addresses for which mail should not be scanned, or whatever. It's going to be a lot of work either to keep that/them up-to-date, or to automate the process. If you are able to automate the process, why not do as someone else suggested, and automate dumping a procmail recipe into users' home directories? > > I don't use sendmail. OK, so that's a cheat's answer, but I'd put something > > like this: > > > > if ("${if exists {/home/$sender_address_local_part/.nospam} {1}{0}}" is "1") > > and $h_X-MailScanner-Spam: contains "spamassassin" > > then > > fail text "This looks like spam to me..." > > endif > > > > in my Exim system filter. > > That isn't even a cheat answer, it's a non-answer. How so? It achieves what I understood to be the desired aim of not delivering spam on a per-user basis. If you're talking about whether to scan or not on a per-user basis, then I agree that it may be worth adding support to mailscanner to configure scanning/not scanning on a per-domain basis, but per-user is IMO pushing it. > Ah, but the complexity isn't kept in one place, it's kept in many. Many > of us run a variety of MTA's. I run sendmail for user-level stuff and > backup MX's, and qmail for ezmlm. All three contexts make mailscanner > relevant and all of them may need to be customized based on the recipient. > Maintaining what is essentially the customization of mailscanner within > mailscanner makes much more sense than making a gazillion different MTA's > do it. Again, if you're talking about scanning-or-not, then per-user or per-domain config can obviously *only* be done within mailscanner. I've (possibly kind of) agreed with you about that above, so back to the spam - I see it more as a delivery-kind-of-thing, over which an individual user can easily be given control with no modifications to mailscanner required. > Because the issue exists beyond that. Everything mailscanner does can't > be simplified to a header-based filter. You're trying to use a saw when > you need a hammer. Again, depends what we're talking about. > > Better: less bloat. > > Precisely what I'm looking for. Glad we agree wholeheartedly on something ;) > > > Easier? Certainly not. I like sendmail, but I > > > wouldn't want to have to force it to do this sort of thing. For one > > > thing, I like the same sendmail.cf being usable for the incoming and > > > outgoing queues. That wouldn't work if it the outgoing queue had to > > > enable various filters. Shurely (for the Private Eye readers amongst you) the fact that you filter based on a header makes no difference to whether or not the config works for both queues, especially if you only do it for messages which you are actually delivering. Or maybe I'm just seeing things in an Exim-centric way. Please enlighten further. > But even more importantly, given the choice > > > between making sendmail filter or adding the functionality into > > > mailscanner myself, I'd much rather write perl. And that way, once I > > > add mailscanner to my qmail boxes I don't have to worry about dorking with > > > qmail to get it to do what I want either. a) Clearly you do have the choice; feel free :) b) It'd be great to have qmail support for mailscanner... if there's anything I can do to help without going so far as installing qmail, shout. [why do I still feel like I might live to regret saying that?? ;) ] > > Easier: one less thing to learn, as above. > > I know perl, sendmail, and qmail. But I know perl a heck of a lot better > and it integrates with everything else we're using and going to use for > the forseeable future. But for most users, they will know their MTA and their MDA, and the simper this new mailscanner thingy is, the better. > > Easier: yes you could still use the same sendmail config. > > You haven't shown how to do the issues in question in sendmail and it is > quite easy to conceive of situations where it can't be done by the MTA at > all. I don't feel a burning desire to learn the intricacies of sendmail.cf in order to demonstrate this; instead, I would expound the virtues of an MTA with a human-comprehensible configuration. Like Exim. Or maybe Postfix or Qmail even, but I'm not familiar with either of those two. Either way, since that's presumably not what anyone wants to hear, I won't. Much. > Take 100 admins who can code perl as well as Randal and sendmail as well > as Eric Allman and most would prefer to code in perl! I suspect Eric > would fall in that category himself. ;) Take 100 admins who are familiar with both Exim and sendmail... no, I said I wouldn't. > > Easier: you only have to maintain filtering in one place. > > (A) This isn't simply filtering. (B) Maintaining it in one place (within > mailscanner) is the whole point. (a) then those bits that aren't need to be considered separately; (b) I don't expect generic procmail-style filtering to be added to mailscanner any time soon. > > Easier: easier to configure mailscanner "correctly" (so as not to let > > bad things happen when/where they shouldn't). > > If you don't add user-specific configs, nothing changes. It's like pine. > The feature isn't there unless you choose to go turn it on. No harm done. Fine in theory, but in the Real World, I doubt it. > sendmail doesn't scare me. I do understand it. I like it even. I've > played with the sendmail.cf calculator and all. But sendmail is poor at a > variety of things and ghastly at others. sendmail makes a very poor tool > with which to configure mailscanner, for instance. And I wouldn't want to use it for that purpose. I think we must have had a little misunderstanding somewhere. > > Complexity == bad. > > Precisely. Trying to configure mailscanner via the MTA is complex and > will only get more complex as people try to do more interesting things. See above. > > Every time we make it possible to misconfigure mailscanner in such a > > way as to do Bad Things, we condemn some poor sod to lose mail/get > > viruses/whatever in exactly that way. Murphy's Law. > > If a recipient doesn't have anything specifically configured for them, > they get the defaults. There's little harm done. Again, that's avoiding the issue of longer-term configuration management. Anyway, Jules is the one who makes the decisions, and one of the reasons I like working with him is that he's far more ruthless than me about rejecting feature requests/bloat/whatever... still I must admit I can imagine a reasonably elegant implementation of per-domain configuration. Cheers, Nick P.S. Oh look, another perfectly relevant yet random .sig... -- Nick Phillips -- nwp@lemon-computing.com It may or may not be worthwhile, but it still has to be done. From evertjan at VANRAMSELAAR.NET Mon Jan 7 18:59:05 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <000001c197ab$d43d6640$65000a0a@ramws1> Message-ID: <000101c197ad$60d8c580$65000a0a@ramws1> I wrote: > Now let's hope real spam does get marked... Ok, I managed to send myself an email which triggered enough SA rules to be marked as spam. And it worked! -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From jkf at ecs.soton.ac.uk Mon Jan 7 19:15:12 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: <20020107185611.V20462@lemon-computing.com> References: <20020107164440.T20462@lemon-computing.com> Message-ID: <5.1.0.14.2.20020107191353.02b0c050@hawk.ecs.soton.ac.uk> Can we possibly move this discussion off the list please? It is getting really rather high-volume, and I think that a summary of conclusions at the end of the discussion would be more useful to most readers than a blow-by-blow account of every possible argument involved. Thankyou. Jules (List Owner) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jbayer at bayerfamily.net Mon Jan 7 17:14:30 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Message-ID: <7914310036.20020107121430@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello MAILSCANNER, I'm trying to get MRTG to report on my mail statistics. I have MRTG running properly, and it seems to create the directories and files. It even properly gets the number from the sendmail.logs.pl script, as the MRTG log files show me. My problem is that MRTG is not reporting ANY e-mail at all. I've tried changing the Interval to 300 seconds and running it by hand every 5 minutes with a set of log files, but nothing is reported. I'm using the config and script as posted on the web site, with the obvious modifications made for my installation. Any ideas? MRTG is running on my system in a normal, SMNP mode to report on some high-speed switches, so I know it is ok. MRTG version is 2.9.17 Thanks in advance. JBB Jonathan B. Bayer mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw513YACgkQLWek1tt+K50Y5ACfdVNOGZ995ildYvn8ydKF1Iv3 3noAnjt4N0pOl4fHaYo7E/0gpqihpP+Q =ZVrF -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: vCard.vcf Type: text/x-vcard Size: 613 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020107/5a45c4cd/vCard.vcf From jbayer at bayerfamily.net Mon Jan 7 19:43:03 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG In-Reply-To: <7914310036.20020107121430@bayerfamily.net> References: <7914310036.20020107121430@bayerfamily.net> Message-ID: <2623223383.20020107144303@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I found the problem, it was configured to not show a daily graph. JBB Monday, January 07, 2002, 12:14:30 PM, you wrote: JBB> -----BEGIN PGP SIGNED MESSAGE----- JBB> Hash: SHA1 JBB> Hello MAILSCANNER, JBB> I'm trying to get MRTG to report on my mail statistics. JBB> I have MRTG running properly, and it seems to create the directories and JBB> files. It even properly gets the number from the sendmail.logs.pl JBB> script, as the MRTG log files show me. JBB> My problem is that MRTG is not reporting ANY e-mail at all. I've tried JBB> changing the Interval to 300 seconds and running it by hand every 5 JBB> minutes with a set of log files, but nothing is reported. JBB> I'm using the config and script as posted on the web site, with the JBB> obvious modifications made for my installation. JBB> Any ideas? JBB> MRTG is running on my system in a normal, SMNP mode to report on some JBB> high-speed switches, so I know it is ok. JBB> MRTG version is 2.9.17 JBB> Thanks in advance. JBB> JBB JBB> Jonathan B. Bayer mailto:jbayer@bayerfamily.net JBB> -----BEGIN PGP SIGNATURE----- JBB> Version: GnuPG v1.0.6 (MingW32) JBB> Comment: For info see http://www.gnupg.org JBB> iEYEARECAAYFAjw513YACgkQLWek1tt+K50Y5ACfdVNOGZ995ildYvn8ydKF1Iv3 JBB> 3noAnjt4N0pOl4fHaYo7E/0gpqihpP+Q JBB> =ZVrF JBB> -----END PGP SIGNATURE----- - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw5+kgACgkQLWek1tt+K51AzgCcCKc3tAM95cBMRnOxT+9xWCUK 0HMAoIEWXjpbnOkScmamumD7ukWQ6YYG =k8Xh -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 20:23:43 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: rabollinger@ATTBI.COM requested to join Message-ID: <200201072023.UAA00569@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 20:23:43 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Rich Bollinger You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rabollinger@ATTBI.COM Rich Bollinger PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rabollinger@ATTBI.COM Rich Bollinger // EOJ From chicks at CHICKS.NET Mon Jan 7 21:07:27 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: <20020107185611.V20462@lemon-computing.com> Message-ID: On Mon, 7 Jan 2002, Nick Phillips wrote: > If you are able to automate the process, why not do as someone else > suggested, and automate dumping a procmail recipe into users' home > directories? Because, as I originally explained, the users do not exist on the mail server in question. They're reading e-mail off of a variety of remote POP servers. Dropping in procmail recipes doesn't work on NT boxes or boxes where the POP users don't have UNIX user accounts. My hope is to migrate all of my POP-only users away from having UNIX user accounts to help security. Again, I really like procmail. I have a 10k .procmailrc that I've been tweaking for seven or eight years. It's just not a solution to the problem in question. > How so? It achieves what I understood to be the desired aim of not > delivering spam on a per-user basis. Does it work in sendmail which the majority of people use? No. So it didn't answer the question. > If you're talking about whether to scan or not on a per-user basis, > then I agree that it may be worth adding support to mailscanner to > configure scanning/not scanning on a per-domain basis, but per-user is > IMO pushing it. There's basically no difference from a systems design perspective. If the one is OK, the other is too. > Again, if you're talking about scanning-or-not, then per-user or > per-domain config can obviously *only* be done within mailscanner. > I've (possibly kind of) agreed with you about that above, so back to > the spam - I see it more as a delivery-kind-of-thing, over which an > individual user can easily be given control with no modifications to > mailscanner required. But if we're modifying mailscanner to allow scanning-or-not, what harm is there in making it a bit more poweful and allowing some other logical options to be tweaked? > > > Better: less bloat. > > Precisely what I'm looking for. > Glad we agree wholeheartedly on something ;) [cheering.] > > > > Easier? Certainly not. I like sendmail, but I > > > > wouldn't want to have to force it to do this sort of thing. For one > > > > thing, I like the same sendmail.cf being usable for the incoming and > > > > outgoing queues. That wouldn't work if it the outgoing queue had to > > > > enable various filters. > > Shurely (for the Private Eye readers amongst you) the fact that you filter > based on a header makes no difference to whether or not the config works > for both queues, especially if you only do it for messages which you are > actually delivering. Or maybe I'm just seeing things in an Exim-centric way. > Please enlighten further. Presuming you came up with someway pre-procmail for sendmail to allow such filtering, you wouldn't want that to be occuring on the incoming sendmail. Doing it twice may or may not work, depending on how the filter is setup. Presuming it does work, why do it twice? It's just a waste. > b) It'd be great to have qmail support for mailscanner... if there's > anything I can do to help without going so far as installing qmail, > shout. [why do I still feel like I might live to regret saying that?? > ;) ] qmail is an odd bird. I wouldn't fight with it except that ezmlm is so wonderful. I haven't tried pushing mailscanner over there yet. I'm deploying it gradually. So, you have a while before we get to see if you regret it. > > > Easier: one less thing to learn, as above. > > > > I know perl, sendmail, and qmail. But I know perl a heck of a lot better > > and it integrates with everything else we're using and going to use for > > the forseeable future. > > But for most users, they will know their MTA and their MDA, and the > simper this new mailscanner thingy is, the better. Yes. But adding the feature as I conceive it doesn't complicate anything for those people whatsoever. It's there if you want to go use, otherwise it doesn't come over and bite you. > I don't feel a burning desire to learn the intricacies of sendmail.cf > in order to demonstrate this; instead, I would expound the virtues of > an MTA with a human-comprehensible configuration. Like Exim. Or maybe > Postfix or Qmail even, but I'm not familiar with either of those two. > Either way, since that's presumably not what anyone wants to hear, I > won't. Much. sendmail has it's warts. It's also had a number of warts removed in a very public and embarassing way. But for most people running UNIX's out of the box, it just works. For me, it does things that I can't easily do with the others yet. > > Take 100 admins who can code perl as well as Randal and sendmail as well > > as Eric Allman and most would prefer to code in perl! I suspect Eric > > would fall in that category himself. > > ;) Take 100 admins who are familiar with both Exim and sendmail... > no, I said I wouldn't. Your distaste for sendmail is perfectly reasonable. I sympathise to a large degree. It can be a real bear. But for the majority of people out there, it is the ONLY mta. Discussing mailscanner's future features based on exim or qmail simply isn't relevant for the vast majority of systems and admins out there. > > > Easier: you only have to maintain filtering in one place. > > > > (A) This isn't simply filtering. (B) Maintaining it in one place (within > > mailscanner) is the whole point. > > (a) then those bits that aren't need to be considered separately; > (b) I don't expect generic procmail-style filtering to be added to mailscanner > any time soon. Neither do I. I'm not trying to create generic filtering. I'm not trying to replace the MTA. I'm just trying to configure mailscanner dynamically based on recipient. My personal trivial goal of that is to be able to drop spam from those who don't want it. The other logical option is to get clueless newbies to configure Outlook, Eudora, and Netscape. I could make web pages for all of that and still have to walk most of them through it over the phone. It's easier to fix it on the server. I'm lazy. I use perl. Go figure. > > > Easier: easier to configure mailscanner "correctly" (so as not to let > > > bad things happen when/where they shouldn't). > > > > If you don't add user-specific configs, nothing changes. It's like pine. > > The feature isn't there unless you choose to go turn it on. No harm done. > > Fine in theory, but in the Real World, I doubt it. Doubt is good. Yet I've seen no substance to your doubt. You agree, even, that per-domain config of mailscanner makes sense. So, why doesn't per-recip make sense? From a design perspective the difference is non-existant. (sendmail's virtusertable comes to mind. The virtusertable cleanly handles entire domains or single users without any trouble.) > > > Every time we make it possible to misconfigure mailscanner in such a > > > way as to do Bad Things, we condemn some poor sod to lose mail/get > > > viruses/whatever in exactly that way. Murphy's Law. > > > > If a recipient doesn't have anything specifically configured for them, > > they get the defaults. There's little harm done. > > Again, that's avoiding the issue of longer-term configuration management. I disagree. :) The long-term maintenance of the thing is my prime motivation. Coordinating configuration across dozens of different machines running nasty software that I don't control and an (mercifully) not responsible for is far harder than maintaining it in a few central places. I don't have a random sig-generator, but here's one of my favs: -- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "It never does quite what I want. I wish Christopher Robin was here." From chicks at CHICKS.NET Mon Jan 7 21:08:29 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:13 2006 Subject: Excluding Certain Recipients In-Reply-To: <5.1.0.14.2.20020107191353.02b0c050@hawk.ecs.soton.ac.uk> Message-ID: On Mon, 7 Jan 2002, Julian Field wrote: > Can we possibly move this discussion off the list please? > > It is getting really rather high-volume, and I think that a summary of > conclusions at the end of the discussion would be more useful to most > readers than a blow-by-blow account of every possible argument > involved. Sorry. I didn't see that before I responded to the previous message. Please accept my apologies. -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From mhw at WITTSEND.COM Mon Jan 7 21:30:54 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: SpamAssassin marks ALL mail as spam In-Reply-To: <5.1.0.14.2.20020107182825.02c1f2d8@hawk.ecs.soton.ac.uk> References: <000401c19642$9a6c95e0$65000a0a@ramws1> <5.1.0.14.2.20020107182825.02c1f2d8@hawk.ecs.soton.ac.uk> Message-ID: <20020107163054.A354@alcove.wittsend.com> On Mon, Jan 07, 2002 at 06:31:07PM +0000, Julian Field wrote: > At 14:54 07/01/2002, you wrote: > >At 14:48 07/01/2002, you wrote: > >>Was there a fix to this? I am also having the same problem running > >>Mailscanner, SpamAssassin 1.5, and Vipul's Razor. Any suggestions? > > > >Not yet. I am going to need login and root access on someone's box to try > >to diagnose this one. I can't reproduce it myself here at all :-( > I have found a solution to this problem that works where I have so far > tried it. If you want to try it out tonight, comment out line 49 of > sendmail.pl (the line that calls "compile_now()"). It will cause a slight > performance hit, but that's fine if it fixes a reliability issue. Since I can work as well from the office or the house to either location, I didn't have to wait till tonight... :-) This is a major improvement. So far, I've only seen one "anomoly". I saw a message tagged as spam by MailScanner and the spamcheck was SpamAssassin but the subsequent run by SpamAssassin had tagged the message with -2 (yes, that's negative two) hits with a threshold of 6 (what I have in my preferences). I've been expecting a few discrepancies because the system global preference is 5. It was the -2 hits that caught my attention. Oh, and it was not spam... The SpamAssassin reports and check headers are nice for evaluating why something was (or was not) tagged to fine tune performance. Unfortunately, since the procmail run did NOT tag it as spam, I don't have the verbose report of the individual tests to see what test generated the negative bias. What did come out in the headers was this: X-Mailscanner: Found to be clean X-Mailscanner-Spamcheck: SpamAssassin X-Spam-Status: No, hits=-2 required=6 tests=SUBJ_HAS_Q_MARK, BALANCE_FOR_LONG,BALANCE_FOR_LONG,MAILTO_LINK The "SUBJ_HAS_Q_MARK" is bogus because it's triggering on the modified {SPAM?} insertion in the subject (I think I'll change that just to avoid that collision). So far, outside of that one anomoly (and it's the only message I have seen with a negative hits) the spamassassin results from MailScanner and the spamassassin results from procmail are in complete agreement. > If you try out this fix, please tell me whether it works for you or not! So far, seems to be working with the one noted anomoly that I'm going to investigate further. Looks like, with this and the crashing fix, you're two for two on the day. :-) > The fix for this will be included in release 3.02-1, which I intend putting > together tomorrow if I get time. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From tyler at beloit.edu Mon Jan 7 21:36:43 2002 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:13 2006 Subject: Stopping delivery feature??? Message-ID: <200201072136.PAA11550@beloit.edu> Mailscanner experts, While its nice that attachments can be stripped of their viruses, many viruses today act in a DoS manner by simply sending a volume of messages. Its not uncommon for a virus on a desktop to send thousands of the same virus message to the same recipient. I don't mind the ability to send a message back to the sender/author. But what I would really like is the ability to dump the entire message from ever getting to the recipient and only send back a message to the sender stating "undelivered email due to virus... etc". Its really annoying for a recipient to get over a thousand messages all stating that your message has been cleaned, etc. Its my opinion that the sender is responsible for sending clean messages and if it finds a virus, then it should reject it just like a bad username or hostname would. Correct me if I am wrong, but I didn't see this as an option. Is it possible to get this incorporated as an option? I would think others after experiencing this problem might like this feature as well. Tim -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu From LISTSERV at JISCMAIL.AC.UK Mon Jan 7 21:33:45 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: miker@INCANTA.NET requested to join Message-ID: <200201072133.VAA04071@magpie.ecs.soton.ac.uk> Mon, 7 Jan 2002 21:33:45 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mike Rylander The following membership options have been requested: IETFHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER miker@INCANTA.NET Mike Rylander PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER miker@INCANTA.NET Mike Rylander SET MAILSCANNER IETFHDR FOR miker@INCANTA.NET // EOJ From jkf at ecs.soton.ac.uk Mon Jan 7 21:44:43 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: Stopping delivery feature??? Message-ID: <5.1.0.14.2.20020107214424.02baeca8@hawk.ecs.soton.ac.uk> At 21:36 07/01/2002, you wrote: >But what I would really like is the >ability to dump the entire message from ever getting to the recipient and >only send back a message to the sender stating "undelivered email due to >virus... etc". Its really annoying for a recipient to get over a thousand >messages all stating that your message has been cleaned, etc. In mailscanner.conf: # Once we have removed viruses from an email message and replaced them with # VirusWarning.txt attachments, should we deliver the clean result to the # original recipients (or just delete them if "no")? Deliver To Recipients = yes -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Tue Jan 8 01:34:09 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying --- suggestion In-Reply-To: <5.1.0.14.2.20020107143619.02938d28@imap.ecs.soton.ac.uk> Message-ID: On Mon, 7 Jan 2002, Julian Field wrote: Suggestion: Change "Multiple Headers" from "append" to "add" and see if it still dies. This has solved the problem for 1 user. Make that 2 users. Make that 3 users. I ran version 3.01-3 for the last couple of hours without a problem. This is a first. mailscanner 3.0x-x always disappeared within minutes. > I've got a possible fix (has worked for 1 user so far), which I will > publish as soon as it has been tested rather more. If you fancy trying it > for yourself, I would be interested to see if it works: > > 1. Go back to using "Multiple Headers = append" > 2. In mta-specific.pl, remove the "i" from right near the end of lines 316, > 322, 586, 589. I made the suggested fix and mailscanner is still running. It's only been about an hour but it IS running!!! Oh, it would be really, really nice to have an option for mailscanner to add a line in the message header that it had checked for spam...I guess I'm getting used to the spamassassin message! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From sfarrell at ICCONSULTING.COM.AU Tue Jan 8 05:21:39 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:13 2006 Subject: email failure reports Message-ID: What does mailscanner do with email failure reports? I think I got a smart#$% spammer, use a delivery failure to route a spam email to me. Not that I care too much about the spam, but it could have had a virus in it also. It has no X_ECS_MailScanner field in it. I still have the email, but not in standard format (its been munged by a commercial package into a database). From sfarrell at ICCONSULTING.COM.AU Tue Jan 8 05:24:29 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:13 2006 Subject: {SPAM?} {insecure email} re:email failure reports Message-ID: This is what it looked like (in my commercial package, less some of the formatting): Am I correct in assumming that I was the target of the spam? Delivery Failure Report Your document: There are two advantages to utilizing a how to article $$ was not delivered to: vances@iscdn.mcgill.ca; villegas@iscdn.mcgill.ca; wallaces@iscdn.mcgill.ca; waynechef@iscdn.mcgill.ca; walterl@iscdn.mcgill.ca; vallve@iscdn.mcgill.ca; yatesc@iscdn.mcgill.ca; ws135@iscdn.mcgill.ca; wmott@iscdn.mcgill.ca; yao@iscdn.mcgill.ca; valeri@iscdn.mcgill.ca; yanbing@iscdn.mcgill.ca; wak@iscdn.mcgill.ca; youngie@iscdn.mcgill.ca; williamp@iscdn.mcgill.ca; walstib@iscdn.mcgill.ca; uthman@iscdn.mcgill.ca; walkerjm@iscdn.mcgill.ca; yana@iscdn.mcgill.ca; yeman@iscdn.mcgill.ca; ve@iscdn.mcgill.ca; ygge@iscdn.mcgill.ca; vsafuto@iscdn.mcgill.ca; wcs@iscdn.mcgill.ca; wdsmith@iscdn.mcgill.ca; whitewolf@iscdn.mcgill.ca because: Enhanced Mail System Status Code (RFC1893): 5.1.2 To: bobash@i-o.net.au cc: Date: 07:54:43 PM PST Yesterday Subject: There are two advantages to utilizing a how to article $$ THE #1 Way To Reach " MILLIONS " Online With No Competition In Sight !! IF YOU HAVE A PRODUCT, service or message you would like sent to the Internet MILLIONS, you have an INCREDIBLE option...DIRECT E-MAIL ! IF YOUR LIKE SO MANY OTHERS, you've tried free classifieds, websites, banners, e-zines, search engines and have found that it can take thousands of visitors, can be expensive and iffy, or you can be easily buried with thousands of others. NOW, WHAT WORKS HANDS DOWN? DO YOU KNOW HOW TO USE E MAIL? Of course, You're on the internet contacting friends and colleagues. If you find sending e-mail easy and have failed at promoting your business, or just simply want to reach MILLIONS of prospects, then you should be making money "HAND OVER FIST" with DIRECT E-MAIL !! For A product that sells for around $25.-$35 here's an example of the CASH you can generate on the internet 24 hours a day, seven days a week, or even better, WHILE YOU SLEEP ! Day 1/14th Day/21st Day/30th Day/Yearly: 1) $210.00/$840.00/$10,080.00 2) $420.00/$1,680.00/$20,160.00 10) $2,100.00/$8,400.00/$100,000.00 15) $3,150.00/$12,600.00/$151,200.00 YOU GET THE PICTURE !! WANT PROOF? "Thanks. In two (2) weeks your e-mail program has turned my computer into a cash register." Seth J.Kochorin "Blows away traditional mailings." Advertising Age Magazine We have available for the next (2) day,s only: Over 15 MILLION INCREDIBLE e-mail addresses on CD-ROM. This will include a variety of recipients (general) such as United States, mixed domains, Canadian, international, business owners, MLM, investors, opp. seekers, internet buyers, etc, etc. We will deliver to you e-mail addresses on the CD-ROM. This will allow you to use these addresses IMMEDIATELY ! THIS IS WHAT WE'RE SENDING YOU IF ORDERED IN THE NEXT (48) HOUR,S, ONLY: 1) Receive the CD-ROMS with (20) MILLIONS of deliverable general Internet e-mail addresses. 2) The bulk delivery software (bulk mass mailer) aka "THE CADILLAC." #1 on-line today. 3) #1 Money Makeing Opportunity On Line Today, Ready For "Bulk E Mail Immediately........ THIS IS A ONE-TIME OFFER TO QUALIFIED PROSPECTS AND WILL NOT LAST LONG FOR THIS " DREAM COME TRUE" E-MAIL PACKAGE AT THE INCREDIBLE INVESTMENT OF ONLY $99.95 THIS IS VALUED AT OVER $400.00 ON-LINE TODAY (savings of $300.00), AND IF THAT'S NOT ENOUGH, WE'LL EVEN THROW IN THE " INFORMATIONAL INSTRUCTIONS " ON MASS E-MAIL MARKETING. YOU NEED TO GET STARTED QUICK !! HOWEVER, YOU MUST ACT IN THE NEXT (2) BUSINESS DAY,S TO RECEIVE THIS SPECIAL ONE-TIME MARK DOWN... WANT QUICK SERVICE? YOU HAVE TWO (2) OPTIONS: 1) For your convenience, live operators are available 9:00 am to 11:00 pm EST and would be more than happy to take your call. CALL NOW: TOLL FREE: 1-877-711-4400 ( Order Only,This Is Not A Q&A Line Or Tech Support ) 2) NOW AVAILABLE FOR THE FIRST TIME THE ALL NEW 100% SECURE/ALL DIGITAL SPEED PAY FAX SYSTEM CAN PROCESS YOUR REQUEST. FOR YOUR CONVENIENCE FAX TO : 1-253-660-1235 We accept Visa, Mastercard, Western Union and check debit 24 hours a day, seven (7) days a week. Credit card orders, please include your name as it appears on the card, the billing address and the exp. date and telephone number. If paying by check, please include the bank, check # and the long stream of numbers from left to right that appear at the bottom of the check. PLEASE HAVE YOUR MAJOR CREDIT CARD OR CHECK BOOK HANDY WHEN CALLING TO PLACE YOUR ORDER. If we have reached you in error and you would like to be removed, reply to: removeme@hotmail.com Thank you for spending time with us today, we look forward to proving that e-mail marketing can make thousands of dollars in just a short period. Your neighbors may think you've " HIT THE LOTTERY " Special Note: Now The Most Incrediable " Ground Floor" Opportunity Is Available To The general Public And Will Not Last Long ! The NEW Resellers Program Is Brand New (30 days) We Pay Weekly And Thats GUARANTEED ! Positions Are Limited And Enrollment Will Not Last Long So Don,t Delay ,You May Never See This Again !! THE #1 Way To Reach " MILLIONS " Online With No Competition In Sight !! IF YOU HAVE A PRODUCT, service or message you would like From sfarrell at icconsulting.com.au Tue Jan 8 10:53:03 2002 From: sfarrell at icconsulting.com.au (sfarrell@icconsulting.com.au) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying Message-ID: Thanks for that. re: the trailing slash. I think it definently needs it, your first test clearly failed. Ino ends up with a filename something like /car/spool/mqueue.in/./G63456346/eicar.com The /./ is the problem child. Maybe you could do both . $BASEDIR\/ first, then just $BASEDIR - the second should just do nothing (If we are right). Did you have any good test emails that have a high chance of sigv'ing mailscanner ? or are you pretty happy with your mod of getting rid of the do_compile(). ? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Julian Field cc: Subject: Re: mailscanner dying 08/01/02 08:24 PM At 05:13 08/01/2002, you wrote: [snip] There's been ongoing debate about whether you need the extra "/" on the end of 1 of the lines in ProcessInoculateOutput. It appears that you definitely do, I must get back to my mate who wrote that function for me and tell him that, whatever he thinks, the extra "/" is needed. Many thanks for the access. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sfarrell at ICCONSULTING.COM.AU Tue Jan 8 10:53:03 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying Message-ID: Thanks for that. re: the trailing slash. I think it definently needs it, your first test clearly failed. Ino ends up with a filename something like /car/spool/mqueue.in/./G63456346/eicar.com The /./ is the problem child. Maybe you could do both . $BASEDIR\/ first, then just $BASEDIR - the second should just do nothing (If we are right). Did you have any good test emails that have a high chance of sigv'ing mailscanner ? or are you pretty happy with your mod of getting rid of the do_compile(). ? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Julian Field cc: Subject: Re: mailscanner dying 08/01/02 08:24 PM At 05:13 08/01/2002, you wrote: [snip] There's been ongoing debate about whether you need the extra "/" on the end of 1 of the lines in ProcessInoculateOutput. It appears that you definitely do, I must get back to my mate who wrote that function for me and tell him that, whatever he thinks, the extra "/" is needed. Many thanks for the access. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 8 10:00:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: mailscanner dying In-Reply-To: Message-ID: <5.1.0.14.2.20020108095848.030da4c8@imap.ecs.soton.ac.uk> At 10:53 08/01/2002, you wrote: >Maybe you could do both . $BASEDIR\/ first, then just $BASEDIR - the >second should just do nothing (If we are right). I've added the "/" to the main source. That's definitely what appears to work. >Did you have any good test emails that have a high chance of sigv'ing >mailscanner ? or are you pretty happy with your mod of getting rid of the >do_compile(). ? The do_compile() was to solve SpamAssassin problems, the regexp tweaks were to solve the segv'ing problem. I'm happy it all works now... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 8 10:02:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: ANNOUNCE: Version 3.02-1 released Message-ID: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> Hi folks! Major bug fixes in this release, hopefully this will sort things out for (at the very least) most users and version 3 will start behaving as well as version 2.60 did. Fixes and changes in this release are: - Bug fix to improve stability and to stop Perl dumping core. - Bug fix to stop SpamAssassin marking everything as spam. - Bug fix in F-Prot parsing code to support trojans and backdoor programs properly. **All F-Prot users should upgrade** - Bug fix in Inoculate parsing code. **All InoculateIT users should upgrade** - Improvement to logging when viruses originate from inside your own network. - Changed localdomains.txt to localdomains.conf. I would advise anyone having any of the above problems to upgrade to this release. Downloadable, as per usual, from www.mailscanner.info -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 8 10:20:06 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: Annie.Brugalle@IRISA.FR requested to join Message-ID: <200201081021.KAA04558@magpie.ecs.soton.ac.uk> Tue, 8 Jan 2002 10:20:06 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Annie Brugall? You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Annie.Brugalle@IRISA.FR Annie Brugall? PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Annie.Brugalle@IRISA.FR Annie Brugall? // EOJ From sjaak at VSM-HOSTING.NL Tue Jan 8 13:54:16 2002 From: sjaak at VSM-HOSTING.NL (Sjaak Nabuurs VSM Hosting) Date: Thu Jan 12 21:14:13 2006 Subject: allow filename.zip.001 References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> Message-ID: <035901c1984b$f63dd0e0$1d5afea9@SJAAK> Hi Does anyone know's how the syntax must be to allow filename.zip.001 filename.zip.002 and so on ? Thanks Sjaak From jkf at ecs.soton.ac.uk Tue Jan 8 13:57:42 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: allow filename.zip.001 In-Reply-To: <035901c1984b$f63dd0e0$1d5afea9@SJAAK> References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020108135702.0331bff8@imap.ecs.soton.ac.uk> At 13:54 08/01/2002, you wrote: >Does anyone know's how the syntax must be to allow >filename.zip.001 >filename.zip.002 >and so on ? allow /\.zip\.\d+$/ - - with a tab between each of the 4 fields in the line above. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sjaak at VSM-HOSTING.NL Tue Jan 8 14:50:40 2002 From: sjaak at VSM-HOSTING.NL (Sjaak Nabuurs VSM Hosting) Date: Thu Jan 12 21:14:13 2006 Subject: allow filename.zip.001 References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020108135702.0331bff8@imap.ecs.soton.ac.uk> Message-ID: <03eb01c19853$d7aaff60$1d5afea9@SJAAK> > >Does anyone know's how the syntax must be to allow > >filename.zip.001 > >filename.zip.002 > >and so on ? > > allow /\.zip\.\d+$/ - - > > with a tab between each of the 4 fields in the line above. Okay but the rule Attempt to hide real filename extension in ads1.zip.001 Makes this attachmend denyd and i like to keep this rule From jkf at ecs.soton.ac.uk Tue Jan 8 14:54:15 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: allow filename.zip.001 In-Reply-To: <03eb01c19853$d7aaff60$1d5afea9@SJAAK> References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020108135702.0331bff8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020108145348.05475670@imap.ecs.soton.ac.uk> At 14:50 08/01/2002, you wrote: > > >Does anyone know's how the syntax must be to allow > > >filename.zip.001 > > >filename.zip.002 > > >and so on ? > > > > allow /\.zip\.\d+$/ - - > > > > with a tab between each of the 4 fields in the line above. > >Okay but the rule >Attempt to hide real filename extension in ads1.zip.001 >Makes this attachmend denyd and i like to keep this rule In which case put the new "allow" rule above the double-filename-extension trap. The first rule matched is the one that is used. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jbayer at bayerfamily.net Tue Jan 8 14:54:11 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: ANNOUNCE: Version 3.02-1 released In-Reply-To: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> Message-ID: <1615858203.20020108095411@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Julian, Just an FYI for people upgrading using the RPM: The rpm WILL OVERWRITE the mailscanner.conf file, even if the -U option is used during the install. Also, the file /usr/local/f-prot/f-protwrapper will also be overwritten. JBB Tuesday, January 08, 2002, 5:02:46 AM, you wrote: JF> Hi folks! JF> Major bug fixes in this release, hopefully this will sort things out for JF> (at the very least) most users and version 3 will start behaving as well as JF> version 2.60 did. JF> Fixes and changes in this release are: JF> - Bug fix to improve stability and to stop Perl dumping core. JF> - Bug fix to stop SpamAssassin marking everything as spam. JF> - Bug fix in F-Prot parsing code to support trojans and backdoor JF> programs properly. **All F-Prot users should upgrade** JF> - Bug fix in Inoculate parsing code. JF> **All InoculateIT users should upgrade** JF> - Improvement to logging when viruses originate from inside your JF> own network. JF> - Changed localdomains.txt to localdomains.conf. JF> I would advise anyone having any of the above problems to upgrade to this JF> release. JF> Downloadable, as per usual, from www.mailscanner.info JF> -- JF> Julian Field Teaching Systems Manager JF> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF> Tel. 023 8059 2817 University of Southampton JF> Southampton SO17 1BJ - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7CBQACgkQLWek1tt+K50KBwCghMBBEF8UDvQxy0Rs+SRmjOqK uG4An2jw7N/qyrDbFROM9oInjObbmeuC =AwgW -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Tue Jan 8 15:57:01 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: timnis@IKI.FI requested to join Message-ID: <200201081557.PAA25775@magpie.ecs.soton.ac.uk> Tue, 8 Jan 2002 15:57:01 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Timo Nisula You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER timnis@IKI.FI Timo Nisula PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER timnis@IKI.FI Timo Nisula // EOJ From ntk at ru.acad.bg Tue Jan 8 17:32:16 2002 From: ntk at ru.acad.bg (Nikolay Kabaivanov) Date: Thu Jan 12 21:14:13 2006 Subject: Commercial virus checker failed ... Message-ID: <3C3B2D20.B43DD5A1@ru.acad.bg> HI Just to report success worê with F-prot : I run mailscanner-3.02-1 from RPM on RedHat 7.2 system. For vurus checker I use f-prot. Before ver. 3.02 after 10-15 min mailscanner disapears. But now, from 10-12 hours everything looks good. Except this strange message in /var/log/maillog : ______________________________________________________________________ Jan 8 19:00:54 octus mailscanner[16926]: Going to scan 1 messages Jan 8 19:00:55 octus mailscanner[18781]: Commercial virus checker failed with real error: Can't run commercial checker: No such file or directory at /usr/local/MailScanner/bin/sweep.pl line 302. Jan 8 19:00:55 octus mailscanner[16926]: Scanned 1 messages, 13572 bytes in 1 seconds Jan 8 19:00:55 octus mailscanner[16926]: About to deliver 1 messages ___________________________________________________________________________ I do not run commercial checker. I use f-prot. I like to ask a question : Is there is a way to use 2 or 3 virus checker to check 1 message ? For exmample www.amavis.org can use 5 ot or 6 scanners check 1 message. Best regards _________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From sevans at FOUNDATION.SDSU.EDU Tue Jan 8 17:34:03 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:13 2006 Subject: Anti-Spam Testing Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76B5@foundation.foundation.sdsu.edu> I want to see if mail coming from open relays is being marked as spam. (which I believe MailScanner is supposed to do) Is there a good way to test that? Steve From thope at BTHSOLUTIONS.COM Tue Jan 8 17:30:42 2002 From: thope at BTHSOLUTIONS.COM (Terry Hope) Date: Thu Jan 12 21:14:13 2006 Subject: autoupdate not working after MAILSCANNER upgrade Message-ID: I have just upgraded from mailscanner-2.60-2.i386.rpm to mailscanner-3.01- 3.i386.rpm. Everything seems to have started fine - except now when /usr/local/mcafee/autoupdate is executed, I get: Global symbol "$DATDir" requires explicit package name at ./autoupdate line 123. Execution of ./autoupdate aborted due to compilation errors. I don't see any glaring errors. Can someone point me in the right direction? Thanks in advance Terry Hope thope@bthsolutions.com From paal at NKI.NO Tue Jan 8 17:35:13 2002 From: paal at NKI.NO (Paul Hagerup) Date: Thu Jan 12 21:14:13 2006 Subject: Anti-Spam Testing References: <20C245C5F9A41949A359CCDBF4B3ADED2A76B5@foundation.foundation.sdsu.edu> Message-ID: <002d01c1986a$d4ef6a60$682286c3@alfanett.no> Send an email to ask-test-ordb@null.dk from the server you want to test (if you are using ordb). Se http://www.ordb.org/faq/#test_blocking Paal Hagerup ----- Original Message ----- From: Steve Evans To: Sent: Tuesday, January 08, 2002 6:34 PM Subject: Anti-Spam Testing I want to see if mail coming from open relays is being marked as spam. (which I believe MailScanner is supposed to do) Is there a good way to test that? Steve From nwp at LEMON-COMPUTING.COM Tue Jan 8 17:54:44 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:13 2006 Subject: Commercial virus checker failed ... In-Reply-To: <3C3B2D20.B43DD5A1@ru.acad.bg>; from ntk@RU.ACAD.BG on Tue, Jan 08, 2002 at 07:32:16PM +0200 References: <3C3B2D20.B43DD5A1@ru.acad.bg> Message-ID: <20020108175444.L20462@lemon-computing.com> On Tue, Jan 08, 2002 at 07:32:16PM +0200, Nikolay Kabaivanov wrote: > ______________________________________________________________________ > Jan 8 19:00:54 octus mailscanner[16926]: Going to scan 1 messages > Jan 8 19:00:55 octus mailscanner[18781]: Commercial virus checker > failed with real error: Can't run commercial checker: No such file or > directory at /usr/local/MailScanner/bin/sweep.pl line 302. > Jan 8 19:00:55 octus mailscanner[16926]: Scanned 1 messages, 13572 > bytes in 1 seconds > Jan 8 19:00:55 octus mailscanner[16926]: About to deliver 1 messages > ___________________________________________________________________________ It's not working. Have you set the right path to the f-prot wrapper in the mailscanner.conf?? > I do not run commercial checker. I use f-prot. That is a commercial checker for our purposes, even though they don't charge for it at the moment. > I like to ask a question : Is there is a way to use 2 or 3 virus checker > to check 1 message ? Not at the moment; there's not really any very good reason to do so, so far as I'm aware. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You never know how many friends you have until you rent a house on the beach. From sevans at FOUNDATION.SDSU.EDU Tue Jan 8 18:05:47 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:13 2006 Subject: Anti-Spam Testing Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76B6@foundation.foundation.sdsu.edu> The problem with that is that I'm testing this on a test box that is not in DNS. Is there a way to have the domain part of the address be the IP address? Steve -----Original Message----- From: Paul Hagerup [mailto:paal@NKI.NO] Sent: Tuesday, January 08, 2002 9:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Anti-Spam Testing Send an email to ask-test-ordb@null.dk from the server you want to test (if you are using ordb). Se http://www.ordb.org/faq/#test_blocking Paal Hagerup ----- Original Message ----- From: Steve Evans To: Sent: Tuesday, January 08, 2002 6:34 PM Subject: Anti-Spam Testing I want to see if mail coming from open relays is being marked as spam. (which I believe MailScanner is supposed to do) Is there a good way to test that? Steve From ntk at ru.acad.bg Tue Jan 8 18:14:08 2002 From: ntk at ru.acad.bg (Nikolay Kabaivanov) Date: Thu Jan 12 21:14:13 2006 Subject: Commercial virus checker failed ... References: <3C3B2D20.B43DD5A1@ru.acad.bg> <20020108175444.L20462@lemon-computing.com> Message-ID: <3C3B36F0.7FD87F0C@ru.acad.bg> Nick Phillips wrote: > > It's not working. Have you set the right path to the f-prot wrapper in the > mailscanner.conf?? Yes. It is my fault. I corrected the mistake which was in the path to the f-prot wrapper. It occured because I made too many tweaks in the conf file. > > > I do not run commercial checker. I use f-prot. > > That is a commercial checker for our purposes, even though they don't charge for > it at the moment. > > > I like to ask a question : Is there is a way to use 2 or 3 virus checker > > to check 1 message ? > > Not at the moment; there's not really any very good reason to do so, so far as > I'm aware. I don't think so. For example inoculateit does not make updates to their virus definitions. Other firms produce every day updates for new viruses - Sophos for example. If I run InoculateIt (which I prefer) I would like to count also on Sophos. Best regards __________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From jkf at ecs.soton.ac.uk Tue Jan 8 19:25:37 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:13 2006 Subject: autoupdate not working after MAILSCANNER upgrade In-Reply-To: Message-ID: <5.1.0.14.2.20020108192440.02b95280@hawk.ecs.soton.ac.uk> At 17:30 08/01/2002, you wrote: >when /usr/local/mcafee/autoupdate is executed, I get: > >Global symbol "$DATDir" requires explicit package name at ./autoupdate line >123. >Execution of ./autoupdate aborted due to compilation errors. Sorry, typo in that script that hasn't been spotted before. You can safely comment out that line (it just prints stuff). Just either delete the line or put a "#" symbol at the beginning of the line. Sorry! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 8 20:18:32 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: barbara.dove@STEELEYE.COM requested to join Message-ID: <200201082018.UAA11654@magpie.ecs.soton.ac.uk> Tue, 8 Jan 2002 20:18:32 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Barbara Dove You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER barbara.dove@STEELEYE.COM Barbara Dove PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER barbara.dove@STEELEYE.COM Barbara Dove // EOJ From mhw at WITTSEND.COM Tue Jan 8 20:29:08 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:13 2006 Subject: Commercial virus checker failed ... In-Reply-To: <20020108175444.L20462@lemon-computing.com> References: <3C3B2D20.B43DD5A1@ru.acad.bg> <20020108175444.L20462@lemon-computing.com> Message-ID: <20020108152908.A26294@alcove.wittsend.com> On Tue, Jan 08, 2002 at 05:54:44PM +0000, Nick Phillips wrote: > On Tue, Jan 08, 2002 at 07:32:16PM +0200, Nikolay Kabaivanov wrote: > > ______________________________________________________________________ > > Jan 8 19:00:54 octus mailscanner[16926]: Going to scan 1 messages > > Jan 8 19:00:55 octus mailscanner[18781]: Commercial virus checker > > failed with real error: Can't run commercial checker: No such file or > > directory at /usr/local/MailScanner/bin/sweep.pl line 302. > > Jan 8 19:00:55 octus mailscanner[16926]: Scanned 1 messages, 13572 > > bytes in 1 seconds > > Jan 8 19:00:55 octus mailscanner[16926]: About to deliver 1 messages > > ___________________________________________________________________________ > > It's not working. Have you set the right path to the f-prot wrapper in the > mailscanner.conf?? > > > I do not run commercial checker. I use f-prot. > > That is a commercial checker for our purposes, even though they don't charge for > it at the moment. > > > I like to ask a question : Is there is a way to use 2 or 3 virus checker > > to check 1 message ? > Not at the moment; there's not really any very good reason to do so, so far as > I'm aware. Actually there are several that I'm aware and it's a feature which is a high priority to me. #1 Reason... There are many occasions when one virus scanner or another picks up a virus/worm and not the others. No one product leads the field in this and I've heard recommendations to run at least three virus checkers in commercial development environments where deliverable product is prepared. #2 Reason... Sometimes one vendor is a little quicker than others to update signatures, either due to updaing schedule or ongoing research work - leading to reason #1. #3 Reason... Nameology. Sometimes virus checkers vary in their terminology. Correlating detection with field reports can be simplified. Some may argue that this isn't a "good reason" while others may consider it vital. Depends on what you are doing with the information. #4 Reason... Even when several virus checkers can spot a virus, not all of them may be able to sanitize the material the same way or may behave differently.. All of the above boil down to reliablilty and reaction speed. Depending on one virus vendor is not a safe bet. While even combinations of vendors can not be relied on totally (last virus go-round I worked on we were fighting an infestation of the goner_a worm for 5 hours before the FIRST vendor had their signatures updated and some were over a day) having multiple vendors is more reliable than picking one and praying. Next time, the guys (who I will not name) who came in first may be dead last. Especially at a critical trottle point like a central email server. Using multiple virus scanners is a lot like using multiple spam identifiers. SpamAssassin is the epitomie of this. You are more effective using multiple sources of information. > Cheers, > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > You never know how many friends you have until you rent a house on the beach. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From tyler at beloit.edu Tue Jan 8 20:49:45 2002 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:13 2006 Subject: Stopping delivery feature??? In-Reply-To: <5.1.0.14.2.20020107214424.02baeca8@hawk.ecs.soton.ac.uk> from "Julian Field" at Jan 07, 2002 09:44:43 PM Message-ID: <200201082049.OAA31618@beloit.edu> Julian, Thanks! I downloaded mailscanner back in early September with the 2.4 version which apparently didn't support the recipient option back then. I downloaded 2.6 today and it works great. Kudos to Mailscanner for providing this flexibility! Tim > >At 21:36 07/01/2002, you wrote: >>But what I would really like is the >>ability to dump the entire message from ever getting to the recipient and >>only send back a message to the sender stating "undelivered email due to >>virus... etc". Its really annoying for a recipient to get over a thousand >>messages all stating that your message has been cleaned, etc. > >In mailscanner.conf: > ># Once we have removed viruses from an email message and replaced them with ># VirusWarning.txt attachments, should we deliver the clean result to the ># original recipients (or just delete them if "no")? >Deliver To Recipients = yes > >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu Go Packers! Go Badgers! 1999&2000 Rose Bowl Champions! From sevans at FOUNDATION.SDSU.EDU Tue Jan 8 20:54:53 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76B8@foundation.foundation.sdsu.edu> When I run the script sendmail.logs.pl it tells me 0 Not Applicable ECS Mail Servers What am I doing wrong? Steve From jbayer at bayerfamily.net Tue Jan 8 20:57:46 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A76B8@foundation.foundation.sdsu.edu> References: <20C245C5F9A41949A359CCDBF4B3ADED2A76B8@foundation.foundation.sdsu.edu> Message-ID: <6827673442.20020108155746@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Steve, You have to run it as follows: sendmail.logs.pl mail sendmail.logs.pl virus sendmail.logs.pl spam The output will be: # # of applicable entries (input in MRTG's terms) 0 (output in MRTG's terms) Not Applicable ECS Mail Servers Name of service These 4 lines are needed by MRTG JBB Tuesday, January 08, 2002, 3:54:53 PM, you wrote: SE> When I run the script sendmail.logs.pl it tells me SE> 0 SE> Not Applicable SE> ECS Mail Servers SE> What am I doing wrong? SE> Steve - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7XUsACgkQLWek1tt+K51f1ACfb+Zk+G07xbSXRmXi6CV2UXOT xJ4AnjFIM5EVkzZitnBMy+ThbR5B50of =Lriz -----END PGP SIGNATURE----- From sevans at FOUNDATION.SDSU.EDU Tue Jan 8 21:26:12 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76BB@foundation.foundation.sdsu.edu> Okay if I run sendmail.logs.pl mail it says 27 0 Not Applicable ECS Mail Servers Could you dicpher that for me? When I run mrtg mrtg.cfg it runs without any errors but it says I have sent 0 messages. (which is wrong). Also I should never have to run sendmail.logs.pl manually right? I should just schedule mrtg to run every night. Steve -----Original Message----- From: Jonathan B. Bayer [mailto:jbayer@BAYERFAMILY.NET] Sent: Tuesday, January 08, 2002 12:58 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MRTG Setup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Steve, You have to run it as follows: sendmail.logs.pl mail sendmail.logs.pl virus sendmail.logs.pl spam The output will be: # # of applicable entries (input in MRTG's terms) 0 (output in MRTG's terms) Not Applicable ECS Mail Servers Name of service These 4 lines are needed by MRTG JBB Tuesday, January 08, 2002, 3:54:53 PM, you wrote: SE> When I run the script sendmail.logs.pl it tells me SE> 0 SE> Not Applicable SE> ECS Mail Servers SE> What am I doing wrong? SE> Steve - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7XUsACgkQLWek1tt+K51f1ACfb+Zk+G07xbSXRmXi6CV2UXOT xJ4AnjFIM5EVkzZitnBMy+ThbR5B50of =Lriz -----END PGP SIGNATURE----- From jbayer at bayerfamily.net Tue Jan 8 22:20:10 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A76BB@foundation.foundation.sdsu.edu> References: <20C245C5F9A41949A359CCDBF4B3ADED2A76BB@foundation.foundation.sdsu.edu> Message-ID: <2132617261.20020108172010@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Steve, Tuesday, January 08, 2002, 4:26:12 PM, you wrote: SE> Okay if I run sendmail.logs.pl mail it says SE> 27 SE> 0 SE> Not Applicable SE> ECS Mail Servers This is correct. It says that 27 mails came in, 0 outgoing (really it is an unused value), the third is obvious, and the name of the server is ECS Mail Servers. You should update the sendmail.logs.pl to reflect your server's name. JBB SE> Could you dicpher that for me? When I run mrtg mrtg.cfg it runs without SE> any errors but it says I have sent 0 messages. (which is wrong). Also SE> I should never have to run sendmail.logs.pl manually right? I should SE> just schedule mrtg to run every night. SE> Steve SE> -----Original Message----- SE> From: Jonathan B. Bayer [mailto:jbayer@BAYERFAMILY.NET] SE> Sent: Tuesday, January 08, 2002 12:58 PM SE> To: MAILSCANNER@JISCMAIL.AC.UK SE> Subject: Re: MRTG Setup SE> -----BEGIN PGP SIGNED MESSAGE----- SE> Hash: SHA1 SE> Hello Steve, SE> You have to run it as follows: SE> sendmail.logs.pl mail SE> sendmail.logs.pl virus SE> sendmail.logs.pl spam SE> The output will be: SE> # # of applicable entries (input in MRTG's SE> terms) SE> 0 (output in MRTG's terms) SE> Not Applicable SE> ECS Mail Servers Name of service SE> These 4 lines are needed by MRTG SE> JBB SE> Tuesday, January 08, 2002, 3:54:53 PM, you wrote: SE>> When I run the script sendmail.logs.pl it tells me SE>> 0 SE>> Not Applicable SE>> ECS Mail Servers SE>> What am I doing wrong? SE>> Steve SE> - -- SE> Best regards, SE> Jonathan mailto:jbayer@bayerfamily.net SE> -----BEGIN PGP SIGNATURE----- SE> Version: GnuPG v1.0.6 (MingW32) SE> Comment: For info see http://www.gnupg.org SE> iEYEARECAAYFAjw7XUsACgkQLWek1tt+K51f1ACfb+Zk+G07xbSXRmXi6CV2UXOT SE> xJ4AnjFIM5EVkzZitnBMy+ThbR5B50of SE> =Lriz SE> -----END PGP SIGNATURE----- - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7cJoACgkQLWek1tt+K52kagCaApes/vsxcQNjGJYz39/k+B9Z cN0AnjlHxH+N5fhYDFDLSVRnu+cKvnqC =8cTb -----END PGP SIGNATURE----- From jbayer at bayerfamily.net Tue Jan 8 22:27:42 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A76BB@foundation.foundation.sdsu.edu> References: <20C245C5F9A41949A359CCDBF4B3ADED2A76BB@foundation.foundation.sdsu.edu> Message-ID: <16833069351.20020108172742@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Steve, I forgot to say that this script needs to be called from inside MRTG. JBB Tuesday, January 08, 2002, 4:26:12 PM, you wrote: SE> Okay if I run sendmail.logs.pl mail it says SE> 27 SE> 0 SE> Not Applicable SE> ECS Mail Servers SE> Could you dicpher that for me? When I run mrtg mrtg.cfg it runs without SE> any errors but it says I have sent 0 messages. (which is wrong). Also SE> I should never have to run sendmail.logs.pl manually right? I should SE> just schedule mrtg to run every night. SE> Steve SE> -----Original Message----- SE> From: Jonathan B. Bayer [mailto:jbayer@BAYERFAMILY.NET] SE> Sent: Tuesday, January 08, 2002 12:58 PM SE> To: MAILSCANNER@JISCMAIL.AC.UK SE> Subject: Re: MRTG Setup SE> -----BEGIN PGP SIGNED MESSAGE----- SE> Hash: SHA1 SE> Hello Steve, SE> You have to run it as follows: SE> sendmail.logs.pl mail SE> sendmail.logs.pl virus SE> sendmail.logs.pl spam SE> The output will be: SE> # # of applicable entries (input in MRTG's SE> terms) SE> 0 (output in MRTG's terms) SE> Not Applicable SE> ECS Mail Servers Name of service SE> These 4 lines are needed by MRTG SE> JBB SE> Tuesday, January 08, 2002, 3:54:53 PM, you wrote: SE>> When I run the script sendmail.logs.pl it tells me SE>> 0 SE>> Not Applicable SE>> ECS Mail Servers SE>> What am I doing wrong? SE>> Steve SE> - -- SE> Best regards, SE> Jonathan mailto:jbayer@bayerfamily.net SE> -----BEGIN PGP SIGNATURE----- SE> Version: GnuPG v1.0.6 (MingW32) SE> Comment: For info see http://www.gnupg.org SE> iEYEARECAAYFAjw7XUsACgkQLWek1tt+K51f1ACfb+Zk+G07xbSXRmXi6CV2UXOT SE> xJ4AnjFIM5EVkzZitnBMy+ThbR5B50of SE> =Lriz SE> -----END PGP SIGNATURE----- - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7cl8ACgkQLWek1tt+K53zFQCeNUFnBs3IqUN6GgzybQevJI8o kfIAn1fEkRAom8nRnNzl2xSck1MoENzk =JGT9 -----END PGP SIGNATURE----- From sevans at FOUNDATION.SDSU.EDU Tue Jan 8 22:34:46 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:13 2006 Subject: MRTG Setup Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76C3@foundation.foundation.sdsu.edu> So then it appears that everything is okay. But the webpages it creates says that 0 e-mails have gone through the system. Steve -----Original Message----- From: Jonathan B. Bayer [mailto:jbayer@BAYERFAMILY.NET] Sent: Tuesday, January 08, 2002 2:20 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MRTG Setup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Steve, Tuesday, January 08, 2002, 4:26:12 PM, you wrote: SE> Okay if I run sendmail.logs.pl mail it says SE> 27 SE> 0 SE> Not Applicable SE> ECS Mail Servers This is correct. It says that 27 mails came in, 0 outgoing (really it is an unused value), the third is obvious, and the name of the server is ECS Mail Servers. You should update the sendmail.logs.pl to reflect your server's name. JBB SE> Could you dicpher that for me? When I run mrtg mrtg.cfg it runs without SE> any errors but it says I have sent 0 messages. (which is wrong). Also SE> I should never have to run sendmail.logs.pl manually right? I should SE> just schedule mrtg to run every night. SE> Steve SE> -----Original Message----- SE> From: Jonathan B. Bayer [mailto:jbayer@BAYERFAMILY.NET] SE> Sent: Tuesday, January 08, 2002 12:58 PM SE> To: MAILSCANNER@JISCMAIL.AC.UK SE> Subject: Re: MRTG Setup SE> -----BEGIN PGP SIGNED MESSAGE----- SE> Hash: SHA1 SE> Hello Steve, SE> You have to run it as follows: SE> sendmail.logs.pl mail SE> sendmail.logs.pl virus SE> sendmail.logs.pl spam SE> The output will be: SE> # # of applicable entries (input in MRTG's SE> terms) SE> 0 (output in MRTG's terms) SE> Not Applicable SE> ECS Mail Servers Name of service SE> These 4 lines are needed by MRTG SE> JBB SE> Tuesday, January 08, 2002, 3:54:53 PM, you wrote: SE>> When I run the script sendmail.logs.pl it tells me SE>> 0 SE>> Not Applicable SE>> ECS Mail Servers SE>> What am I doing wrong? SE>> Steve SE> - -- SE> Best regards, SE> Jonathan mailto:jbayer@bayerfamily.net SE> -----BEGIN PGP SIGNATURE----- SE> Version: GnuPG v1.0.6 (MingW32) SE> Comment: For info see http://www.gnupg.org SE> iEYEARECAAYFAjw7XUsACgkQLWek1tt+K51f1ACfb+Zk+G07xbSXRmXi6CV2UXOT SE> xJ4AnjFIM5EVkzZitnBMy+ThbR5B50of SE> =Lriz SE> -----END PGP SIGNATURE----- - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7cJoACgkQLWek1tt+K52kagCaApes/vsxcQNjGJYz39/k+B9Z cN0AnjlHxH+N5fhYDFDLSVRnu+cKvnqC =8cTb -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Tue Jan 8 21:58:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:13 2006 Subject: MAILSCANNER: chris@MATTS.CO.UK left the JISCmail list Message-ID: <200201082158.VAA16222@magpie.ecs.soton.ac.uk> Tue, 8 Jan 2002 21:58:44 Chris Kilner has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jbayer at bayerfamily.net Tue Jan 8 14:54:11 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:13 2006 Subject: ANNOUNCE: Version 3.02-1 released In-Reply-To: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020108100001.0334de10@imap.ecs.soton.ac.uk> Message-ID: <1615858203.20020108095411@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Julian, Just an FYI for people upgrading using the RPM: The rpm WILL OVERWRITE the mailscanner.conf file, even if the -U option is used during the install. Also, the file /usr/local/f-prot/f-protwrapper will also be overwritten. JBB Tuesday, January 08, 2002, 5:02:46 AM, you wrote: JF> Hi folks! JF> Major bug fixes in this release, hopefully this will sort things out for JF> (at the very least) most users and version 3 will start behaving as well as JF> version 2.60 did. JF> Fixes and changes in this release are: JF> - Bug fix to improve stability and to stop Perl dumping core. JF> - Bug fix to stop SpamAssassin marking everything as spam. JF> - Bug fix in F-Prot parsing code to support trojans and backdoor JF> programs properly. **All F-Prot users should upgrade** JF> - Bug fix in Inoculate parsing code. JF> **All InoculateIT users should upgrade** JF> - Improvement to logging when viruses originate from inside your JF> own network. JF> - Changed localdomains.txt to localdomains.conf. JF> I would advise anyone having any of the above problems to upgrade to this JF> release. JF> Downloadable, as per usual, from www.mailscanner.info JF> -- JF> Julian Field Teaching Systems Manager JF> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF> Tel. 023 8059 2817 University of Southampton JF> Southampton SO17 1BJ - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw7CBQACgkQLWek1tt+K50KBwCghMBBEF8UDvQxy0Rs+SRmjOqK uG4An2jw7N/qyrDbFROM9oInjObbmeuC =AwgW -----END PGP SIGNATURE----- From sfarrell at ICCONSULTING.COM.AU Tue Jan 8 23:44:37 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... Message-ID: For me it would be fail over. Occaisonally the virus update definition from CA for innoculate fails, and corrupts the whole of innoculate for a while, until you either reinstall, or wait for the next update (ugly). So in my case failover to the second scanner would be great. This probably also applies to DoS - it may not DoS both scanners at the same time. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au "Michael H. Warfield" To: MAILSCANNER@JISCMAIL.AC.UK cc: Sent by: Subject: Re: Commercial virus checker failed ... MailScanner mailing list 09/01/02 07:29 AM Please respond to MailScanner mailing list On Tue, Jan 08, 2002 at 05:54:44PM +0000, Nick Phillips wrote: > On Tue, Jan 08, 2002 at 07:32:16PM +0200, Nikolay Kabaivanov wrote: > > ______________________________________________________________________ > > Jan 8 19:00:54 octus mailscanner[16926]: Going to scan 1 messages > > Jan 8 19:00:55 octus mailscanner[18781]: Commercial virus checker > > failed with real error: Can't run commercial checker: No such file or > > directory at /usr/local/MailScanner/bin/sweep.pl line 302. > > Jan 8 19:00:55 octus mailscanner[16926]: Scanned 1 messages, 13572 > > bytes in 1 seconds > > Jan 8 19:00:55 octus mailscanner[16926]: About to deliver 1 messages > > ___________________________________________________________________________ > > It's not working. Have you set the right path to the f-prot wrapper in the > mailscanner.conf?? > > > I do not run commercial checker. I use f-prot. > > That is a commercial checker for our purposes, even though they don't charge for > it at the moment. > > > I like to ask a question : Is there is a way to use 2 or 3 virus checker > > to check 1 message ? > Not at the moment; there's not really any very good reason to do so, so far as > I'm aware. Actually there are several that I'm aware and it's a feature which is a high priority to me. #1 Reason... There are many occasions when one virus scanner or another picks up a virus/worm and not the others. No one product leads the field in this and I've heard recommendations to run at least three virus checkers in commercial development environments where deliverable product is prepared. #2 Reason... Sometimes one vendor is a little quicker than others to update signatures, either due to updaing schedule or ongoing research work - leading to reason #1. #3 Reason... Nameology. Sometimes virus checkers vary in their terminology. Correlating detection with field reports can be simplified. Some may argue that this isn't a "good reason" while others may consider it vital. Depends on what you are doing with the information. #4 Reason... Even when several virus checkers can spot a virus, not all of them may be able to sanitize the material the same way or may behave differently.. All of the above boil down to reliablilty and reaction speed. Depending on one virus vendor is not a safe bet. While even combinations of vendors can not be relied on totally (last virus go-round I worked on we were fighting an infestation of the goner_a worm for 5 hours before the FIRST vendor had their signatures updated and some were over a day) having multiple vendors is more reliable than picking one and praying. Next time, the guys (who I will not name) who came in first may be dead last. Especially at a critical trottle point like a central email server. Using multiple virus scanners is a lot like using multiple spam identifiers. SpamAssassin is the epitomie of this. You are more effective using multiple sources of information. > Cheers, > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > You never know how many friends you have until you rent a house on the beach. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From sfarrell at ICCONSULTING.COM.AU Tue Jan 8 23:48:52 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... Message-ID: Nikolay, CA does provide autoupdates. Depending on what product and subscription you have, see : /usr/local/ino/ino/scripts/UpdateEngine.sh You'll need to configure wget to default to a proxy server. I get updates every other day. Not too mention their more enterprise products co-ordinate site/enterprise wide updating and management and reporting. Scott | To: MAILSCANNER@JISCMAIL.AC.UK | cc: Date: 08:14:08 PM ZE2 Yesterday Subject: Re: Commercial virus checker failed ... Nick Phillips wrote: > > It's not working. Have you set the right path to the f-prot wrapper in the > mailscanner.conf?? Yes. It is my fault. I corrected the mistake which was in the path to the f-prot wrapper. It occured because I made too many tweaks in the conf file. > > > I do not run commercial checker. I use f-prot. > > That is a commercial checker for our purposes, even though they don't charge for > it at the moment. > > > I like to ask a question : Is there is a way to use 2 or 3 virus checker > > to check 1 message ? > > Not at the moment; there's not really any very good reason to do so, so far as > I'm aware. I don't think so. For example inoculateit does not make updates to their virus definitions. Other firms produce every day updates for new viruses - Sophos for example. If I run InoculateIt (which I prefer) I would like to count also on Sophos. Best regards __________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From mhw at WITTSEND.COM Wed Jan 9 02:49:08 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: References: Message-ID: <20020108214908.A18900@alcove.wittsend.com> On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > For me it would be fail over. Hmmm... Good point. I think. But that's yet another REAL GOOD reason for multiple scanners. HA failover if one blows chunks. > Occaisonally the virus update definition from CA for innoculate fails, and > corrupts the whole of innoculate for a while, until you either reinstall, > or wait for the next update (ugly). What happens then? Does the program identify everything as a virus or nothing as a virus. > So in my case failover to the second scanner would be great. If the corruption results in nothing being tagged then you and I are in perfect agreement. Run three checkers and if any of them identify it as a cybertoxin then quarantine the sucker. If the corruption results in everything being identified, then we have a problem and the check has to be identified as faulty and flawed out. > This probably also applies to DoS - it may not DoS both scanners at the > same time. Haven't seen anything that would really DoS the scanner. Somewhere I've got that nasty gzip file "my_god_its_full_of_stars" and I've heard of the zip of death (but haven't landed myself a copy yet). Any other known nasties? (I collect them in my cybertoxin zoo.) Zip is better than gzip recursive explosive expandables if you want them to blow up on scanning, except that gzip can be piped to itself for the recursion. :-) I don't even KNOW how big "my_god_its_full_of_stars" would gunzip to. > regards > Scott Farrell > > http://www.icconsulting.com.au > ic Consulting - the people that make eBusiness happen. > We offer e-business consulting and perform services. We deliver high impact > consulting, and fast turn around projects for our clients. > Ask us about Web Content Management, Web Self Service, or working closer > with your customers or suppliers. > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au [...] > > Not at the moment; there's not really any very good reason to do so, so > far as > > I'm aware. > > Actually there are several that I'm aware and it's a feature which > is a high priority to me. > > #1 Reason... There are many occasions when one virus scanner or > another picks up a virus/worm and not the others. No one product leads > the field in this and I've heard recommendations to run at least three > virus checkers in commercial development environments where deliverable > product is prepared. > > #2 Reason... Sometimes one vendor is a little quicker than > others to update signatures, either due to updaing schedule or ongoing > research work - leading to reason #1. > > #3 Reason... Nameology. Sometimes virus checkers vary in their > terminology. Correlating detection with field reports can be simplified. > Some may argue that this isn't a "good reason" while others may consider > it vital. Depends on what you are doing with the information. > > #4 Reason... Even when several virus checkers can spot a virus, > not all of them may be able to sanitize the material the same way or > may behave differently.. > > All of the above boil down to reliablilty and reaction speed. > Depending on one virus vendor is not a safe bet. While even combinations > of vendors can not be relied on totally (last virus go-round I worked on > we were fighting an infestation of the goner_a worm for 5 hours before > the FIRST vendor had their signatures updated and some were over a day) > having multiple vendors is more reliable than picking one and praying. > Next time, the guys (who I will not name) who came in first may be dead > last. Especially at a critical trottle point like a central email server. > > Using multiple virus scanners is a lot like using multiple spam > identifiers. SpamAssassin is the epitomie of this. You are more effective > using multiple sources of information. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From sfarrell at ICCONSULTING.COM.AU Wed Jan 9 04:19:44 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... Message-ID: Michael, When innoculate totally failed (twice so far in about 3 months) - it failed to recognise anything as a virus, and sigfaulted everytime it ran. It left mailscanner to think everything was clean. I have a cronjob that runs from netsaint that checks that inocmd32 and checks a directory with known viruses (just eicar2.zip) and makes sure it returns the same check that mailscanner uses (in case innoculate changes its messages also). My netsaint also checks the age of innoculates virus updates, and warns >4 days old, critical if >7 days old. I was also thinking of mailing a virus to a set account every so often, and check for the mailscanner report in the target mail file, except that I (as the postmaster) would also be told about the virus each time, and I couldn't stand that. re:DoS - its a design objective of mailscanner. "Michael H. Warfield" To: MAILSCANNER@JISCMAIL.AC.UK cc: Sent by: Subject: Re: Commercial virus checker failed ... MailScanner mailing list 09/01/02 01:49 PM Please respond to MailScanner mailing list On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > For me it would be fail over. Hmmm... Good point. I think. But that's yet another REAL GOOD reason for multiple scanners. HA failover if one blows chunks. > Occaisonally the virus update definition from CA for innoculate fails, and > corrupts the whole of innoculate for a while, until you either reinstall, > or wait for the next update (ugly). What happens then? Does the program identify everything as a virus or nothing as a virus. > So in my case failover to the second scanner would be great. If the corruption results in nothing being tagged then you and I are in perfect agreement. Run three checkers and if any of them identify it as a cybertoxin then quarantine the sucker. If the corruption results in everything being identified, then we have a problem and the check has to be identified as faulty and flawed out. > This probably also applies to DoS - it may not DoS both scanners at the > same time. Haven't seen anything that would really DoS the scanner. Somewhere I've got that nasty gzip file "my_god_its_full_of_stars" and I've heard of the zip of death (but haven't landed myself a copy yet). Any other known nasties? (I collect them in my cybertoxin zoo.) Zip is better than gzip recursive explosive expandables if you want them to blow up on scanning, except that gzip can be piped to itself for the recursion. : -) I don't even KNOW how big "my_god_its_full_of_stars" would gunzip to. > regards > Scott Farrell > > http://www.icconsulting.com.au > ic Consulting - the people that make eBusiness happen. > We offer e-business consulting and perform services. We deliver high impact > consulting, and fast turn around projects for our clients. > Ask us about Web Content Management, Web Self Service, or working closer > with your customers or suppliers. > > 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au [...] > > Not at the moment; there's not really any very good reason to do so, so > far as > > I'm aware. > > Actually there are several that I'm aware and it's a feature which > is a high priority to me. > > #1 Reason... There are many occasions when one virus scanner or > another picks up a virus/worm and not the others. No one product leads > the field in this and I've heard recommendations to run at least three > virus checkers in commercial development environments where deliverable > product is prepared. > > #2 Reason... Sometimes one vendor is a little quicker than > others to update signatures, either due to updaing schedule or ongoing > research work - leading to reason #1. > > #3 Reason... Nameology. Sometimes virus checkers vary in their > terminology. Correlating detection with field reports can be simplified. > Some may argue that this isn't a "good reason" while others may consider > it vital. Depends on what you are doing with the information. > > #4 Reason... Even when several virus checkers can spot a virus, > not all of them may be able to sanitize the material the same way or > may behave differently.. > > All of the above boil down to reliablilty and reaction speed. > Depending on one virus vendor is not a safe bet. While even combinations > of vendors can not be relied on totally (last virus go-round I worked on > we were fighting an infestation of the goner_a worm for 5 hours before > the FIRST vendor had their signatures updated and some were over a day) > having multiple vendors is more reliable than picking one and praying. > Next time, the guys (who I will not name) who came in first may be dead > last. Especially at a critical trottle point like a central email server. > > Using multiple virus scanners is a lot like using multiple spam > identifiers. SpamAssassin is the epitomie of this. You are more effective > using multiple sources of information. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From LISTSERV at JISCMAIL.AC.UK Wed Jan 9 01:31:49 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: ajennifer11@QWEST.NET requested to join Message-ID: <200201090131.BAA24760@magpie.ecs.soton.ac.uk> Wed, 9 Jan 2002 01:31:49 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "Rev. Christopher B. Garcia" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ajennifer11@QWEST.NET Rev. Christopher B. Garcia PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ajennifer11@QWEST.NET Rev. Christopher B. Garcia // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 9 04:32:36 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: eejs@HAVENEDGE.NET requested to join Message-ID: <200201090432.EAA29886@magpie.ecs.soton.ac.uk> Wed, 9 Jan 2002 04:32:36 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ian Ee You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER eejs@HAVENEDGE.NET Ian Ee PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER eejs@HAVENEDGE.NET Ian Ee // EOJ From nwp at LEMON-COMPUTING.COM Wed Jan 9 10:57:25 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <20020108152908.A26294@alcove.wittsend.com>; from mhw@WITTSEND.COM on Tue, Jan 08, 2002 at 03:29:08PM -0500 References: <3C3B2D20.B43DD5A1@ru.acad.bg> <20020108175444.L20462@lemon-computing.com> <20020108152908.A26294@alcove.wittsend.com> Message-ID: <20020109105725.I8370@lemon-computing.com> On Tue, Jan 08, 2002 at 03:29:08PM -0500, Michael H. Warfield wrote: > Actually there are several that I'm aware and it's a feature which > is a high priority to me. Fair 'nuff, I'll have a look at how we might do it. -- Nick Phillips -- nwp@lemon-computing.com Your fly might be open (but don't check it just now). From jkf at ecs.soton.ac.uk Wed Jan 9 11:25:13 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <20020108214908.A18900@alcove.wittsend.com> References: Message-ID: <5.1.0.14.2.20020109112025.03535c10@hawk.ecs.soton.ac.uk> At 02:49 09/01/2002, you wrote: >On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > > For me it would be fail over. > > Hmmm... Good point. I think. But that's yet another REAL >GOOD reason for multiple scanners. HA failover if one blows chunks. Good idea, folks. You can stop debating the issue now, I'll implement it for the next release :-) The "Virus Scanner" and "Sweep" keywords will become comma/space-separated lists for backward compatibility with existing setups. I'll leave it up to you to ensure that all the values of "Sweep" stay on 1 line. That's about the simplest change I can think of. > Haven't seen anything that would really DoS the scanner. Somewhere >I've got that nasty gzip file "my_god_its_full_of_stars" and I've heard >of the zip of death (but haven't landed myself a copy yet). Any other >known nasties? (I collect them in my cybertoxin zoo.) I've got a little zip file that blows out to 49,000 terabytes. It got mailed to a mailing list which one of my users subscribes to. It tell ya, it takes Sophos a little while to cope with that one! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From paul-w at BLUEYONDER.CO.UK Wed Jan 9 11:48:35 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:14 2006 Subject: AV Software licensing policy References: Message-ID: <00f201c19903$928a8df0$6a0110ac@sbsplc.com> I'm using the currently beta (and therefore free) F-Prot AV software on a single server hosting multiple domains. Presumably F-Prot won't be beta (and therefore free) forever though. I contacted Frisk to enquire as to how long it was likely to be beta for and they said they didn't know, nor had they established pricing for the non-beta product. I know from purchasing AV software for MailSweeper running on NT that most AV vendors specify you buy a licence for each user that's protected, rather than a licence for each physical mail server. I know that is the Sophos policy. Does anyone know whether any of the licensing and pricing policies of the other supported scanners, namely: "mcafee" from www.mcafee.com "command" from www.command.co.uk "kaspersky" from www.kaspersky.com "inoculate" from www.cai.com/products/inoculateit.htm "f-secure" from www.f-secure.com From jkf at ecs.soton.ac.uk Wed Jan 9 11:59:09 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109112025.03535c10@hawk.ecs.soton.ac.uk> References: <20020108214908.A18900@alcove.wittsend.com> Message-ID: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> At 11:25 09/01/2002, you wrote: >At 02:49 09/01/2002, you wrote: >>On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: >> > For me it would be fail over. >> >> Hmmm... Good point. I think. But that's yet another REAL >>GOOD reason for multiple scanners. HA failover if one blows chunks. > >Good idea, folks. You can stop debating the issue now, I'll implement it >for the next release :-) > >The "Virus Scanner" and "Sweep" keywords will become comma/space-separated >lists for backward compatibility with existing setups. I'll leave it up to >you to ensure that all the values of "Sweep" stay on 1 line. That's about >the simplest change I can think of. Has anyone got any better ideas for the keywords than my suggestion above? (Nick doesn't like it...) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Wed Jan 9 12:04:59 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> Message-ID: On Wed, 9 Jan 2002, Julian Field wrote: > At 11:25 09/01/2002, you wrote: > >At 02:49 09/01/2002, you wrote: > >>On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > >> > For me it would be fail over. > >> Hmmm... Good point. I think. But that's yet another REAL > >>GOOD reason for multiple scanners. HA failover if one blows chunks. > >Good idea, folks. You can stop debating the issue now, I'll implement it > >for the next release :-) > > > >The "Virus Scanner" and "Sweep" keywords will become comma/space-separated > >lists for backward compatibility with existing setups. I'll leave it up to > >you to ensure that all the values of "Sweep" stay on 1 line. That's about > >the simplest change I can think of. > > Has anyone got any better ideas for the keywords than my suggestion > above? (Nick doesn't like it...) Making those keywords into lists seemed pretty logical to me. What is the objection? I'd been wondering anyway, is the plan for it to run all of them regardless? Stop after one finds a virus? What? -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From nwp at LEMON-COMPUTING.COM Wed Jan 9 12:05:05 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Wed, Jan 09, 2002 at 11:59:09AM +0000 References: <20020108214908.A18900@alcove.wittsend.com> <5.1.0.14.2.20020109112025.03535c10@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> Message-ID: <20020109120505.O8370@lemon-computing.com> On Wed, Jan 09, 2002 at 11:59:09AM +0000, Julian Field wrote: > >The "Virus Scanner" and "Sweep" keywords will become comma/space-separated > >lists for backward compatibility with existing setups. I'll leave it up to > >you to ensure that all the values of "Sweep" stay on 1 line. That's about > >the simplest change I can think of. > > Has anyone got any better ideas for the keywords than my suggestion above? > (Nick doesn't like it...) More specifically, I like something like: I Cant Think Of A Good Name For This = sophos:/usr/local/bin/sweep I Cant Think Of A Good Name For This = kaspersky:/opt/mailscanner/kaspersky/kasperskywrapper I like this because it's easier to read, easier to comment in and out, and harder to screw up. The option name can't conflict with anything existing, obviously, which makes life a little more difficult. We need to make sure that it's extremely unlikely to confuse anyone (to avoid "so do I set both, or just this, or..."-type questions). Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Don't plan any hasty moves. You'll be evicted soon anyway. From chicks at CHICKS.NET Wed Jan 9 12:21:53 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <20020109121526.P8370@lemon-computing.com> Message-ID: On Wed, 9 Jan 2002, Nick Phillips wrote: > That you have two separate lists which must be kept in the same order. > The consequences of getting it wrong might be that each scanner's > output gets parsed by a parser intended for the other, and as a > result, both fail to recognise the infection reports, and pass a > message as OK. > > Which would be Bad. Ah. Why not make "Virus Scanner" comma-delimited as Julian proposed and replace Sweep with Sweep Sophos = /some/path/to/wrapper Sweep Mcafee = /some/path/to/wrapper Sweep Fprot = /some/path/to/wrapper ... ? > > I'd been wondering anyway, is the plan for it to run all of them > > regardless? Stop after one finds a virus? What? > > I haven't looked at what Jules has done yet, but I'd guess that it'd > just carry on and add all the reports that it gets one after another. That's what I was hoping for. -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From nwp at LEMON-COMPUTING.COM Wed Jan 9 12:15:26 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: ; from chicks@CHICKS.NET on Wed, Jan 09, 2002 at 07:04:59AM -0500 References: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> Message-ID: <20020109121526.P8370@lemon-computing.com> On Wed, Jan 09, 2002 at 07:04:59AM -0500, Christopher Hicks wrote: > > Has anyone got any better ideas for the keywords than my suggestion > > above? (Nick doesn't like it...) > > Making those keywords into lists seemed pretty logical to me. What is the > objection? That you have two separate lists which must be kept in the same order. The consequences of getting it wrong might be that each scanner's output gets parsed by a parser intended for the other, and as a result, both fail to recognise the infection reports, and pass a message as OK. Which would be Bad. Although I haven't checked through to see whether this could actually happen at the moment, it's a possibility at some stage. Even if the worst-case scenario doesn't happen, it would lead to very confusing bug reports/requests for help - "I'm getting a message that says that the F-Prot parser has failed and might have a bug"... > I'd been wondering anyway, is the plan for it to run all of them > regardless? Stop after one finds a virus? What? I haven't looked at what Jules has done yet, but I'd guess that it'd just carry on and add all the reports that it gets one after another. And to disinfect, just run each in the order that they're specified. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will soon forget this. From jkf at ecs.soton.ac.uk Wed Jan 9 12:53:28 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: References: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> At 12:04 09/01/2002, you wrote: >On Wed, 9 Jan 2002, Julian Field wrote: > > At 11:25 09/01/2002, you wrote: > > >At 02:49 09/01/2002, you wrote: > > >>On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > > >> > For me it would be fail over. > > >> Hmmm... Good point. I think. But that's yet another REAL > > >>GOOD reason for multiple scanners. HA failover if one blows chunks. > > >Good idea, folks. You can stop debating the issue now, I'll implement it > > >for the next release :-) > > > > > >The "Virus Scanner" and "Sweep" keywords will become comma/space-separated > > >lists for backward compatibility with existing setups. I'll leave it up to > > >you to ensure that all the values of "Sweep" stay on 1 line. That's about > > >the simplest change I can think of. > >I'd been wondering anyway, is the plan for it to run all of them >regardless? Stop after one finds a virus? What? The plan was to run all of them, regardless of what they find. I guess I could stop after one finds an infection, if you like. Anyone got any thoughts on this? (I'm tempted to just say run them all, and I don't want yet another config option!). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Wed Jan 9 13:03:10 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> Message-ID: On Wed, 9 Jan 2002, Julian Field wrote: > The plan was to run all of them, regardless of what they find. I guess > I could stop after one finds an infection, if you like. Anyone got any > thoughts on this? (I'm tempted to just say run them all, and I don't > want yet another config option!). I vote for run them all. We don't want a virus author to get the idea to put two different viruses in the e-mail in the hope that one will get through. As someone previously mentioned, it'd be really cool to have logging that would be adequate to generate stats on who catches what. :-) -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From evertjan at VANRAMSELAAR.NET Wed Jan 9 13:05:21 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> Message-ID: <22596.80.79.97.7.1010581521.squirrel@mail.vr-it.com> Julian Field said: > The plan was to run all of them, regardless of what they find. I guess > I could stop after one finds an infection, if you like. Anyone got any > thoughts on this? (I'm tempted to just say run them all, and I don't > want yet another config option!). I agree on running them all and add output from all scanners that find a virusto the warning e-mail. Sometimes different scanners have different names for viruses. I also like to keep my current config, so putting multiple instance on the twocurrent config lines would do for me. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From miker at incanta.net Wed Jan 9 15:22:41 2002 From: miker at incanta.net (Mike Rylander) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: References: Message-ID: <02010910224113.17678@lizard2.incanta.net> Or rather Sweep = f-prot, /some/path/to/wrapper Sweep = sophos, /another/path/to/wrapper Sweep = mcafee, /some/other/path/to/wrapper On Wednesday 09 January 2002 07:21, Christopher Hicks wrote: > On Wed, 9 Jan 2002, Nick Phillips wrote: > > That you have two separate lists which must be kept in the same order. > > The consequences of getting it wrong might be that each scanner's > > output gets parsed by a parser intended for the other, and as a > > result, both fail to recognise the infection reports, and pass a > > message as OK. > > > > Which would be Bad. > > Ah. Why not make "Virus Scanner" comma-delimited as Julian proposed and > replace Sweep with > Sweep Sophos = /some/path/to/wrapper > Sweep Mcafee = /some/path/to/wrapper > Sweep Fprot = /some/path/to/wrapper > ... > ? > > > > I'd been wondering anyway, is the plan for it to run all of them > > > regardless? Stop after one finds a virus? What? > > > > I haven't looked at what Jules has done yet, but I'd guess that it'd > > just carry on and add all the reports that it gets one after another. > > That's what I was hoping for. > > -- > > > Neither sweat, nor blood, nor frustration, or lousy manuals > nor missing parts, or wrong parts shall keep me from my task. -- Mike Rylander Senior Systems Engineer Incanta, Inc. 404.845.4147 miker@incanta.net miker-pager@incanta.net From chicks at CHICKS.NET Wed Jan 9 16:10:08 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <02010910224113.17678@lizard2.incanta.net> Message-ID: On Wed, 9 Jan 2002, Mike Rylander wrote: > On Wednesday 09 January 2002 07:21, Christopher Hicks wrote: > > On Wed, 9 Jan 2002, Nick Phillips wrote: > > > Which would be Bad. > > > > Ah. Why not make "Virus Scanner" comma-delimited as Julian > > proposed and replace Sweep with > > Sweep Sophos = /some/path/to/wrapper > > Sweep Mcafee = /some/path/to/wrapper > > Sweep Fprot = /some/path/to/wrapper > > ... > > ? > > Or rather > > Sweep = f-prot, /some/path/to/wrapper > Sweep = sophos, /another/path/to/wrapper > Sweep = mcafee, /some/other/path/to/wrapper But that conflicts with the current Sweep config variable which would give folks the opportunity to set it the old way thinking nothing was changed. From LISTSERV at JISCMAIL.AC.UK Wed Jan 9 16:13:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: rbremer@FUTURE-GATE.COM requested to join Message-ID: <200201091613.QAA08245@magpie.ecs.soton.ac.uk> Wed, 9 Jan 2002 16:13:33 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ronny Bremer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rbremer@FUTURE-GATE.COM Ronny Bremer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rbremer@FUTURE-GATE.COM Ronny Bremer // EOJ From miker at incanta.net Wed Jan 9 16:17:47 2002 From: miker at incanta.net (Mike Rylander) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: References: Message-ID: <02010911174714.17678@lizard2.incanta.net> On Wednesday 09 January 2002 11:10, Christopher Hicks wrote: > On Wed, 9 Jan 2002, Mike Rylander wrote: > > On Wednesday 09 January 2002 07:21, Christopher Hicks wrote: > > > On Wed, 9 Jan 2002, Nick Phillips wrote: > > > > Which would be Bad. > > > > > > Ah. Why not make "Virus Scanner" comma-delimited as Julian > > > proposed and replace Sweep with > > > Sweep Sophos = /some/path/to/wrapper > > > Sweep Mcafee = /some/path/to/wrapper > > > Sweep Fprot = /some/path/to/wrapper > > > ... > > > ? > > > > Or rather > > > > Sweep = f-prot, /some/path/to/wrapper > > Sweep = sophos, /another/path/to/wrapper > > Sweep = mcafee, /some/other/path/to/wrapper > > But that conflicts with the current Sweep config variable which would give > folks the opportunity to set it the old way thinking nothing was changed. > From what I can recall, there aren't any config parameters that are > repeatedable currently, so the config reader may puke on it too. Not necessarily... image this code... if (/\s*Virus Scanner\s*=\s*(\S+)/) { $Config::VirusScanner = $1; # ... I dont know the real variable name ... } if (/\s*Sweep\s*=\s*(\S+),\s*(\S*)\s*$/) { $Config::VirusScanner = $1; # ... I dont know the real variable name ... $Config::Sweep = $2; # ... again ... } elsif (/\s*Sweep\s*=\s*(\S+) && $Config::VirusScanner) { $Config::Sweep = $2; } -- Mike Rylander Senior Systems Engineer Incanta, Inc. 404.845.4147 miker@incanta.net miker-pager@incanta.net From jkf at ecs.soton.ac.uk Wed Jan 9 16:20:56 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: References: <02010910224113.17678@lizard2.incanta.net> Message-ID: <5.1.0.14.2.20020109161437.00b1d5e8@hawk.ecs.soton.ac.uk> At 16:10 09/01/2002, you wrote: >On Wed, 9 Jan 2002, Mike Rylander wrote: > > Or rather > > > > Sweep = f-prot, /some/path/to/wrapper > > Sweep = sophos, /another/path/to/wrapper > > Sweep = mcafee, /some/other/path/to/wrapper > >But that conflicts with the current Sweep config variable which would give >folks the opportunity to set it the old way thinking nothing was changed. > From what I can recall, there aren't any config parameters that are >repeatedable currently, so the config reader may puke on it too. The "Spam List" is repeatable already. The above would work, with any "Sweep" definition that doesn't contain a comma being the default value (for backward compatibility). The docs would be changed to reflect the new syntax. The only problem with it is explaining it in the docs in such a way that it doesn't confuse users who are "hard of understanding" or "hard of reading" which includes quite a lot of people, unfortunately (I'm not being patronising here, just you should see some of the queries I get in my mail!). I guess I could supply a sample mailscanner.conf which includes definitions for all of them, so all the user has to do is possibly tweak one of the lines leaving the rest untouched. Still not sure though, my original comma-separated list has a certain nice simplicity to it, and it's far easier to explain in the docs as it is such a simple solution. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From miker at incanta.net Wed Jan 9 16:32:08 2002 From: miker at incanta.net (Mike Rylander) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <02010911174714.17678@lizard2.incanta.net> References: <02010911174714.17678@lizard2.incanta.net> Message-ID: <02010911320815.17678@lizard2.incanta.net> On Wednesday 09 January 2002 11:17, Mike Rylander wrote: > On Wednesday 09 January 2002 11:10, Christopher Hicks wrote: > > On Wed, 9 Jan 2002, Mike Rylander wrote: > > > On Wednesday 09 January 2002 07:21, Christopher Hicks wrote: > > > > On Wed, 9 Jan 2002, Nick Phillips wrote: > > > > > Which would be Bad. > > > > > > > > Ah. Why not make "Virus Scanner" comma-delimited as Julian > > > > proposed and replace Sweep with > > > > Sweep Sophos = /some/path/to/wrapper > > > > Sweep Mcafee = /some/path/to/wrapper > > > > Sweep Fprot = /some/path/to/wrapper > > > > ... > > > > ? > > > > > > Or rather > > > > > > Sweep = f-prot, /some/path/to/wrapper > > > Sweep = sophos, /another/path/to/wrapper > > > Sweep = mcafee, /some/other/path/to/wrapper > > > > But that conflicts with the current Sweep config variable which would > > give folks the opportunity to set it the old way thinking nothing was > > changed. From what I can recall, there aren't any config parameters that > > are repeatedable currently, so the config reader may puke on it too. > > Not necessarily... image this code... > > if (/\s*Virus Scanner\s*=\s*(\S+)/) { > $Config::VirusScanner = $1; # ... I dont know the real variable > name ... } > > if (/\s*Sweep\s*=\s*(\S+),\s*(\S*)\s*$/) { > $Config::VirusScanner = $1; # ... I dont know the real variable > name ... $Config::Sweep = $2; # ... again ... > } elsif (/\s*Sweep\s*=\s*(\S+) && $Config::VirusScanner) { > $Config::Sweep = $2; err, opps... $Config::Sweep = $1; > } > > > -- > Mike Rylander > Senior Systems Engineer > Incanta, Inc. > 404.845.4147 > miker@incanta.net > miker-pager@incanta.net -- Mike Rylander Senior Systems Engineer Incanta, Inc. 404.845.4147 miker@incanta.net miker-pager@incanta.net From rbremer at FUTURE-GATE.COM Wed Jan 9 16:43:22 2002 From: rbremer at FUTURE-GATE.COM (Ronny Bremer) Date: Thu Jan 12 21:14:14 2006 Subject: question about Kaspersky Message-ID: I was trying to get KAV working with the latest code of MailScanner. It does detect viruses but as of today KAV is unable to disinfect/delete viruses from mail archives or packed files. I talked to their support and they where unable to give me a good answer. I will try to get more information from a Linux specialist at KAV Russia. What troubles me though, if KAV is able to detect a virus in one of the mail attachments, can't sweep.pl remove it during the second run of the scanner (after checking for bad file names and trying to disinfect)? That way even though the virus scanner was unable to delete the file it will be still gone. What happened to me is that the mail passed MailScanner even though it was infected! Any help would be highly appreciated. Ronny From nwp at LEMON-COMPUTING.COM Wed Jan 9 16:53:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109161437.00b1d5e8@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Wed, Jan 09, 2002 at 04:20:56PM +0000 References: <02010910224113.17678@lizard2.incanta.net> <5.1.0.14.2.20020109161437.00b1d5e8@hawk.ecs.soton.ac.uk> Message-ID: <20020109165340.X8370@lemon-computing.com> On Wed, Jan 09, 2002 at 04:20:56PM +0000, Julian Field wrote: > >But that conflicts with the current Sweep config variable which would give > The "Spam List" is repeatable already. The above would work, with any > "Sweep" definition that doesn't contain a comma being the default value > (for backward compatibility). The docs would be changed to reflect the new > syntax. > The only problem with it is explaining it in the docs in such a way that it > doesn't confuse users who are "hard of understanding" or "hard of reading" > which includes quite a lot of people, unfortunately (I'm not being > patronising here, just you should see some of the queries I get in my > mail!). I guess I could supply a sample mailscanner.conf which includes > definitions for all of them, so all the user has to do is possibly tweak > one of the lines leaving the rest untouched. A Good Plan, I think. How about: #MultiSweep = none #MultiSweep = sophos:/path/to/sophoswrapper #MultiSweep = f-prot:/path/to/f-protwrapper #MultiSweep = f-secure:/path/to/f-securewrapper #MultiSweep = kaspersky:/path/to/kasperskywrapper ...with a nice big friendly comment explaining what to do above it? -- Nick Phillips -- nwp@lemon-computing.com Be careful! Is it classified? From nwp at LEMON-COMPUTING.COM Wed Jan 9 18:04:08 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: question about Kaspersky In-Reply-To: ; from rbremer@FUTURE-GATE.COM on Wed, Jan 09, 2002 at 05:43:22PM +0100 References: Message-ID: <20020109180408.Y8370@lemon-computing.com> On Wed, Jan 09, 2002 at 05:43:22PM +0100, Ronny Bremer wrote: > I was trying to get KAV working with the latest code of MailScanner. It > does detect viruses but as of today KAV is unable to disinfect/delete > viruses from mail archives or packed files. > What troubles me though, if KAV is able to detect a virus in one of the > mail attachments, can't sweep.pl remove it during the second run of the > scanner (after checking for bad file names and trying to disinfect)? > That way even though the virus scanner was unable to delete the file it > will be still gone. What happened to me is that the mail passed > MailScanner even though it was infected! OK, well this certainly shouldn't happen. The way mailscanner should work when trying to disinfect is to: 1) run the scanner on all attachments; 2) run the disinfector over them if any infections were found; 3) rescan all attachments; 4) send the message on without any still-infected attachments. I wasn't able to do a decent test of kaspersky, as the version I have won't disinfect anyway, so it'll be good to get this sorted out properly. Could you send me a copy of the still-infected message (with all headers) and all the syslog messages generated by mailscanner while processing it, please? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Be careful! UGLY strikes 9 out of 10! From LISTSERV at JISCMAIL.AC.UK Wed Jan 9 18:11:27 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: bergo@SEUL.ORG left the JISCmail list Message-ID: <200201091811.SAA16722@magpie.ecs.soton.ac.uk> Wed, 9 Jan 2002 18:11:27 Felipe Bergo has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From sevans at FOUNDATION.SDSU.EDU Wed Jan 9 19:33:58 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:14 2006 Subject: MRTG Not Reporting Viruses Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A76C9@foundation.foundation.sdsu.edu> MRTG is correctly reporting the number of e-mails I get but it is reporting 0 for the number of viruses that goes through it. I know it is more because I have purposely sent viruses through it. Any idea what is going on? Steve From thope at bthsolutions.com Wed Jan 9 21:42:21 2002 From: thope at bthsolutions.com (Terry Hope) Date: Thu Jan 12 21:14:14 2006 Subject: autoupdate not working after MAILSCANNER upgrade In-Reply-To: <5.1.0.14.2.20020108192440.02b95280@hawk.ecs.soton.ac.uk> Message-ID: <001c01c19956$8578acc0$1b806d0c@sterlingcourier.com> thanks - that seemed to do it - glad it was so easy. Thanks for a great program! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, January 08, 2002 2:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: autoupdate not working after MAILSCANNER upgrade At 17:30 08/01/2002, you wrote: >when /usr/local/mcafee/autoupdate is executed, I get: > >Global symbol "$DATDir" requires explicit package name at ./autoupdate line >123. >Execution of ./autoupdate aborted due to compilation errors. Sorry, typo in that script that hasn't been spotted before. You can safely comment out that line (it just prints stuff). Just either delete the line or put a "#" symbol at the beginning of the line. Sorry! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Thu Jan 10 00:02:36 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:14 2006 Subject: New Version Working Great Message-ID: I installed the new 3.02-1 version yesterday. It's been running without problems for the last 24 hours. Using the earlier 3.0x-x version mailscanner died in less than 5 minutes. I have also installed and enabled spamassassin. For some reason it wasn't working with mailscanner (even 2.60). I reinstalled and it's also functioning properly. It may have had something to do with updating perl from 5.6.0 to 5.6.1??? If anything spamassassin is a little too aggresive. I will have to tone it down a little!!! Kudo's to the MailScanner team!!! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From carl at CAPAHO.COM Thu Jan 10 02:52:16 2002 From: carl at CAPAHO.COM (Carl Hogue) Date: Thu Jan 12 21:14:14 2006 Subject: 3.02-1 Fatal Error with F-prot Message-ID: After updating to 3.02-1 on my RAQ-3, when mailscanner attempts to invoke f-prot, mailscanner stops running and generates the following error message: FATAL: Read http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at /usr/local/MailScanner/bin/logger.pl line 60. F-prot works fine when invoked from the command line using the f-prot or f-protwrapper commands, as well as from a cron file, but it's not working with mailscanner. Best Regards, Carl Hogue From mhw at WITTSEND.COM Thu Jan 10 03:34:11 2002 From: mhw at WITTSEND.COM (Michael H. Warfield) Date: Thu Jan 12 21:14:14 2006 Subject: Commercial virus checker failed ... In-Reply-To: <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020109115805.034f5438@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020109125222.034f2828@hawk.ecs.soton.ac.uk> Message-ID: <20020109223411.A29550@alcove.wittsend.com> On Wed, Jan 09, 2002 at 12:53:28PM +0000, Julian Field wrote: > At 12:04 09/01/2002, you wrote: > >On Wed, 9 Jan 2002, Julian Field wrote: > >> At 11:25 09/01/2002, you wrote: > >> >At 02:49 09/01/2002, you wrote: > >> >>On Wed, Jan 09, 2002 at 09:44:37AM +1000, Scott Farrell wrote: > >> >> > For me it would be fail over. > >> >> Hmmm... Good point. I think. But that's yet another REAL > >> >>GOOD reason for multiple scanners. HA failover if one blows chunks. > >> >Good idea, folks. You can stop debating the issue now, I'll implement it > >> >for the next release :-) > >> > > >> >The "Virus Scanner" and "Sweep" keywords will become > >comma/space-separated > >> >lists for backward compatibility with existing setups. I'll leave it up > >to > >> >you to ensure that all the values of "Sweep" stay on 1 line. That's > >about > >> >the simplest change I can think of. > > > >I'd been wondering anyway, is the plan for it to run all of them > >regardless? Stop after one finds a virus? What? > > The plan was to run all of them, regardless of what they find. I guess I > could stop after one finds an infection, if you like. Anyone got any > thoughts on this? (I'm tempted to just say run them all, and I don't want > yet another config option!). I have to chime in and agree with all the others. Run them all. It's one of those things that, if it's that valuable to some of us, we can throw more horsepower at it. If it's not that valuable, that what the configuration file is there for, to turn off the ones we don't want to run. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jbayer at bayerfamily.net Thu Jan 10 03:52:20 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:14 2006 Subject: Virus count??? Message-ID: <11126148349.20020109225220@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello MAILSCANNER, I'm running Mailscanner with F-prot. I've noticed that whenever it finds a virus in a message it seems to report 2 viruses found, even though only one was in the message. Any ideas? JBB Jonathan B. Bayer mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw9D/QACgkQLWek1tt+K50vLgCfb325CUd3ivHMIK6VpbcKgwb3 9NoAn0zeBfkyxkKrGf+JD5fha0zffVoV =HVk8 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: vCard.vcf Type: text/x-vcard Size: 613 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020109/302687a1/vCard.vcf From carl at CAPAHO.COM Thu Jan 10 05:17:14 2002 From: carl at CAPAHO.COM (Carl Hogue) Date: Thu Jan 12 21:14:14 2006 Subject: 3.02-1 Fatal Error with F-prot Message-ID: Oops. Sorry, nevermind. It seems I had not changed the "Minimum Code Status" setting in the config file. It should have been set to "beta" for f-prot, but was at the default "supported." Having changed this to the appropriate "beta" setting, mailscanner now appears to be working fine with f-prot on my RAQ-3. Best Regards, Carl Hogue From LISTSERV at JISCMAIL.AC.UK Thu Jan 10 04:25:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: lance@LJCINTERACTIVE.COM requested to join Message-ID: <200201100425.EAA20114@magpie.ecs.soton.ac.uk> Thu, 10 Jan 2002 04:25:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Lance Caswell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER lance@LJCINTERACTIVE.COM Lance Caswell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER lance@LJCINTERACTIVE.COM Lance Caswell // EOJ From jkf at ecs.soton.ac.uk Thu Jan 10 10:28:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: New Version Working Great In-Reply-To: Message-ID: <5.1.0.14.2.20020110102750.03cb5e18@imap.ecs.soton.ac.uk> At 00:02 10/01/2002, you wrote: >I have also installed and enabled spamassassin. For some reason it wasn't >working with mailscanner (even 2.60). That's because 2.60 didn't support SpamAssassin :-) > I reinstalled and it's also >functioning properly. It may have had something to do with updating perl >from 5.6.0 to 5.6.1??? Quite possibly. >If anything spamassassin is a little too aggresive. I will have to tone >it down a little!!! Change the required_hits value in /.spamassassin.cf >Kudo's to the MailScanner team!!! All 1 and a bit of us ;-) Thanks! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Thu Jan 10 12:47:30 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:14 2006 Subject: New Version Working Great In-Reply-To: <5.1.0.14.2.20020110102750.03cb5e18@imap.ecs.soton.ac.uk> Message-ID: On Thu, 10 Jan 2002, Julian Field wrote: > At 00:02 10/01/2002, you wrote: > >I have also installed and enabled spamassassin. For some reason it wasn't > >working with mailscanner (even 2.60). > > That's because 2.60 didn't support SpamAssassin :-) Actually, that was a typo...I meant that I couldn't get spam checking to work with 2.6. I never had a single message flagged no matter what I tried. > >Kudo's to the MailScanner team!!! > > All 1 and a bit of us ;-) > Thanks! OK, thanks to the 1 and a bit team!!! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From sfarrell at ICCONSULTING.COM.AU Thu Jan 10 14:34:20 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:14 2006 Subject: MailScanner team Message-ID: I'd say there is atleast a 2.5 head count for team MailScanner . I'd say Nick counts for atleast 0.5 head count - if not more. Everyone else chipping in support now and again, and to those that helped with new scanner definitions (I guess you really need to subtract people asking for support for the new features), anyway, say 0.5 head count. And Julian has to count as atleast 1.5 head count ..... new versions, super support, etc etc (he even does site upgrades and debugging for other people, on their server, if you are lucky). Thanks for your great work Julian and Nick ps. I hope I haven't forgotten anyone major.. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Gerry Doris Sent by: MailScanner mailing list 10/01/2002 10:47 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: New Version Working Great On Thu, 10 Jan 2002, Julian Field wrote: > At 00:02 10/01/2002, you wrote: > >I have also installed and enabled spamassassin. For some reason it wasn't > >working with mailscanner (even 2.60). > > That's because 2.60 didn't support SpamAssassin :-) Actually, that was a typo...I meant that I couldn't get spam checking to work with 2.6. I never had a single message flagged no matter what I tried. > >Kudo's to the MailScanner team!!! > > All 1 and a bit of us ;-) > Thanks! OK, thanks to the 1 and a bit team!!! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020111/ff2a7123/attachment.html From j.ramirez at ELPORTALDEINTERNET.COM Thu Jan 10 13:31:48 2002 From: j.ramirez at ELPORTALDEINTERNET.COM (J. Ramirez) Date: Thu Jan 12 21:14:14 2006 Subject: How to unsubcribe from this list? References: Message-ID: <002201c199db$29c5c900$062339c3@elportal> I just want to know How to unsubcribe from this list, thanks. -- Javier Ram?rez Molina Departamento de programaci?n de El Portal de Internet Parque Tecnologico de Andalucia, Edif. Bic Euronova -------------------------------------------------------------- Tel.: +34 952 02 83 20 - 902 152 861 Fax: 952 02 81 89 E-mail:j.ramirez@elportaldeinternet.com http://www.elportaldeinternet.com -------------------------------------------------------------- ----- Mensaje original ----- De: "Paul Haldane" Para: Enviado: lunes, 24 de septiembre de 2001 11:47 Asunto: Enhancement request > We're using Mailscanner in test service on one of our mail hubs and > would like to move to using it on all of them replacing a home grown > solution based on sendmail's filters. > > One facility that our local stuff has that Mailscanner doesn't have (I > think) is the ability to rename attachments as they pass through - for > example we currently rename attachments such as "thing.exe" to > "thing_exe". Idea being to make executable attachments non-executable > (at least without a fair amount of effort by the recipient) even with > files that have been passed as clean by the virus checker. There is > is concern here over possible time lags between viruses/worms being > active and signatures for that virus/worm being in the anti-virus > software. > > I know we could just reject such attachments using the filename rules > but we'd rather not do that. Would other sites find this useful (as > an option)? Is it something that could be added easily? I'm guessing > (without a proper look at the code) that it should be possible since > Mailscanner has to get the attachment filename to apply the filename > rules. > > Paul > -- > Paul Haldane > Computing Service > University of Newcastle From carl at CAPAHO.COM Thu Jan 10 14:30:54 2002 From: carl at CAPAHO.COM (Carl Hogue) Date: Thu Jan 12 21:14:14 2006 Subject: AV Software licensing policy Message-ID: On Wed, 9 Jan 2002 11:48:35 -0000, Paul Welsh wrote: >I'm using the currently beta (and therefore free) F-Prot AV software on a >single server hosting multiple domains. Presumably F-Prot won't be beta >(and therefore free) forever though. I contacted Frisk to enquire as to how >long it was likely to be beta for and they said they didn't know, nor had >they established pricing for the non-beta product. > >I know from purchasing AV software for MailSweeper running on NT that most >AV vendors specify you buy a licence for each user that's protected, rather >than a licence for each physical mail server. I know that is the Sophos >policy. Does anyone know whether any of the licensing and pricing policies >of the other supported scanners, namely: > >"mcafee" from www.mcafee.com >"command" from www.command.co.uk >"kaspersky" from www.kaspersky.com >"inoculate" from www.cai.com/products/inoculateit.htm >"f-secure" from www.f-secure.com I initially tested MailScanner with Sophos and liked the way it worked, but Sophos licensing schemes were a bit confusing, inflexible and expensive for our needs. It worked out to about USD $450 for a one-year 25-user SAVI license, which I was told is the minimum for using Sophos on a mail server. The SAVI license, however, does not permit use on desktops. McAfee, NAV, and F-secure all have similar licensing schemes for commercial users. There doesn't seem to be a significant price difference between them when you get into the details. I am now evaluating MailScanner with f-prot and the latest release is working as well as it did with Sophos. The Linux beta version of f-prot is free, but once it reaches final release version, if the licensing scheme is the same as for the Windows version, that will be much more acceptable to our small company than the others. For the Windows version, Frisk charges $2 per computer with a 20 computer minimum, so that comes to $40 per year for a minimum users license. Hopefully, the Linux version licensing for f- prot will be consistent with the Windows version. If it is, f-prot will definately be our choice. Best Regards, Carl Hogue From hyooga at WT.NET Thu Jan 10 15:42:11 2002 From: hyooga at WT.NET (Paul) Date: Thu Jan 12 21:14:14 2006 Subject: Marking spam! Message-ID: <200201101539.g0AFdTw20449@smtp3.wt.net> Hi, I have put my domainname in the spam.whitelist.conf file. However, mailscanner still marks the some of the mail as spam. Do i need to adjust the spamassassin.cf rules. Here is the config in mailscanner.conf: Spam Checks = yes Spam Header = SpamCheck: Spam Modify Subject = yes Spam Subject Text = {POSSIBLE SPAM} Use SpamAssassin = yes Max SpamAssassin Size = 100000 SpamAssassin Timeout = 120 ---line cut --- Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf Any suggestions? Thanks guys Paul -- This message has been scanned for viruses and dangerous content, is found to be clean. From LISTSERV at JISCMAIL.AC.UK Thu Jan 10 18:01:59 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: marc@CALIBREDIGITAL.COM requested to join Message-ID: <200201101801.SAA07792@magpie.ecs.soton.ac.uk> Thu, 10 Jan 2002 18:01:59 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "Marc.Anthony Barrette" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER marc@CALIBREDIGITAL.COM Marc.Anthony Barrette PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER marc@CALIBREDIGITAL.COM Marc.Anthony Barrette // EOJ From splee at PLEXIO.COM Thu Jan 10 18:12:04 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages Message-ID: <1010686326.1571.28.camel@ralph.plexio.private> Hi, I am running MailScanner 3.02-1 and F-prot on a Trustix 1.5 / Exim 3.34 / Perl 5.61 system (Trustix is hardened and leaner version of RedHat). I have 2 issues: 1. Whenever check_mailscanner restarts via cron, it puts out the following messages: Commercial virus checker failed with real error: Can't run commercial checker: Permission denied at /usr/local/MailScanner/bin/sweep.pl line 302. Commercial virus checker failed with real error: Can't run commercial disinfector: Permission denied at /usr/local/MailScanner/bin/sweep.pl line 743. Commercial virus checker failed with real error: Can't run commercial checker: Permission denied at /usr/local/MailScanner/bin/sweep.pl line 302. Undefined subroutine &main::DieLog called at /usr/local/MailScanner/bin/mailscanner line 288. It seems that check_mailscanner, or some code it is calling, is looking for other AV scanners. This is a snippet of my mailscanner.conf: Virus Scanner = f-prot Sweep = /usr/local/MailScanner/bin/f-protwrapper Minimum Code Status = beta Is there switch I missed during configuration? 2. My second issue concerns unparsible messages. I have received a couple of messages looking somthing like this: The following e-mail messages were found to have viruses in them: Sender: Recipient: userx@efg.com Subject: MessageID: 16Oaa0-0003o3-00 Report: Could not parse message 16Oaa0-0003o3-00 -- MailScanner Email Virus Scanner They are multipart MIME messages containing text, html and a word document and is generated in Outlook Express. The mail are coming from legit senders. From the report sent by MailScanner to the postmaster, I am guessing it can't parse and disect the multipart MIME components. If there was a virus in the Word document, wouldn't that generate a different message? I would appreciate any comments or suggestions on fixing the 2 problems, especially the second one. Thanks, Stephen From jkf at ecs.soton.ac.uk Thu Jan 10 18:17:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <1010686326.1571.28.camel@ralph.plexio.private> Message-ID: <5.1.0.14.2.20020110181430.02e13e80@hawk.ecs.soton.ac.uk> At 18:12 10/01/2002, you wrote: >It seems that check_mailscanner, or some code it is calling, is looking >for other AV scanners. This is a snippet of my mailscanner.conf: > >Virus Scanner = f-prot >Sweep = /usr/local/MailScanner/bin/f-protwrapper >Minimum Code Status = beta The path should be /usr/local/f-prot/bin/f-protwrapper. >2. My second issue concerns unparsible messages. I have received a >couple of messages looking somthing like this: > >The following e-mail messages were found to have viruses in them: > > Sender: >Recipient: userx@efg.com > Subject: >MessageID: 16Oaa0-0003o3-00 > Report: Could not parse message 16Oaa0-0003o3-00 >-- >MailScanner >Email Virus Scanner > >They are multipart MIME messages containing text, html and a word >document and is generated in Outlook Express. The mail are coming from >legit senders. From the report sent by MailScanner to the postmaster, I >am guessing it can't parse and disect the multipart MIME components. If >there was a virus in the Word document, wouldn't that generate a >different message? It is a problem caused by certain versions of Outlook (and Outlook Express) generating "Microsoft Outlook Rich Text Format" messages that the TNEF decoder can't cope with. You have a few choices: either get your users to use HTML for pretty messages instead of Microsoft's proprietary "Outlook Rich Text Format" (which only other copies of Outlook can read anyway), or you can make MailScanner "Deliver Unparsable Messages" (there's an option in the Advanced section at the bottom of mailscanner.conf to set this). Of course setting this option means that viruses in unparsable messages cannot be detected, but it will mean that no mail gets bounced for this reason. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From splee at PLEXIO.COM Thu Jan 10 19:04:06 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <5.1.0.14.2.20020110181430.02e13e80@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020110181430.02e13e80@hawk.ecs.soton.ac.uk> Message-ID: <1010689448.1571.46.camel@ralph.plexio.private> On Thu, 2002-01-10 at 10:17, Julian Field wrote: > >2. My second issue concerns unparsible messages. I have received a > >couple of messages looking somthing like this: > > > >The following e-mail messages were found to have viruses in them: > > > > Sender: > >Recipient: userx@efg.com > > Subject: > >MessageID: 16Oaa0-0003o3-00 > > Report: Could not parse message 16Oaa0-0003o3-00 > >-- > >MailScanner > >Email Virus Scanner > > > >They are multipart MIME messages containing text, html and a word > >document and is generated in Outlook Express. The mail are coming from > >legit senders. From the report sent by MailScanner to the postmaster, I > >am guessing it can't parse and disect the multipart MIME components. If > >there was a virus in the Word document, wouldn't that generate a > >different message? > > It is a problem caused by certain versions of Outlook (and Outlook Express) > generating "Microsoft Outlook Rich Text Format" messages that the TNEF > decoder can't cope with. > > You have a few choices: either get your users to use HTML for pretty > messages instead of Microsoft's proprietary "Outlook Rich Text Format" > (which only other copies of Outlook can read anyway), or you can make > MailScanner "Deliver Unparsable Messages" (there's an option in the > Advanced section at the bottom of mailscanner.conf to set this). Of course > setting this option means that viruses in unparsable messages cannot be > detected, but it will mean that no mail gets bounced for this reason. > -- Thanks. It turns out that tnef was poining to tnef.solaris instead of tnef.linux but even with that fixed and mailscanner restarted I still get the unparsable bounces. This happens with any message containing mime attachments. F-prot produces a no virus found message but MailScanner still quarantines it. Could I have misconfigured some perl modules: MIME-tools 5.411 Mail 1.14 File::Spec 0.82 MIME::Lite 2.117 MIME::Base64 2.12 IO-stringy 2.108 MD5 2.02 Digest::MD5 2.16 Net::SSLeay 1.07 Thanks, Stephen From splee at PLEXIO.COM Thu Jan 10 20:01:06 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <1010689448.1571.46.camel@ralph.plexio.private> References: <5.1.0.14.2.20020110181430.02e13e80@hawk.ecs.soton.ac.uk> <1010689448.1571.46.camel@ralph.plexio.private> Message-ID: <1010692867.1571.59.camel@ralph.plexio.private> > > Thanks. It turns out that tnef was poining to tnef.solaris instead of > tnef.linux but even with that fixed and mailscanner restarted I still > get the unparsable bounces. This happens with any message containing > mime attachments. F-prot produces a no virus found message but > MailScanner still quarantines it. Could I have misconfigured some perl > modules: > > MIME-tools 5.411 > Mail 1.14 > File::Spec 0.82 > MIME::Lite 2.117 > MIME::Base64 2.12 > IO-stringy 2.108 > MD5 2.02 > Digest::MD5 2.16 > Net::SSLeay 1.07 > > Thanks, > Stephen I found the problem: Jan 10 11:44:13 mail mailscanner[16731]: Cannot parse /var/spool/MailScanner/incoming/16Ol6z-0004Sa-00.header and /var/spool/exim_incoming/input/16Ol6z-0004Sa-00-D, Can't locate MIME/Decoder/NBit.pm in @INC (@INC contains: /usr/local/MailScanner/bin /usr/local/lib/perl5/5.6.1/i586-linux /usr/local/lib/perl5/5.6.1 /usr/local/lib/perl5/site_perl/5.6.1/i586-linux /usr/local/lib/perl5/site_perl/5.6.1 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/site_perl/5.6.1/MIME/Decoder.pm line 171. Jan 10 11:44:13 mail mailscanner[16731]: Scanned 1 messages, 100628 bytes in 0 seconds Jan 10 11:44:13 mail mailscanner[16731]: Saved entire message to /var/spool/MailScanner/quarantine/20020110/16Ol6z-0004Sa-00 Jan 10 11:44:13 mail mailscanner[16731]: Deleting unparsable message 16Ol6z-0004Sa-00 from queue Perl can't find NBit.pm. The default module config put it in /usr/local/lib/perl5/site_perl/5.6.1/MIME/Decoder/NBit.pm I tried placing a link to NBit.pm from /usr/local/lib/perl5/5.6.1/i586-linux but that didn't work. Is there some where else to adjust to get perl or MailScanner to find NBit.pm? Thanks, Stephen From paal at NKI.NO Thu Jan 10 21:34:44 2002 From: paal at NKI.NO (Paal Hagerup) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying Message-ID: <3C3E08F4.9030704@nki.no> Hi! Sometimes mailscanner dies leaving this message in the log: Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a bug in MailScanner's F-Prot Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or F-Prot's output format has changed! Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author of MailScanner! I have to remove the offending mail from mqueue.in to get it going again. I have a sample of the last mail that made it die if someone (Julian?) wants to have a look. Paal Hagerup From splee at PLEXIO.COM Fri Jan 11 00:54:38 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages - Solved In-Reply-To: <1010692867.1571.59.camel@ralph.plexio.private> References: <5.1.0.14.2.20020110181430.02e13e80@hawk.ecs.soton.ac.uk> <1010689448.1571.46.camel@ralph.plexio.private> <1010692867.1571.59.camel@ralph.plexio.private> Message-ID: <1010710479.1653.91.camel@ralph.plexio.private> On Thu, 2002-01-10 at 12:01, Stephen Lee wrote: > > I found the problem: > > Jan 10 11:44:13 mail mailscanner[16731]: Cannot parse > /var/spool/MailScanner/incoming/16Ol6z-0004Sa-00.header and > /var/spool/exim_incoming/input/16Ol6z-0004Sa-00-D, Can't locate > MIME/Decoder/NBit.pm in @INC (@INC contains: /usr/local/MailScanner/bin > /usr/local/lib/perl5/5.6.1/i586-linux /usr/local/lib/perl5/5.6.1 > /usr/local/lib/perl5/site_perl/5.6.1/i586-linux > /usr/local/lib/perl5/site_perl/5.6.1 /usr/local/lib/perl5/site_perl .) > at /usr/local/lib/perl5/site_perl/5.6.1/MIME/Decoder.pm line 171. > Jan 10 11:44:13 mail mailscanner[16731]: Scanned 1 messages, 100628 > bytes in 0 seconds > Jan 10 11:44:13 mail mailscanner[16731]: Saved entire message to > /var/spool/MailScanner/quarantine/20020110/16Ol6z-0004Sa-00 > Jan 10 11:44:13 mail mailscanner[16731]: Deleting unparsable message > 16Ol6z-0004Sa-00 from queue > > > Perl can't find NBit.pm. The default module config put it in > /usr/local/lib/perl5/site_perl/5.6.1/MIME/Decoder/NBit.pm > > I tried placing a link to NBit.pm from > /usr/local/lib/perl5/5.6.1/i586-linux but that didn't work. Is there > some where else to adjust to get perl or MailScanner to find NBit.pm? > After stewing in my own juices (figuratively of course) for a while and learning a whole bunch of stuff on Perl module management I discovered that the path to the above "missing" module was blocked from non-root access. Duh! The Eicar test works nicely now and other non-infected mime attachments seem to be unmolested. On to SpamAssassin... I sure hope F-Prot for Linux stays reasonably priced ;-) Thanks for making F-Prot work with MailScanner! Stephen From carl at CAPAHO.COM Fri Jan 11 05:42:44 2002 From: carl at CAPAHO.COM (Carl Hogue) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot Message-ID: During testing of MailScanner 3.02-1 and f-prot with the EICAR test file in combination with disallowed file extensions, the virus report and the file extension report are run together in the same line. I did not see this problem with Sophos: The virus detector said this about the message: Report: /var/spool/MailScanner/incoming/WAA30563/virus-scan-test.txt.pif Infection: EICAR_Test_FileShortcuts to MS-Dos programs are very dangerous in email in virus-scan-test.txt.pif Best Regards, Carl Hogue From ntk at ru.acad.bg Fri Jan 11 06:31:48 2002 From: ntk at ru.acad.bg (Nikolay Kabaivanov) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying References: <3C3E08F4.9030704@nki.no> Message-ID: <3C3E86D4.954C1D72@ru.acad.bg> Hello I can also report that kind of problem with f-prot on RedHat 7.0 and perl-5.6.0-9. Paal Hagerup wrote: > > Hi! > > Sometimes mailscanner dies leaving this message in the log: > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > bug in MailScanner's F-Prot > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > F-Prot's output format has changed! > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > of MailScanner! > > I have to remove the offending mail from mqueue.in to get it going > again. I have a sample > of the last mail that made it die if someone (Julian?) wants to have a look. > > Paal Hagerup __________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From splee at PLEXIO.COM Fri Jan 11 06:42:59 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying In-Reply-To: <3C3E86D4.954C1D72@ru.acad.bg> References: <3C3E08F4.9030704@nki.no> <3C3E86D4.954C1D72@ru.acad.bg> Message-ID: <1010731381.1653.103.camel@ralph.plexio.private> I'm running f-prot with MailScanner 3.02-1 and Perl 5.6.1 but don't see those syslog messages. Has anyone seen this problem using Perl 5.6.1? Stephen On Thu, 2002-01-10 at 22:31, Nikolay Kabaivanov wrote: > Hello > I can also report that kind of problem with f-prot on RedHat 7.0 and > perl-5.6.0-9. > > Paal Hagerup wrote: > > > > Hi! > > > > Sometimes mailscanner dies leaving this message in the log: > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > > bug in MailScanner's F-Prot > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > > F-Prot's output format has changed! > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > > of MailScanner! > > > > I have to remove the offending mail from mqueue.in to get it going > > again. I have a sample > > of the last mail that made it die if someone (Julian?) wants to have a look. > > > > Paal Hagerup > > __________________________________ > Nikolay Kabaivanov, ntk@ru.acad.bg > University of Rousse, Bulgaria From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 07:01:43 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: j.ramirez@ELPORTALDEINTERNET.COM left the JISCmail list Message-ID: <200201110701.HAA14377@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 07:01:43 Javier Ram?rez has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From nwp at LEMON-COMPUTING.COM Fri Jan 11 09:46:21 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <1010686326.1571.28.camel@ralph.plexio.private>; from splee@PLEXIO.COM on Thu, Jan 10, 2002 at 10:12:04AM -0800 References: <1010686326.1571.28.camel@ralph.plexio.private> Message-ID: <20020111094621.B22455@lemon-computing.com> On Thu, Jan 10, 2002 at 10:12:04AM -0800, Stephen Lee wrote: > Undefined subroutine &main::DieLog called at > /usr/local/MailScanner/bin/mailscanner line 288. I've fixed this. Doesn't do any harm besides not giving a more helpful error message, so nothing to worry about. -- Nick Phillips -- nwp@lemon-computing.com Things will be bright in P.M. A cop will shine a light in your face. From nwp at LEMON-COMPUTING.COM Fri Jan 11 10:00:48 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: ; from carl@CAPAHO.COM on Fri, Jan 11, 2002 at 05:42:44AM +0000 References: Message-ID: <20020111100048.E22455@lemon-computing.com> On Fri, Jan 11, 2002 at 05:42:44AM +0000, Carl Hogue wrote: > During testing of MailScanner 3.02-1 and f-prot with the EICAR test file in > combination with disallowed file extensions, the virus report and the file > extension report are run together in the same line. I did not see this > problem with Sophos: Thanks. -- Nick Phillips -- nwp@lemon-computing.com Try the Moo Shu Pork. It is especially good today. From jkf at ecs.soton.ac.uk Fri Jan 11 10:03:01 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: Message-ID: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> At 05:42 11/01/2002, you wrote: >During testing of MailScanner 3.02-1 and f-prot with the EICAR test file in >combination with disallowed file extensions, the virus report and the file >extension report are run together in the same line. I did not see this >problem with Sophos: This should be fixed in 3.03. >The virus detector said this about the message: >Report: /var/spool/MailScanner/incoming/WAA30563/virus-scan-test.txt.pif >Infection: EICAR_Test_FileShortcuts to MS-Dos programs are very dangerous in >email in virus-scan-test.txt.pif > >Best Regards, >Carl Hogue -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Fri Jan 11 10:05:36 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying In-Reply-To: <3C3E08F4.9030704@nki.no>; from paal@NKI.NO on Thu, Jan 10, 2002 at 10:34:44PM +0100 References: <3C3E08F4.9030704@nki.no> Message-ID: <20020111100536.F22455@lemon-computing.com> On Thu, Jan 10, 2002 at 10:34:44PM +0100, Paal Hagerup wrote: > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > bug in MailScanner's F-Prot > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > F-Prot's output format has changed! > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > of MailScanner! This means that F-Prot has output something that I hadn't seen it do when I was writing the code to support it; I've just switched this machine over to use f-prot, so if you could bounce the message over to me I should see it first-hand. If it's got anything in it that I shouldn't see, please describe further - does it have an archive (.zip or whatever) as an attachment, does it seem to be infected etc.... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will be Told about it Tomorrow. Go Home and Prepare Thyself. From jbayer at bayerfamily.net Fri Jan 11 13:00:10 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> Message-ID: <15450137053.20020111080010@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Julian, ETA on 3.03???? JBB Friday, January 11, 2002, 5:03:01 AM, you wrote: JF> At 05:42 11/01/2002, you wrote: >>During testing of MailScanner 3.02-1 and f-prot with the EICAR test file in >>combination with disallowed file extensions, the virus report and the file >>extension report are run together in the same line. I did not see this >>problem with Sophos: JF> This should be fixed in 3.03. >>The virus detector said this about the message: >>Report: /var/spool/MailScanner/incoming/WAA30563/virus-scan-test.txt.pif >>Infection: EICAR_Test_FileShortcuts to MS-Dos programs are very dangerous in >>email in virus-scan-test.txt.pif >> >>Best Regards, >>Carl Hogue JF> -- JF> Julian Field Teaching Systems Manager JF> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF> Tel. 023 8059 2817 University of Southampton JF> Southampton SO17 1BJ - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw+4doACgkQLWek1tt+K52K9gCeInGhnzquk90ghiJRKgXHRuvu FNMAn1qYFfxyOPvoE+gv71Pc4E169dbY =Lbm1 -----END PGP SIGNATURE----- From jbayer at bayerfamily.net Fri Jan 11 13:00:10 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> Message-ID: <15450137053.20020111080010@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Julian, ETA on 3.03???? JBB Friday, January 11, 2002, 5:03:01 AM, you wrote: JF> At 05:42 11/01/2002, you wrote: >>During testing of MailScanner 3.02-1 and f-prot with the EICAR test file in >>combination with disallowed file extensions, the virus report and the file >>extension report are run together in the same line. I did not see this >>problem with Sophos: JF> This should be fixed in 3.03. >>The virus detector said this about the message: >>Report: /var/spool/MailScanner/incoming/WAA30563/virus-scan-test.txt.pif >>Infection: EICAR_Test_FileShortcuts to MS-Dos programs are very dangerous in >>email in virus-scan-test.txt.pif >> >>Best Regards, >>Carl Hogue JF> -- JF> Julian Field Teaching Systems Manager JF> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF> Tel. 023 8059 2817 University of Southampton JF> Southampton SO17 1BJ - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw+4doACgkQLWek1tt+K52K9gCeInGhnzquk90ghiJRKgXHRuvu FNMAn1qYFfxyOPvoE+gv71Pc4E169dbY =Lbm1 -----END PGP SIGNATURE----- From jkf at ecs.soton.ac.uk Fri Jan 11 14:05:52 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <15450137053.20020111080010@bayerfamily.net> References: <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020111100247.03905480@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020111140421.05bcfc50@imap.ecs.soton.ac.uk> At 13:00 11/01/2002, you wrote: >ETA on 3.03???? I wasn't going to release it for a little while, as we want to have a chance to try and solve the Kaspersky parsing problems first. 3.03 also fixes "joke program" parsing for F-Prot too, by the way, so I'll be advising all F-Prot users to upgrade. Do people want this release now? Or are you prepared to wait a bit while Kaspersky is looked into? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 14:06:15 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: ak@PAPENDORF-SE.DE requested to join Message-ID: <200201111406.OAA07875@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 14:06:15 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Alexander Kuehn You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ak@PAPENDORF-SE.DE Alexander Kuehn PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ak@PAPENDORF-SE.DE Alexander Kuehn // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 14:22:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: akaKul@QAX.ORG requested to join Message-ID: <200201111422.OAA08968@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 14:22:10 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Kul -erm- You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER akaKul@QAX.ORG Kul -erm- PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER akaKul@QAX.ORG Kul -erm- // EOJ From evertjan at VANRAMSELAAR.NET Fri Jan 11 14:37:37 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:14 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <5.1.0.14.2.20020111140421.05bcfc50@imap.ecs.soton.ac.uk> Message-ID: <000601c19aad$83d52c10$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Friday, January 11, 2002 3:06 PM > Do people want this release now? Or are you prepared to wait a bit while > Kaspersky is looked into? Impatient as I am... I would really like to try running Mailscanner with multiple scanners. However, it's running fine now, so I guess I will survive waiting a bit longer... :D -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 14:29:42 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: ulrich@DESIGN-D.DE requested to join Message-ID: <200201111429.OAA09542@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 14:29:42 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Heinz Ulrich Stille You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ulrich@DESIGN-D.DE Heinz Ulrich Stille PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ulrich@DESIGN-D.DE Heinz Ulrich Stille // EOJ From akaKul at QAX.ORG Fri Jan 11 15:28:16 2002 From: akaKul at QAX.ORG (Kul) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying Message-ID: I am also getting the same message, starting today. (no definition file update since the 8th, so nothing had changed for 24-48 hours) I have downloaded a fresh copy of the definition files, just incase one became corrupt, but this wa no help :( Restarted mailscanner/sendmail countless times, but it always dies quickly, leaving 63 messages stuck in mqueue.in I have now turned off(shutdown) mailscanner temporarily till a fix/solution can be found/is available, and ran sendmail on its own again. Also moved the mqueue.in dir contents to mqueue and now have the customers off my back as they can now read there mails and leave me in peace :P I can offer files/mails/headers etc. from my machine if required for analysis, and will even concider allowing shell access (if that would help) to mailscanner team. PS, many thanks for Julian comming into the irc at irc.uk2raq.com a few days ago and helping us (500 of us that is) out conciderably with mailscanner/f-prot with this absolutly essential tool. Much appreciated!! Kul From splee at PLEXIO.COM Fri Jan 11 15:47:09 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying In-Reply-To: <1010731381.1653.103.camel@ralph.plexio.private> References: <3C3E08F4.9030704@nki.no> <3C3E86D4.954C1D72@ru.acad.bg> <1010731381.1653.103.camel@ralph.plexio.private> Message-ID: <1010764031.1571.106.camel@ralph.plexio.private> Okay, MailScanner died with Perl 5.6.1 as well. Stephen On Thu, 2002-01-10 at 22:42, Stephen Lee wrote: > I'm running f-prot with MailScanner 3.02-1 and Perl 5.6.1 but don't see > those syslog messages. Has anyone seen this problem using Perl 5.6.1? > > Stephen > On Thu, 2002-01-10 at 22:31, Nikolay Kabaivanov wrote: > > Hello > > I can also report that kind of problem with f-prot on RedHat 7.0 and > > perl-5.6.0-9. > > > > Paal Hagerup wrote: > > > > > > Hi! > > > > > > Sometimes mailscanner dies leaving this message in the log: > > > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > > > bug in MailScanner's F-Prot > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > > > F-Prot's output format has changed! > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > > > of MailScanner! > > > > > > I have to remove the offending mail from mqueue.in to get it going > > > again. I have a sample > > > of the last mail that made it die if someone (Julian?) wants to have a look. > > > > > > Paal Hagerup > > > > __________________________________ > > Nikolay Kabaivanov, ntk@ru.acad.bg > > University of Rousse, Bulgaria From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 15:35:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:14 2006 Subject: MAILSCANNER: matt@KAMINER.COM requested to join Message-ID: <200201111535.PAA13910@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 15:35:10 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Matt Kaminer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER matt@KAMINER.COM Matt Kaminer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER matt@KAMINER.COM Matt Kaminer // EOJ From jkf at ecs.soton.ac.uk Fri Jan 11 16:04:54 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:14 2006 Subject: Mailscanner with f-prot dying In-Reply-To: <1010764031.1571.106.camel@ralph.plexio.private> References: <1010731381.1653.103.camel@ralph.plexio.private> <3C3E08F4.9030704@nki.no> <3C3E86D4.954C1D72@ru.acad.bg> <1010731381.1653.103.camel@ralph.plexio.private> Message-ID: <5.1.0.14.2.20020111160421.03913ad8@imap.ecs.soton.ac.uk> Sounds like I need to release a new F-Prot parser pretty soon. I'll mail the file to anyone who wants it in the interim (there's just 1 file to replace). At 15:47 11/01/2002, you wrote: >Okay, MailScanner died with Perl 5.6.1 as well. > >Stephen >On Thu, 2002-01-10 at 22:42, Stephen Lee wrote: > > I'm running f-prot with MailScanner 3.02-1 and Perl 5.6.1 but don't see > > those syslog messages. Has anyone seen this problem using Perl 5.6.1? > > > > Stephen > > On Thu, 2002-01-10 at 22:31, Nikolay Kabaivanov wrote: > > > Hello > > > I can also report that kind of problem with f-prot on RedHat 7.0 and > > > perl-5.6.0-9. > > > > > > Paal Hagerup wrote: > > > > > > > > Hi! > > > > > > > > Sometimes mailscanner dies leaving this message in the log: > > > > > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > > > > bug in MailScanner's F-Prot > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > > > > F-Prot's output format has changed! > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > > > > of MailScanner! > > > > > > > > I have to remove the offending mail from mqueue.in to get it going > > > > again. I have a sample > > > > of the last mail that made it die if someone (Julian?) wants to > have a look. > > > > > > > > Paal Hagerup > > > > > > __________________________________ > > > Nikolay Kabaivanov, ntk@ru.acad.bg > > > University of Rousse, Bulgaria -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at vanramselaar.net Fri Jan 11 16:09:40 2002 From: evertjan at vanramselaar.net (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <5.1.0.14.2.20020111144022.05b89a80@imap.ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > Sent: Friday, January 11, 2002 3:41 PM > New sweep.pl attached. I dunno, some people ain't half impatient... ;-) Tnx for the file. Seems to work fine, I have f-prot and mcafee configured now, and the EICAR test file gets detected by both scanners and both results are metioned in the warning e-mails. However, I can't seen to get inoculate working with MailScanner. Probably because I have an older version, which expects other parameters: ---------------------------------------------- # /usr/local/av/inocucmd Usage: /usr/local/av/inocucmd [ -options ] file|directory ... (Choose zero or one of FST, SEC or REV) -options: FST Fast scan (default) : SEC Secure scan : REV Reviewer scan (Choose zero or one of CUR, DEL, MOV, REN or MAR) : CUR Scan & cure infected files : DEL Scan & delete infected files : MOV Move infected files to ~/VIRUS : REN Rename infected files : MAR Move & rename infected files to ~/VIRUS (Choose any of NEX, NOC, NOS, FIL, LIS, APP, VER or HEL) : NEX Detect compressed files by content, not file extension : NOC Don't scan compressed files (.ZIP, .ARJ, .Z, ...) : NOS No subdirectory traverse : FIL Only scan files that match (shell wildcard) : LIS Create scan report file : APP Append scan report to file : VER Verbose mode : HEL or ? Display this help file|directory ...: Specify at least one file or directory to scan Engine version: 27.00 2001/08/16 Data version: 02.66 1984/00/16 ---------------------------------------------- Another question: Did someone already make an update scripts for the f-prot definitions? -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 16:12:43 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: s-luppescu@UCHICAGO.EDU requested to join Message-ID: <200201111612.QAA16903@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 16:12:43 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Stuart Luppescu You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER s-luppescu@UCHICAGO.EDU Stuart Luppescu PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER s-luppescu@UCHICAGO.EDU Stuart Luppescu // EOJ From matt at kaminer.com Fri Jan 11 16:03:11 2002 From: matt at kaminer.com (Matt Kaminer) Date: Thu Jan 12 21:14:15 2006 Subject: Sophos update - note Message-ID: <38393.65.205.80.66.1010764991.squirrel@webmail.mmc.net> Hi everyone: Here is a little interesting issue regarding autoupdate and Sophos you should be aware of. Autoupdate checks the version (max,min) of Sophos from the sophos executable in order to get the correct file name to download from the sophos website. (its currently 3.54 I think). So if you are running an older version of the Sohphos executable (more than three months -- they update it every three months), autoupdate will not locate the most recent virus file to download (since 3.50 is no longer on the website). You will get a "lynx error" Its a little quirk. I didnt realize it until I upgraded to mailscanner 3.0 I guess its a good lesson to keep your sophos executable version updated. -Matt From miker at incanta.net Fri Jan 11 17:16:44 2002 From: miker at incanta.net (Mike Rylander) Date: Thu Jan 12 21:14:15 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: References: Message-ID: <0201111216441E.17678@lizard2.incanta.net> I use this. It will get new defs, or refresh and archive the old ones. Runs as a cron job in the wee hours of the morning. --(snip)-- #!/bin/sh fpdir="/usr/local/f-prot/" arc=`date +%Y%m%d` ftp="/usr/bin/ncftpget -V" unzip="/usr/bin/unzip -o" defsite="ftp://ftp.complex.is/pub/" maindef="fp-def.zip" macdef="macrdef2.zip" ###################################################### cd $fpdir mv $maindef $maindef.$arc mv $macdef $macdef.$arc $ftp $defsite$maindef && $unzip $maindef || (mv $maindef.$arc $maindef; $unzip $maindef; mv $maindef $maindef.$arc) $ftp $defsite$macdef && $unzip $macdef || (mv $macdef.$arc $macdef; $unzip $macdef; mv $macdef $macdef.$arc) --(cut)-- On Friday 11 January 2002 11:09, Evert Jan van Ramselaar wrote: > > -----Original Message----- > > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > > Sent: Friday, January 11, 2002 3:41 PM > > > > New sweep.pl attached. I dunno, some people ain't half impatient... ;-) > > Tnx for the file. Seems to work fine, I have f-prot and mcafee configured > now, and the EICAR test file gets detected by both scanners and both > results are metioned in the warning e-mails. > > However, I can't seen to get inoculate working with MailScanner. Probably > because I have an older version, which expects other parameters: > > ---------------------------------------------- > # /usr/local/av/inocucmd > > Usage: /usr/local/av/inocucmd [ -options ] file|directory ... > (Choose zero or one of FST, SEC or REV) > > -options: FST Fast scan (default) > > : SEC Secure scan > : REV Reviewer scan > > (Choose zero or one of CUR, DEL, MOV, REN or MAR) > > : CUR Scan & cure infected files > : DEL Scan & delete infected files > : MOV Move infected files to ~/VIRUS > : REN Rename infected files > : MAR Move & rename infected files to ~/VIRUS > > (Choose any of NEX, NOC, NOS, FIL, LIS, APP, VER or HEL) > > : NEX Detect compressed files by content, not file extension > : NOC Don't scan compressed files (.ZIP, .ARJ, .Z, ...) > : NOS No subdirectory traverse > : FIL Only scan files that match (shell > > wildcard) > > : LIS Create scan report file > : APP Append scan report to file > : VER Verbose mode > : HEL or ? Display this help > > file|directory ...: Specify at least one file or directory to scan > > Engine version: 27.00 2001/08/16 > Data version: 02.66 1984/00/16 > ---------------------------------------------- > > Another question: Did someone already make an update scripts for the f-prot > definitions? > > -- > Evert Jan van Ramselaar > Van Ramselaar Info Tech > > > ___ > This message has been scanned for viruses and dangerous > content and is believed to be clean. www.vr-it.com -- Mike Rylander Senior Systems Engineer Incanta, Inc. 404.845.4147 miker@incanta.net miker-pager@incanta.net From miker at incanta.net Fri Jan 11 17:16:44 2002 From: miker at incanta.net (Mike Rylander) Date: Thu Jan 12 21:14:15 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: References: Message-ID: <0201111216441E.17678@lizard2.incanta.net> I use this. It will get new defs, or refresh and archive the old ones. Runs as a cron job in the wee hours of the morning. --(snip)-- #!/bin/sh fpdir="/usr/local/f-prot/" arc=`date +%Y%m%d` ftp="/usr/bin/ncftpget -V" unzip="/usr/bin/unzip -o" defsite="ftp://ftp.complex.is/pub/" maindef="fp-def.zip" macdef="macrdef2.zip" ###################################################### cd $fpdir mv $maindef $maindef.$arc mv $macdef $macdef.$arc $ftp $defsite$maindef && $unzip $maindef || (mv $maindef.$arc $maindef; $unzip $maindef; mv $maindef $maindef.$arc) $ftp $defsite$macdef && $unzip $macdef || (mv $macdef.$arc $macdef; $unzip $macdef; mv $macdef $macdef.$arc) --(cut)-- On Friday 11 January 2002 11:09, Evert Jan van Ramselaar wrote: > > -----Original Message----- > > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > > Sent: Friday, January 11, 2002 3:41 PM > > > > New sweep.pl attached. I dunno, some people ain't half impatient... ;-) > > Tnx for the file. Seems to work fine, I have f-prot and mcafee configured > now, and the EICAR test file gets detected by both scanners and both > results are metioned in the warning e-mails. > > However, I can't seen to get inoculate working with MailScanner. Probably > because I have an older version, which expects other parameters: > > ---------------------------------------------- > # /usr/local/av/inocucmd > > Usage: /usr/local/av/inocucmd [ -options ] file|directory ... > (Choose zero or one of FST, SEC or REV) > > -options: FST Fast scan (default) > > : SEC Secure scan > : REV Reviewer scan > > (Choose zero or one of CUR, DEL, MOV, REN or MAR) > > : CUR Scan & cure infected files > : DEL Scan & delete infected files > : MOV Move infected files to ~/VIRUS > : REN Rename infected files > : MAR Move & rename infected files to ~/VIRUS > > (Choose any of NEX, NOC, NOS, FIL, LIS, APP, VER or HEL) > > : NEX Detect compressed files by content, not file extension > : NOC Don't scan compressed files (.ZIP, .ARJ, .Z, ...) > : NOS No subdirectory traverse > : FIL Only scan files that match (shell > > wildcard) > > : LIS Create scan report file > : APP Append scan report to file > : VER Verbose mode > : HEL or ? Display this help > > file|directory ...: Specify at least one file or directory to scan > > Engine version: 27.00 2001/08/16 > Data version: 02.66 1984/00/16 > ---------------------------------------------- > > Another question: Did someone already make an update scripts for the f-prot > definitions? > > -- > Evert Jan van Ramselaar > Van Ramselaar Info Tech > > > ___ > This message has been scanned for viruses and dangerous > content and is believed to be clean. www.vr-it.com -- Mike Rylander Senior Systems Engineer Incanta, Inc. 404.845.4147 miker@incanta.net miker-pager@incanta.net From splee at plexio.com Fri Jan 11 21:27:58 2002 From: splee at plexio.com (Stephen Lee) Date: Thu Jan 12 21:14:15 2006 Subject: Mailscanner with f-prot dying In-Reply-To: <5.1.0.14.2.20020111160421.03913ad8@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020111160421.03913ad8@imap.ecs.soton.ac.uk> Message-ID: <61503.209.53.54.107.1010784478.squirrel@mail.plexio.com> MailScanner, even with the new sweep.pl, still dies after running about 4hrs. I guess this coincides with the 4hr restart time in mailscanner.conf. Also, do I still need to specify a restart of MailScanner in crontab? Thanks, Stephen > Sounds like I need to release a new F-Prot parser pretty soon. I'll > mail the file to anyone who wants it in the interim (there's just 1 > file to replace). > From s-luppescu at UCHICAGO.EDU Fri Jan 11 22:58:18 2002 From: s-luppescu at UCHICAGO.EDU (Stuart Luppescu) Date: Thu Jan 12 21:14:15 2006 Subject: Weirdnesses in McAfee autoupdate Message-ID: <1010789898.21707.125.camel@musuko.uchicago.edu> I just installed the latest mailscanner on my RH Linux 6.2 mail server, along with McAfee Virus Scan. There seems to be problems with the mcafee autoupdate. 1) I had to copy /etc/cron.daily/Sophos.autoupdate to mcafee.autoupdate and edit it to do the autoupdate for mcafee. 2) When I ran autoupdate the first time I got this message: Global symbol "$DATDir" requires explicit package name at ./autoupdate line 123. Execution of ./autoupdate aborted due to compilation errors. It looked like a typo where $DATdir was misspelled as $DATDir. So I fixed that and ran it again and this time I got this: A target has not been specified for scanning! /usr/local/mcafee/dat/ /usr/local/mcafee/20020111 The latter directory (20020111) is now full of files (including scan.dat, names.dat, internet.dat), but I don't know if it's in a usable state. How does the scanner know to look in that directory? My mcafeewrapper has this in it: PackageDir=/usr/local/mcafee prog=uvscan # `basename $0` datDIR=$PackageDir LD_LIBRARY_PATH=$PackageDir export LD_LIBRARY_PATH exec ${PackageDir}/$prog -d $datDIR "$@" Is that cool? This is not so clear to me. Thanks in advance for any help anyone can give. -- Stuart Luppescu -=- s-luppescu@uchicago.edu University of Chicago -=- CCSR $B:MJ8$HCRF`H~$NIc(B -=- Kernel 2.4.14-xfs Life is difficult because it is non-linear. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020111/448c1dd2/attachment.bin From germo at JPS.NET Sat Jan 12 08:06:46 2002 From: germo at JPS.NET (Germo) Date: Thu Jan 12 21:14:15 2006 Subject: Mailscanner with f-prot dying References: <1010731381.1653.103.camel@ralph.plexio.private> <3C3E08F4.9030704@nki.no> <3C3E86D4.954C1D72@ru.acad.bg> <1010731381.1653.103.camel@ralph.plexio.private> <5.1.0.14.2.20020111160421.03913ad8@imap.ecs.soton.ac.uk> Message-ID: <001301c19b40$15d6dea0$e5c5efd1@computer> HOW DO I GET OFF THIS LIST?........On almost a daily basis I would get almost two dozen emails. Two of them would be for me and about twenty of them were unsolicited advertisements. Thus my attempt to find some way to eliminate this problem which led to your mailscanner site in search of help. NOW I get almost three dozen emails. Again about two are for me, and over twenty are still the unsolicited advertisements, and another 10 to 15 are you guys talking to each other in a language I don't even understand. Thus my attempt to REDUCE the unsolicited advertisements I get has resulted in an INCREASE of unsolicited AND unwanted email, plus duplicate messages from each and every one of you guys talking back and forth. Again I am asking, HOW do I back out of this very poor decision I made and wish I hadn't? ----- Original Message ----- From: Julian Field To: Sent: Friday, January 11, 2002 8:04 AM Subject: Re: Mailscanner with f-prot dying > Sounds like I need to release a new F-Prot parser pretty soon. I'll mail > the file to anyone who wants it in the interim (there's just 1 file to > replace). > > At 15:47 11/01/2002, you wrote: > >Okay, MailScanner died with Perl 5.6.1 as well. > > > >Stephen > >On Thu, 2002-01-10 at 22:42, Stephen Lee wrote: > > > I'm running f-prot with MailScanner 3.02-1 and Perl 5.6.1 but don't see > > > those syslog messages. Has anyone seen this problem using Perl 5.6.1? > > > > > > Stephen > > > On Thu, 2002-01-10 at 22:31, Nikolay Kabaivanov wrote: > > > > Hello > > > > I can also report that kind of problem with f-prot on RedHat 7.0 and > > > > perl-5.6.0-9. > > > > > > > > Paal Hagerup wrote: > > > > > > > > > > Hi! > > > > > > > > > > Sometimes mailscanner dies leaving this message in the log: > > > > > > > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Either you've found a > > > > > bug in MailScanner's F-Prot > > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: output parser, or > > > > > F-Prot's output format has changed! > > > > > Jan 10 22:15:44 10.10.22.24 mailscanner[16001]: Please mail the author > > > > > of MailScanner! > > > > > > > > > > I have to remove the offending mail from mqueue.in to get it going > > > > > again. I have a sample > > > > > of the last mail that made it die if someone (Julian?) wants to > > have a look. > > > > > > > > > > Paal Hagerup > > > > > > > > __________________________________ > > > > Nikolay Kabaivanov, ntk@ru.acad.bg > > > > University of Rousse, Bulgaria > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 16:59:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: david.osborne@NOTTINGHAM.AC.UK requested to join Message-ID: <200201111701.RAA20353@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 16:59:30 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from David Osborne The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER david.osborne@NOTTINGHAM.AC.UK David Osborne PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER david.osborne@NOTTINGHAM.AC.UK David Osborne SET MAILSCANNER CONCEAL FOR david.osborne@NOTTINGHAM.AC.UK // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 11 18:33:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: jeroen@WIJDOGEN.DHS.ORG requested to join Message-ID: <200201111833.SAA26078@magpie.ecs.soton.ac.uk> Fri, 11 Jan 2002 18:33:24 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jeroen W You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jeroen@WIJDOGEN.DHS.ORG Jeroen W PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jeroen@WIJDOGEN.DHS.ORG Jeroen W // EOJ From jkf at ecs.soton.ac.uk Sat Jan 12 10:21:18 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <1010789898.21707.125.camel@musuko.uchicago.edu> Message-ID: <5.1.0.14.2.20020112101812.04f75aa0@hawk.ecs.soton.ac.uk> At 22:58 11/01/2002, you wrote: >1) I had to copy /etc/cron.daily/Sophos.autoupdate to mcafee.autoupdate >and edit it to do the autoupdate for mcafee. >2) When I ran autoupdate the first time I got this message: >Global symbol "$DATDir" requires explicit package name at ./autoupdate >line 123. This has been spotted and will be correct in the next release. It's just a "print" line so doesn't actually do any harm at all. Feel free to delete the line in question. >Execution of ./autoupdate aborted due to compilation errors. >It looked like a typo where $DATdir was misspelled as $DATDir. So I >fixed that and ran it again and this time I got this: >A target has not been specified for scanning! >/usr/local/mcafee/dat/ > >/usr/local/mcafee/20020111 > >The latter directory (20020111) is now full of files (including >scan.dat, names.dat, internet.dat), but I don't know if it's in a usable >state. How does the scanner know to look in that directory? My >mcafeewrapper has this in it: > >PackageDir=/usr/local/mcafee >prog=uvscan # `basename $0` >datDIR=$PackageDir The original had datDIR=$PackageDir/dat and this is where the mcafee autoupdate script will put the .dat files it downloads. >LD_LIBRARY_PATH=$PackageDir >export LD_LIBRARY_PATH > >exec ${PackageDir}/$prog -d $datDIR "$@" > >Is that cool? This is not so clear to me. You can tell by running "/usr/local/mcafee/mcafeewrapper ." and see if it correctly starts up and scans the current directory. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Sat Jan 12 10:14:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: Your removal from the MAILSCANNER JISCmail list Message-ID: <200201121014.KAA29455@magpie.ecs.soton.ac.uk> Sat, 12 Jan 2002 10:14:55 You have been removed from the MAILSCANNER JISCmail list (MailScanner mailing list) by Julian Field . From jkf at ecs.soton.ac.uk Sat Jan 12 15:30:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: Mailscanner with f-prot dying In-Reply-To: Message-ID: <5.1.0.14.2.20020112152910.030018c8@hawk.ecs.soton.ac.uk> At 15:28 11/01/2002, you wrote: >PS, many thanks for Julian comming into the irc at irc.uk2raq.com a few days >ago and helping us (500 of us that is) out conciderably with >mailscanner/f-prot with this absolutly essential tool. Much appreciated!! The only snag is I did myself out of any money from Steve's SQAN setup, which you guys aren't now buying into as you can install MailScanner yourself :-( Ho hum, such is life :) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Sat Jan 12 17:00:58 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:15 2006 Subject: F-Prot Downlaod Failing?? Message-ID: Is it something I'm doing or is there a problem downloading from the F-Prot website? Once the F-Prot gz file is downloaded I am unable to open it. I get an error that it's not the correct format. I even fried using windows to bring it down but IE said it couldn't find the file?? Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Sat Jan 12 17:08:50 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:15 2006 Subject: F-Prot Downlaod Failing?? In-Reply-To: Message-ID: Sorry to answer my own question but I thought others may be interested. The link on the English site of F-Prot is broken. The file has been updated to fp-linux_311b_beta_x86.tar.gz. Notice the "b" in "311b". The English site only has the "311". Gerry On Sat, 12 Jan 2002, Gerry Doris wrote: > Is it something I'm doing or is there a problem downloading from the > F-Prot website? > > Once the F-Prot gz file is downloaded I am unable to open it. I get an > error that it's not the correct format. I even fried using windows to > bring it down but IE said it couldn't find the file?? > > > Gerry > -- > "The lyfe so short, the craft so long to learne" Chaucer > -- "The lyfe so short, the craft so long to learne" Chaucer From evertjan at VANRAMSELAAR.NET Sat Jan 12 19:00:15 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 Message-ID: <000201c19b9b$5f0ce000$65000a0a@ramws1> Hello list, Occasionally I get this error in the sendmail log: Jan 12 19:16:48 ram1 sendmail[1831]: TAA01831: SYSERR(root): Cannot reopen dfTAA01831: No such file or directory I don't remember seeing this one before installing MailScanner, so would this be related to eachother? I can't be 100% sure, but it looks like this error is only produced after receiving a multipart message. According to my logs, the sending mailserver also gets an error and the message is resubmitted about 10-15 minutes later. Mind you, I get this error just on some occasions, not all by far. I found 2 documents on the net that might put some light on this: * http://aa11.cjb.net/sun_managers/2000/05/msg00249.html * http://ftp.uninett.no/pub/OpenBSD/src/gnu/usr.sbin/sendmail/contrib/qtool.pl -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From evertjan at VANRAMSELAAR.NET Sun Jan 13 16:48:44 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <000201c19b9b$5f0ce000$65000a0a@ramws1> Message-ID: <003801c19c52$29ea0b20$65000a0a@ramws1> > Occasionally I get this error in the sendmail log: > > Jan 12 19:16:48 ram1 sendmail[1831]: TAA01831: SYSERR(root): Cannot reopen > dfTAA01831: No such file or directory Today one message wouldn't come through at all because of this error. All I saw was a connection from the sending mailserver and an error: Jan 13 17:13:39 ram1 sendmail[21041]: RAA21041: from=, size=591800, class=0, pri=621800, nrcpts=1, msgid=<200201131520.HAA19065@us-support.external.hp.com>, proto=ESMTP, relay=[194.109.74.179] Jan 13 17:13:39 ram1 sendmail[21041]: RAA21041: SYSERR(root): Cannot reopen dfRAA21041: No such file or directory As you can see, it's a rather large e-mail and it just contains text. The sending mailserver just kept on trying every 15 minutes. Nothing appeared in the mqueue or mqueue.in. The message would only come through once I started sendmail the 'old' way. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From nwp at LEMON-COMPUTING.COM Sun Jan 13 17:39:12 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Run-on Sentence in Reports with F-prot Message-ID: <20020113173912.B6365@lemon-computing.com> On Fri, Jan 11, 2002 at 05:09:40PM +0100, Evert Jan van Ramselaar wrote: > # /usr/local/av/inocucmd I seem to remember a comment somewhere that says "use ino32". I can't find any sign of that comment now (maybe gone in a revision somewhere), but if there's an executable called "ino32" somewhere, you might try that. > Another question: Did someone already make an update scripts for the f-prot > definitions? Not that I know of. If no-one else does/has, then I'll be doing one sometime this week. Touch wood. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You should go home. From evertjan at VANRAMSELAAR.NET Sun Jan 13 20:36:30 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: Run-on Sentence in Reports with F-prot In-Reply-To: <20020113173912.B6365@lemon-computing.com> Message-ID: <003901c19c71$fb0ff8d0$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Nick Phillips > Sent: Sunday, January 13, 2002 6:39 PM > > # /usr/local/av/inocucmd > > I seem to remember a comment somewhere that says "use ino32". I can't find > any sign of that comment now (maybe gone in a revision somewhere), but if > there's an executable called "ino32" somewhere, you might try that. Nope. I don't have that one. > > Another question: Did someone already make an update scripts > for the f-prot definitions? > > Not that I know of. If no-one else does/has, then I'll be doing > one sometime this week. Touch wood. I did a little scripting myself in the meantime: #!/bin/sh mkdir /tmp/fpupdate cd /tmp/fpupdate /usr/bin/wget ftp://ftp.f-prot.com/pub/macrdef2.zip /usr/bin/wget ftp://ftp.f-prot.com/pub/fp-def.zip /usr/bin/unzip macrdef2.zip /usr/bin/unzip fp-def.zip mv *.DEF *.ASC /usr/local/f-prot cd / rm -rf /tmp/fpupdate This does the trick for me. As you can see, it depends on wget. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From LISTSERV at JISCMAIL.AC.UK Sun Jan 13 13:05:34 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: sveinn@SVEINNG.COM requested to join Message-ID: <200201131306.NAA16373@magpie.ecs.soton.ac.uk> Sun, 13 Jan 2002 13:05:34 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Sveinn Gunnarsson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER sveinn@SVEINNG.COM Sveinn Gunnarsson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER sveinn@SVEINNG.COM Sveinn Gunnarsson // EOJ From jkf at ecs.soton.ac.uk Sun Jan 13 20:46:05 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <003801c19c52$29ea0b20$65000a0a@ramws1> References: <000201c19b9b$5f0ce000$65000a0a@ramws1> Message-ID: <5.1.0.14.2.20020113204510.00b1c770@hawk.ecs.soton.ac.uk> At 16:48 13/01/2002, you wrote: >Today one message wouldn't come through at all because of this error. All I >saw was a connection from the sending mailserver and an error: >As you can see, it's a rather large e-mail and it just contains text. The >sending mailserver just kept on trying every 15 minutes. Nothing appeared in >the mqueue or mqueue.in. You haven't set the file locking option to anything have you? The default (undefined ==> auto) should do the right thing. Sounds like a locking problem to me. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Sun Jan 13 20:58:27 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <5.1.0.14.2.20020113204510.00b1c770@hawk.ecs.soton.ac.uk> Message-ID: <004001c19c75$0c3b15b0$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Sunday, January 13, 2002 9:46 PM > You haven't set the file locking option to anything have you? The default > (undefined ==> auto) should do the right thing. Sounds like a locking > problem to me. Nope, I didn't touch that one. It's still commented out. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From jkf at ecs.soton.ac.uk Sun Jan 13 21:12:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <004001c19c75$0c3b15b0$65000a0a@ramws1> References: <5.1.0.14.2.20020113204510.00b1c770@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020113211001.02f9a2d0@hawk.ecs.soton.ac.uk> At 20:58 13/01/2002, you wrote: > > You haven't set the file locking option to anything have you? The default > > (undefined ==> auto) should do the right thing. Sounds like a locking > > problem to me. > >Nope, I didn't touch that one. It's still commented out. The only other time I have ever seen this happen was when either the locking had been tweaked or there were 2 MailScanners running at the same time. MailScanner uses exactly the same locking semantics as sendmail, I copied it from the source. Something is removing the file from under sendmail's nose before it has finished with it... What OS are you using? What version of sendmail? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Sun Jan 13 21:23:32 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <5.1.0.14.2.20020113211001.02f9a2d0@hawk.ecs.soton.ac.uk> Message-ID: <004101c19c78$8d5dd530$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Sunday, January 13, 2002 10:13 PM > The only other time I have ever seen this happen was when either the > locking had been tweaked or there were 2 MailScanners running at the same > time. MailScanner uses exactly the same locking semantics as sendmail, I > copied it from the source. Something is removing the file from under > sendmail's nose before it has finished with it... > > What OS are you using? > What version of sendmail? Sendmail 8.9.3 on SuSE Linux 6.4, kernel 2.2.14. And just 1 copy of MailScanner running: # ps -ef | grep mail root 13287 1 0 17:42 ? 00:00:00 sendmail: accepting connections on port 25 root 13290 1 0 17:42 ? 00:00:00 /usr/sbin/sendmail -q15m root 30900 1 0 21:13 ? 00:00:00 perl /opt/mailscanner/bin/mailscanner /opt/mailscanner/etc/mailscanner.conf -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From nwp at LEMON-COMPUTING.COM Mon Jan 14 09:50:19 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <004101c19c78$8d5dd530$65000a0a@ramws1>; from evertjan@VANRAMSELAAR.NET on Sun, Jan 13, 2002 at 10:23:32PM +0100 References: <5.1.0.14.2.20020113211001.02f9a2d0@hawk.ecs.soton.ac.uk> <004101c19c78$8d5dd530$65000a0a@ramws1> Message-ID: <20020114095019.H6365@lemon-computing.com> On Sun, Jan 13, 2002 at 10:23:32PM +0100, Evert Jan van Ramselaar wrote: > Sendmail 8.9.3 on SuSE Linux 6.4, kernel 2.2.14. Someone else had this problem before, and I'm pretty sure it was down to sendmail 8.9 not keeping things locked when it should. Check the list archives and you might find it. I'm pretty sure that upgrading sendmail will fix it. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Beware of a tall black man with one blond shoe. From LISTSERV at JISCMAIL.AC.UK Mon Jan 14 00:34:16 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: brose@MED.WAYNE.EDU requested to join Message-ID: <200201140034.AAA09092@magpie.ecs.soton.ac.uk> Mon, 14 Jan 2002 00:34:16 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Bobby Rose You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER brose@MED.WAYNE.EDU Bobby Rose PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER brose@MED.WAYNE.EDU Bobby Rose // EOJ From paul-w at BLUEYONDER.CO.UK Mon Jan 14 10:09:00 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER Digest - 12 Jan 2002 to 13 Jan 2002 (#2002-14) References: Message-ID: <006b01c19ce3$7d1ee310$6a0110ac@sbsplc.com> > Date: Sun, 13 Jan 2002 17:39:12 +0000 > From: Nick Phillips > Subject: Re: Run-on Sentence in Reports with F-prot > > > Another question: Did someone already make an update scripts for the f-prot > > definitions? > > Not that I know of. If no-one else does/has, then I'll be doing one sometime > this week. Touch wood. > There's a bandwidth-saving update script at: http://uk2raq.com/updates/f-prot-zip-update.sh that downloads updates only if they are newer. See full installation instructions at: http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=96 From nwp at LEMON-COMPUTING.COM Mon Jan 14 10:29:10 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Things to be aware of when writing auto-updates In-Reply-To: <003901c19c71$fb0ff8d0$65000a0a@ramws1>; from evertjan@VANRAMSELAAR.NET on Sun, Jan 13, 2002 at 09:36:30PM +0100 References: <20020113173912.B6365@lemon-computing.com> <003901c19c71$fb0ff8d0$65000a0a@ramws1> Message-ID: <20020114102910.I6365@lemon-computing.com> On Sun, Jan 13, 2002 at 09:36:30PM +0100, Evert Jan van Ramselaar wrote: > #!/bin/sh > mkdir /tmp/fpupdate > cd /tmp/fpupdate > /usr/bin/wget ftp://ftp.f-prot.com/pub/macrdef2.zip > /usr/bin/wget ftp://ftp.f-prot.com/pub/fp-def.zip > /usr/bin/unzip macrdef2.zip > /usr/bin/unzip fp-def.zip > mv *.DEF *.ASC /usr/local/f-prot > cd / > rm -rf /tmp/fpupdate > > This does the trick for me. As you can see, it depends on wget. For the benefit of anyone who ends up writing auto-update scripts, you may want to think about using the locking that mailscanner does when starting up a scanner. Otherwise you may be halfway through updating your signatures when a scan starts, which could be a bad idea. Essentially, mailscanner creates and locks a file in /tmp (e.g. /tmp/SophosBusy.lock for sophos) to indicate that the scanner is being used, and updates should not be made. If you have a look at Julian's auto-update script for sophos, you'll see how it works. Thinking about it, I guess there may be a slight security risk the first time mailscanner uses a particular scanner (symlink attack could cause it to truncate any file that mailscanner can write). So far as I remember, the lock files are never removed, so this should only be a problem once. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com A long-forgotten loved one will appear soon. Buy the negatives at any price. From jbayer at bayerfamily.net Mon Jan 14 13:45:58 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:15 2006 Subject: Things to be aware of when writing auto-updates In-Reply-To: <20020114102910.I6365@lemon-computing.com> References: <20020113173912.B6365@lemon-computing.com> <003901c19c71$fb0ff8d0$65000a0a@ramws1> <20020114102910.I6365@lemon-computing.com> Message-ID: <811492075.20020114084558@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Nick, NP> For the benefit of anyone who ends up writing auto-update scripts, NP> you may want to think about using the locking that mailscanner does NP> when starting up a scanner. Otherwise you may be halfway through NP> updating your signatures when a scan starts, which could be a bad idea. NP> Essentially, mailscanner creates and locks a file in /tmp (e.g. NP> /tmp/SophosBusy.lock for sophos) to indicate that the scanner is being used, NP> and updates should not be made. But if the autoupdate script is replacing the file with a "mv" command, it shouldn't cause a problem. If it is currently opened by the scanner program original file will stick around until it is closed. So the most that can happen is that a scan is made using the old virus signature file. NP> If you have a look at Julian's auto-update script for sophos, you'll see NP> how it works. It's wrong, or rather, sweep.pl is wrong. Sweep.pl uses the lock file in /tmp, when it should really be in /var/lock (under most Linux distributions that I know of). JBB NP> Thinking about it, I guess there may be a slight security risk the first NP> time mailscanner uses a particular scanner (symlink attack could cause it NP> to truncate any file that mailscanner can write). So far as I remember, NP> the lock files are never removed, so this should only be a problem once. NP> Cheers, NP> Nick NP> -- NP> Nick Phillips -- nwp@lemon-computing.com NP> A long-forgotten loved one will appear soon. NP> Buy the negatives at any price. - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxC4RcACgkQLWek1tt+K52M8wCeP1VswquiiCiXIXy8a/7rKgoB inMAoId8BUtvTYyn4E0GVILzqjVpCJVD =pEVS -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Mon Jan 14 14:31:50 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: john.clancy@BUSINESSANDFINANCE.IE requested to join Message-ID: <200201141431.OAA14050@magpie.ecs.soton.ac.uk> Mon, 14 Jan 2002 14:31:49 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from John Clancy You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER john.clancy@BUSINESSANDFINANCE.IE John Clancy PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER john.clancy@BUSINESSANDFINANCE.IE John Clancy // EOJ From s-luppescu at UCHICAGO.EDU Mon Jan 14 15:26:23 2002 From: s-luppescu at UCHICAGO.EDU (Stuart Luppescu) Date: Thu Jan 12 21:14:15 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <5.1.0.14.2.20020112101812.04f75aa0@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020112101812.04f75aa0@hawk.ecs.soton.ac.uk> Message-ID: <1011021983.3571.0.camel@musuko.uchicago.edu> On ?, 2002-01-12 at 04:21, Julian Field wrote: > At 22:58 11/01/2002, you wrote: > >1) I had to copy /etc/cron.daily/Sophos.autoupdate to mcafee.autoupdate > >and edit it to do the autoupdate for mcafee. > >2) When I ran autoupdate the first time I got this message: > >Global symbol "$DATDir" requires explicit package name at ./autoupdate > >line 123. > > This has been spotted and will be correct in the next release. It's just a > "print" line so doesn't actually do any harm at all. Feel free to delete > the line in question. Yes, but it seems to prevent the script from running through to completion successfully. [snip] > The original had datDIR=$PackageDir/dat and this is where the mcafee > autoupdate script will put the .dat files it downloads. No, it looks like it puts the .dat files in a directory named for the date (e.g., 20020114) and then it's supposed to make a link from that directory to the dat directory, but it doesn't do it. I have to re-make the link by hand every day. -- Stuart Luppescu -=- s-luppescu@uchicago.edu University of Chicago -=- CCSR ???????? -=- Kernel 2.4.14-xfs Most legends have their basis in facts. -- Kirk, "And The Children Shall Lead", stardate 5029.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020114/c80656c8/attachment.bin From jkf at ecs.soton.ac.uk Mon Jan 14 15:35:35 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: Things to be aware of when writing auto-updates In-Reply-To: <811492075.20020114084558@bayerfamily.net> References: <20020114102910.I6365@lemon-computing.com> <20020113173912.B6365@lemon-computing.com> <003901c19c71$fb0ff8d0$65000a0a@ramws1> <20020114102910.I6365@lemon-computing.com> Message-ID: <5.1.0.14.2.20020114153354.04e37a90@imap.ecs.soton.ac.uk> At 13:45 14/01/2002, you wrote: >It's wrong, or rather, sweep.pl is wrong. Sweep.pl uses the lock file >in /tmp, when it should really be in /var/lock (under most Linux >distributions that I know of). Saying it is "wrong" is a bit strong, IMHO. Many Linux distributions prefer to put lock files in /var/lock, but so long as all the users of the lock files agree where they should go everything will work fine. I have implemented a "Lock File Dir" option in 3.03 for those who want to move the lock files, and are writing their own autoupdate scripts. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From t.d.lee at DURHAM.AC.UK Mon Jan 14 15:37:04 2002 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:14:15 2006 Subject: Things to be aware of when writing auto-updates In-Reply-To: <811492075.20020114084558@bayerfamily.net> Message-ID: On Mon, 14 Jan 2002, Jonathan B. Bayer wrote: > [Nick Phillips had earlier written: ] > > NP> If you have a look at Julian's auto-update script for sophos, you'll see > NP> how it works. > > It's wrong, or rather, sweep.pl is wrong. Sweep.pl uses the lock file > in /tmp, when it should really be in /var/lock (under most Linux > distributions that I know of). Off-list, I have discussed with Julian and Nick the possibility of using automake and autoconf to help build and install MailScanner, handling and managing a wide variety of platforms and local conventions. I'm hoping to send them my initial work (which I have already used on our three MailScanner machines) later this week. A natural part of this would be the GNU "localstatedir" convention for handling just this sort of thing. Hopefully that should help towards managing the placement of things such as lock files. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From chicks at CHICKS.NET Mon Jan 14 16:07:58 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:15 2006 Subject: Things to be aware of when writing auto-updates In-Reply-To: <5.1.0.14.2.20020114153354.04e37a90@imap.ecs.soton.ac.uk> Message-ID: On Mon, 14 Jan 2002, Julian Field wrote: > At 13:45 14/01/2002, you wrote: > >It's wrong, or rather, sweep.pl is wrong. Sweep.pl uses the lock file > >in /tmp, when it should really be in /var/lock (under most Linux > >distributions that I know of). > > Saying it is "wrong" is a bit strong, IMHO. Many Linux distributions > prefer to put lock files in /var/lock, but so long as all the users of > the lock files agree where they should go everything will work fine. Well, if you consider the Filesystem Hierarchy Standard which is firmly grounded in POSIX, wrong may not be too strong. For one thing: Programs must not assume that any files or directories in /tmp are preserved between invocations of the program. and the section on /var/lock is also forcefully worded: Lock files should be stored within the /var/lock directory structure. Lock files for devices and other resources shared by multiple applications, such as the serial device lock files that were originally found in either /usr/spool/locks or /usr/spool/uucp, must now be stored in /var/lock. ... -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From lawbar at NPCUSA.COM Mon Jan 14 16:50:55 2002 From: lawbar at NPCUSA.COM (Lawrence E. Bartash/NPCUSA Engineering) Date: Thu Jan 12 21:14:15 2006 Subject: Weirdnesses in McAfee autoupdate Message-ID: <7B0A15E17340D41186B6009027F694557E8826@nuwhexs1.nuwh.home> I also experience this problem. The unlink and symlink does not appear to be working. I'm not sure that LockMcafee and UnlockMcafee are working either because I do not see the print statements when running autoupdate from the command line. Weird. It was working prior to upgrading from 2.62 to 3.00-3 > -----Original Message----- > From: Stuart Luppescu [SMTP:s-luppescu@UCHICAGO.EDU] > Sent: Monday, January 14, 2002 9:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Weirdnesses in McAfee autoupdate > > On $BEZ (J, 2002-01-12 at 04:21, Julian Field wrote: (J > > At 22:58 11/01/2002, you wrote: > > >1) I had to copy /etc/cron.daily/Sophos.autoupdate to mcafee.autoupdate > > >and edit it to do the autoupdate for mcafee. > > >2) When I ran autoupdate the first time I got this message: > > >Global symbol "$DATDir" requires explicit package name at ./autoupdate > > >line 123. > > > > This has been spotted and will be correct in the next release. It's just > a > > "print" line so doesn't actually do any harm at all. Feel free to delete > > the line in question. > Yes, but it seems to prevent the script from running through to > completion successfully. > > [snip] > > The original had datDIR=$PackageDir/dat and this is where the mcafee > > autoupdate script will put the .dat files it downloads. > No, it looks like it puts the .dat files in a directory named for the > date (e.g., 20020114) and then it's supposed to make a link from that > directory to the dat directory, but it doesn't do it. I have to re-make > the link by hand every day. > -- > Stuart Luppescu -=- s-luppescu@uchicago.edu > University of Chicago -=- CCSR > $B:MJ8$HCRF`H~$NIc (J -=- Kernel 2.4.14-xfs (J > Most legends have their basis in facts. -- Kirk, > "And The Children Shall Lead", stardate 5029.5 > From nwp at LEMON-COMPUTING.COM Mon Jan 14 17:01:51 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Using Kaspersky AV with mailscanner Message-ID: <20020114170151.V6365@lemon-computing.com> For the benefit of anyone who has had problems with kaspersky AV and mailscanner: It looks like kaspersky's output may have changed significantly between the version I have and some (very slightly) earlier ones. So, if you could try using a version of kaspersky at least as high as this: +-------------------------------------------------------+ | Kaspersky Anti-Virus for Linux | | Copyright(C) Kaspersky Lab. 1998-2001 | | Version 3.0 build 136 | | | +-------------------------------------------------------+ then it "should" work. I'd be grateful if anyone having problems with this or more recent versions could send me everything necessary to reproduce the problem (details of your kaspersky setup, your mailscanner.conf, your Linux distribution etc., and the mail that caused the problem). Oh, and the mail that caused the problem would be kind of essential, too. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Perfect day for scrubbing the floor and other exciting things. From evertjan at VANRAMSELAAR.NET Mon Jan 14 17:36:23 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <20020114095019.H6365@lemon-computing.com> Message-ID: <000501c19d21$fbffc710$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Nick Phillips > Sent: Monday, January 14, 2002 10:50 AM > Someone else had this problem before, and I'm pretty sure it was down to > sendmail 8.9 not keeping things locked when it should. > > Check the list archives and you might find it. > I'm pretty sure that upgrading sendmail will fix it. Thanks for reminding me to STFLA (Search The Fine List Archive). :D I found this message: ------------------------ Date: Wed, 12 Dec 2001 14:40:09 +0100 From: Stephan Effertz Subject: Antwort: Message size query I've had the same problem with SuSE 6.4 running sendmail 8.9.x (Not sure about the exact version). After installing the sendmail.rpm from SuSE 7.0 (sendmail 8.11.x - available as update for SuSE 7.0 - ) the error went away. Additionally I've added file locking to mailscanner.conf (flock). Looks like sendmail 8.9 releases file locks while receiving mails before they are completed. So mailscanner "grabs" these files and sendmail come's up with the file re-open error. regards, Stephan ------------------------ Looks like my situation, and I upgraded Sendmail to v8.11.0. I did not yet uncomment the file locking option in the MailScanner config though. I hope this will fix the problem. Thanks for your help. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From mdchaney at MICHAELCHANEY.COM Mon Jan 14 17:41:00 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:15 2006 Subject: Version 3, spamassassin, vipul's razor, exim Message-ID: <20020114114100.B13207@michaelchaney.com> Anyone else using the above combination? Vipul's Razor isn't taint-proof, and since mailscanner is running setuid, taint checking is implied. So I'm seeing this for every email: razor check skipped: Bad file descriptor Insecure dependency in connect while running with -T switch at /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, line 2. If nobody else has dealt with this then I'll fix it myself and send a patch to Vipul. Just don't want to duplicate others' work if I don't have to. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From LISTSERV at JISCMAIL.AC.UK Mon Jan 14 17:46:26 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: ty@BIGUN.C-GATE.NET requested to join Message-ID: <200201141746.RAA27693@magpie.ecs.soton.ac.uk> Mon, 14 Jan 2002 17:46:26 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ty Parker You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ty@BIGUN.C-GATE.NET Ty Parker PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ty@BIGUN.C-GATE.NET Ty Parker // EOJ From jkf at ecs.soton.ac.uk Mon Jan 14 19:18:26 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:15 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <7B0A15E17340D41186B6009027F694557E8826@nuwhexs1.nuwh.home> Message-ID: <5.1.0.14.2.20020114191806.03553e48@hawk.ecs.soton.ac.uk> At 16:50 14/01/2002, you wrote: >I also experience this problem. The unlink and symlink does not appear to be >working. I'm not sure that LockMcafee and UnlockMcafee are working either >because I do not see the print statements when running autoupdate from the >command line. Weird. It was working prior to upgrading from 2.62 to 3.00-3 But I haven't touch the mcafee autoupdate script in months... > > -----Original Message----- > > From: Stuart Luppescu [SMTP:s-luppescu@UCHICAGO.EDU] > > Sent: Monday, January 14, 2002 9:26 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Weirdnesses in McAfee autoupdate > > > > On $BEZ (J, 2002-01-12 at 04:21, Julian Field wrote: (J > > > At 22:58 11/01/2002, you wrote: > > > >1) I had to copy /etc/cron.daily/Sophos.autoupdate to mcafee.autoupdate > > > >and edit it to do the autoupdate for mcafee. > > > >2) When I ran autoupdate the first time I got this message: > > > >Global symbol "$DATDir" requires explicit package name at ./autoupdate > > > >line 123. > > > > > > This has been spotted and will be correct in the next release. It's just > > a > > > "print" line so doesn't actually do any harm at all. Feel free to delete > > > the line in question. > > Yes, but it seems to prevent the script from running through to > > completion successfully. > > > > [snip] > > > The original had datDIR=$PackageDir/dat and this is where the mcafee > > > autoupdate script will put the .dat files it downloads. > > No, it looks like it puts the .dat files in a directory named for the > > date (e.g., 20020114) and then it's supposed to make a link from that > > directory to the dat directory, but it doesn't do it. I have to re-make > > the link by hand every day. > > -- > > Stuart Luppescu -=- s-luppescu@uchicago.edu > > University of Chicago -=- CCSR > > $B:MJ8$HCRF`H~$NIc (J -=- Kernel 2.4.14-xfs (J > > Most legends have their basis in facts. -- Kirk, > > "And The Children Shall Lead", stardate 5029.5 > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Mon Jan 14 22:19:44 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <000501c19d21$fbffc710$65000a0a@ramws1>; from evertjan@VANRAMSELAAR.NET on Mon, Jan 14, 2002 at 06:36:23PM +0100 References: <20020114095019.H6365@lemon-computing.com> <000501c19d21$fbffc710$65000a0a@ramws1> Message-ID: <20020114221944.Z6365@lemon-computing.com> On Mon, Jan 14, 2002 at 06:36:23PM +0100, Evert Jan van Ramselaar wrote: > Looks like my situation, and I upgraded Sendmail to v8.11.0. I did not yet > uncomment the file locking option in the MailScanner config though. > > I hope this will fix the problem. Thanks for your help. Yeah. Should be fine; unless someone does something weird with a sendmail build I don't expect anyone to ever need to set the locking option. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Learn to pause -- or nothing worthwhile can catch up to you. From nwp at LEMON-COMPUTING.COM Mon Jan 14 22:23:45 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Version 3, spamassassin, vipul's razor, exim In-Reply-To: <20020114114100.B13207@michaelchaney.com>; from mdchaney@MICHAELCHANEY.COM on Mon, Jan 14, 2002 at 11:41:00AM -0600 References: <20020114114100.B13207@michaelchaney.com> Message-ID: <20020114222345.A6365@lemon-computing.com> On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote: > Anyone else using the above combination? Vipul's Razor isn't > taint-proof, and since mailscanner is running setuid, taint checking is > implied. Ugh! Only implied - should be explicit... I must have forgotten to add that (had enough fun with taint checking when I first added the UID-setting). > So I'm seeing this for every email: > > razor check skipped: Bad file descriptor Insecure dependency in connect > while running with -T switch at > /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, line 2. > > If nobody else has dealt with this then I'll fix it myself and send a > patch to Vipul. Just don't want to duplicate others' work if I don't > have to. If I were you I'd do more than just fix it; I'd check over it with a fine toothcomb. Chances are, if it can't run with -T as is then at least somewhere there'll be a dodgy assumption or two. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You are capable of planning your future. From evertjan at VANRAMSELAAR.NET Mon Jan 14 22:37:28 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:15 2006 Subject: SYSERR(root): Cannot reopen dfTAA01831 In-Reply-To: <20020114221944.Z6365@lemon-computing.com> Message-ID: <001e01c19d4c$0c019470$65000a0a@ramws1> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Nick Phillips > Sent: Monday, January 14, 2002 11:20 PM >> Looks like my situation, and I upgraded Sendmail to v8.11.0. I >> did not yet uncomment the file locking option in the MailScanner >> config though. > Yeah. Should be fine; unless someone does something weird with a sendmail > build I don't expect anyone to ever need to set the locking option. I have been testing it for some hours now, also with somewhat larger e-mails, and it seems to be fine now. No more reopen errors so far... :) -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From mdchaney at MICHAELCHANEY.COM Mon Jan 14 23:07:13 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:15 2006 Subject: Version 3, spamassassin, vipul's razor, exim In-Reply-To: <20020114222345.A6365@lemon-computing.com>; from nwp@LEMON-COMPUTING.COM on Mon, Jan 14, 2002 at 10:23:45PM +0000 References: <20020114114100.B13207@michaelchaney.com> <20020114222345.A6365@lemon-computing.com> Message-ID: <20020114170713.A17228@michaelchaney.com> On Mon, Jan 14, 2002 at 10:23:45PM +0000, Nick Phillips wrote: > On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote: > > Anyone else using the above combination? Vipul's Razor isn't > > taint-proof, and since mailscanner is running setuid, taint checking is > > implied. > > Ugh! Only implied - should be explicit... I must have forgotten to add > that (had enough fun with taint checking when I first added the UID-setting). > > > So I'm seeing this for every email: > > > > razor check skipped: Bad file descriptor Insecure dependency in connect > > while running with -T switch at > > /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, line 2. > > > > If nobody else has dealt with this then I'll fix it myself and send a > > patch to Vipul. Just don't want to duplicate others' work if I don't > > have to. > > If I were you I'd do more than just fix it; I'd check over it with a fine > toothcomb. > > Chances are, if it can't run with -T as is then at least somewhere there'll > be a dodgy assumption or two. Actually, it was easy to find and fix. The code reads a list of servers from a file, and that was the problem. I untainted them before the connect call that was dying above and it works like a charm. Now I have to determine why mailscanner died after 999 messages. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From mdchaney at MICHAELCHANEY.COM Mon Jan 14 23:12:26 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:15 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <20020111094621.B22455@lemon-computing.com>; from nwp@LEMON-COMPUTING.COM on Fri, Jan 11, 2002 at 09:46:21AM +0000 References: <1010686326.1571.28.camel@ralph.plexio.private> <20020111094621.B22455@lemon-computing.com> Message-ID: <20020114171226.A17260@michaelchaney.com> On Fri, Jan 11, 2002 at 09:46:21AM +0000, Nick Phillips wrote: > On Thu, Jan 10, 2002 at 10:12:04AM -0800, Stephen Lee wrote: > > > Undefined subroutine &main::DieLog called at > > /usr/local/MailScanner/bin/mailscanner line 288. > > I've fixed this. Doesn't do any harm besides not giving a more helpful > error message, so nothing to worry about. This error got me, too. What's the fix? Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From nwp at LEMON-COMPUTING.COM Tue Jan 15 00:02:10 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <20020114171226.A17260@michaelchaney.com>; from mdchaney@MICHAELCHANEY.COM on Mon, Jan 14, 2002 at 05:12:26PM -0600 References: <1010686326.1571.28.camel@ralph.plexio.private> <20020111094621.B22455@lemon-computing.com> <20020114171226.A17260@michaelchaney.com> Message-ID: <20020115000210.H6365@lemon-computing.com> On Mon, Jan 14, 2002 at 05:12:26PM -0600, Michael Chaney wrote: > > > Undefined subroutine &main::DieLog called at > > > /usr/local/MailScanner/bin/mailscanner line 288. > > > > I've fixed this. Doesn't do any harm besides not giving a more helpful > > error message, so nothing to worry about. > > This error got me, too. What's the fix? At the bottom of the main mailscanner script, the package name ("Log") needs to be added to the subroutine call. If it got you, it means that mailscanner doesn't have permission to re-exec itself (that's the message it was trying to give you when it died). And if you've set the maximum number of messages per run to 1000, that also explains why it's dying after 999 messages. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com It was all so different before everything changed. From gerry at DORFAM.CA Tue Jan 15 00:42:30 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:15 2006 Subject: SpamAssassin Problems Message-ID: I know this isn't the SA list but thought I'd see if anyone else had experienced the problem before I head off to the SA mailing list. I can't install SA using CPAN without forcing the install. It fails on the tests. I downloaded the gz file and tried that. The same thing happens. It fails about 66% of the tests when running the "make test" command. I tried installing using CPAN and the gz file on two different systems with the same result. One is running Redhat 7.1 and the other a Redhat 7.2. It fails when checking the spamd command. I installed it away and it seems to be running properly but I really don't trust it. Has anyone else seen this??? Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From splee at PLEXIO.COM Tue Jan 15 00:50:25 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:15 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <20020114171226.A17260@michaelchaney.com> References: <1010686326.1571.28.camel@ralph.plexio.private> <20020111094621.B22455@lemon-computing.com> <20020114171226.A17260@michaelchaney.com> Message-ID: <1011055826.17029.33.camel@ralph.plexio.private> On Mon, 2002-01-14 at 15:12, Michael Chaney wrote: > On Fri, Jan 11, 2002 at 09:46:21AM +0000, Nick Phillips wrote: > > On Thu, Jan 10, 2002 at 10:12:04AM -0800, Stephen Lee wrote: > > > > > Undefined subroutine &main::DieLog called at > > > /usr/local/MailScanner/bin/mailscanner line 288. > > > > I've fixed this. Doesn't do any harm besides not giving a more helpful > > error message, so nothing to worry about. > > This error got me, too. What's the fix? > > Michael > I my case, it turns out that the directory permissions for the various perl modules (for perl 5.6.1) were set to 0700 for root.root. Changing all of them to 0755 fixed that and other problems like mailscanner dying during restarts. I don't run Exim and MailScanner as root. Stephen From nwp at LEMON-COMPUTING.COM Tue Jan 15 01:18:36 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:15 2006 Subject: Kaspersky problems Message-ID: <20020115011836.M6365@lemon-computing.com> Something to try if you're having trouble with kaspersky: make sure that the user that mailscanner is running as has permission to read the kaspersky .key file(s). Heh. And I noticed that at 1:15 in the morning. I'm so impressed, I'm going home to bed ;) Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com It was all so different before everything changed. From sfarrell at ICCONSULTING.COM.AU Tue Jan 15 02:46:04 2002 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:15 2006 Subject: SpamAssassin Problems Message-ID: Read the doco that comes with it (probably REAME), I think I remember that one is supposed to fail. regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Gerry Doris To: MAILSCANNER@JISCMAIL.AC.UK Sent by: cc: MailScanner Subject: SpamAssassin Problems mailing list 15/01/02 11:42 AM Please respond to MailScanner mailing list I know this isn't the SA list but thought I'd see if anyone else had experienced the problem before I head off to the SA mailing list. I can't install SA using CPAN without forcing the install. It fails on the tests. I downloaded the gz file and tried that. The same thing happens. It fails about 66% of the tests when running the "make test" command. I tried installing using CPAN and the gz file on two different systems with the same result. One is running Redhat 7.1 and the other a Redhat 7.2. It fails when checking the spamd command. I installed it away and it seems to be running properly but I really don't trust it. Has anyone else seen this??? Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Tue Jan 15 01:56:22 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:15 2006 Subject: SpamAssassin Problems In-Reply-To: Message-ID: On Tue, 15 Jan 2002, Scott Farrell wrote: > Read the doco that comes with it (probably REAME), I think I remember that > one is supposed to fail. > > regards > Scott Farrell I think we're talking aobut two different things??? After I install SpamAssassin it passes the two tests that they suggest in the docs ie. the ones that go: spamassassin -t < sample-nospam.txt > nospam.out and spamassassin -t < sample-spam.txt > spam.out However, I can't get SpamAssassin to install at all using CPAN because that install automatically runs the "make test" command and several spamd tests fail. Installing the gz file by hand and skipping the "make test" command and just using "make install" will install the program and it seems to work. Going back and doing a "make test" will also fail a number of spamd tests though. This is what is making me nervous. Gerry From mdchaney at MICHAELCHANEY.COM Tue Jan 15 03:33:31 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:15 2006 Subject: Unreadable multipart MIME messages In-Reply-To: <1011055826.17029.33.camel@ralph.plexio.private>; from splee@PLEXIO.COM on Mon, Jan 14, 2002 at 04:50:25PM -0800 References: <1010686326.1571.28.camel@ralph.plexio.private> <20020111094621.B22455@lemon-computing.com> <20020114171226.A17260@michaelchaney.com> <1011055826.17029.33.camel@ralph.plexio.private> Message-ID: <20020114213331.B20234@michaelchaney.com> On Mon, Jan 14, 2002 at 04:50:25PM -0800, Stephen Lee wrote: > On Mon, 2002-01-14 at 15:12, Michael Chaney wrote: > > On Fri, Jan 11, 2002 at 09:46:21AM +0000, Nick Phillips wrote: > > > On Thu, Jan 10, 2002 at 10:12:04AM -0800, Stephen Lee wrote: > > > > > > > Undefined subroutine &main::DieLog called at > > > > /usr/local/MailScanner/bin/mailscanner line 288. > > > > > > I've fixed this. Doesn't do any harm besides not giving a more helpful > > > error message, so nothing to worry about. > > > > This error got me, too. What's the fix? > > > > Michael > > > I my case, it turns out that the directory permissions for the various > perl modules (for perl 5.6.1) were set to 0700 for root.root. Changing > all of them to 0755 fixed that and other problems like mailscanner dying > during restarts. I don't run Exim and MailScanner as root. I don't get it. I can su to mail and run it just fine, and the file permissions are all correct as far as I can see. Any other ideas? Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From mdchaney at MICHAELCHANEY.COM Tue Jan 15 05:00:09 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:15 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: <20020114230009.B21267@michaelchaney.com> I ran 1000 known spams through the mailscanner/spamassassin setup to see what the percentage was. It was about 70%, not to great, particularly since spamassassin is supposed to be in the high 90's. So I looked at the messages that weren't marked. Sure enough, some of them do get tagged as spam if I run them manually through spamassassin. Before I go tracking this down, is it something obvious? Could it be something timing out given the load that 1000 emails simultaneously tends to put on a mail server? Any ideas are appreciated. Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From LISTSERV at JISCMAIL.AC.UK Mon Jan 14 23:40:43 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:15 2006 Subject: MAILSCANNER: nick@EMPHASYS.COM requested to join Message-ID: <200201142340.XAA17430@magpie.ecs.soton.ac.uk> Mon, 14 Jan 2002 23:40:43 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Nick Bellomy You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER nick@EMPHASYS.COM Nick Bellomy PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER nick@EMPHASYS.COM Nick Bellomy // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 15 05:08:20 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: ian@FASTNET.BC.CA requested to join Message-ID: <200201150508.FAA28965@magpie.ecs.soton.ac.uk> Tue, 15 Jan 2002 05:08:20 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ian Dobson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ian@FASTNET.BC.CA Ian Dobson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ian@FASTNET.BC.CA Ian Dobson // EOJ From brose at MED.WAYNE.EDU Tue Jan 15 05:41:21 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: I've been running the same testing and seeing the same results. I've been trying to narrow it down also. It's definitely not a timing issue since I can pass the same message thru several times on my test box and SpamAssassin still returns 0 to mailscanner. But if you run the cmdline program against it, it gets tagged as spam. I want to say that it has something to with html formated messages and the perl spamassassin apis though I'm trying to figure out how it functions while trying to diag the issue. -----Original Message----- From: Michael Chaney [mailto:mdchaney@MICHAELCHANEY.COM] Sent: Tuesday, January 15, 2002 12:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spamassassin, mailscanner 3, etc. I ran 1000 known spams through the mailscanner/spamassassin setup to see what the percentage was. It was about 70%, not to great, particularly since spamassassin is supposed to be in the high 90's. So I looked at the messages that weren't marked. Sure enough, some of them do get tagged as spam if I run them manually through spamassassin. Before I go tracking this down, is it something obvious? Could it be something timing out given the load that 1000 emails simultaneously tends to put on a mail server? Any ideas are appreciated. Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From mdchaney at MICHAELCHANEY.COM Tue Jan 15 06:38:11 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: ; from brose@MED.WAYNE.EDU on Tue, Jan 15, 2002 at 12:41:21AM -0500 References: Message-ID: <20020115003811.A22053@michaelchaney.com> On Tue, Jan 15, 2002 at 12:41:21AM -0500, Rose, Bobby wrote: > I've been running the same testing and seeing the same results. I've > been trying to narrow it down also. It's definitely not a timing issue > since I can pass the same message thru several times on my test box and > SpamAssassin still returns 0 to mailscanner. But if you run the cmdline > program against it, it gets tagged as spam. I want to say that it has > something to with html formated messages and the perl spamassassin apis > though I'm trying to figure out how it functions while trying to diag > the issue. The message that I looked at isn't HTML or anything like it. I'll have to take a closer look, too. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From LISTSERV at JISCMAIL.AC.UK Tue Jan 15 07:33:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: lance@LJCINTERACTIVE.COM left the JISCmail list Message-ID: <200201150733.HAA04069@magpie.ecs.soton.ac.uk> Tue, 15 Jan 2002 07:33:29 Lance Caswell has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Tue Jan 15 08:57:14 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <20020114222643.B6365@lemon-computing.com> References: <5.1.0.14.2.20020114191806.03553e48@hawk.ecs.soton.ac.uk> <7B0A15E17340D41186B6009027F694557E8826@nuwhexs1.nuwh.home> <5.1.0.14.2.20020114191806.03553e48@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020115084844.03dd1630@imap.ecs.soton.ac.uk> At 22:26 14/01/2002, you wrote: >On Mon, Jan 14, 2002 at 07:18:26PM +0000, Julian Field wrote: > > At 16:50 14/01/2002, you wrote: > > >I also experience this problem. The unlink and symlink does not appear > to be > > >working. I'm not sure that LockMcafee and UnlockMcafee are working either > > >because I do not see the print statements when running autoupdate from the > > >command line. Weird. It was working prior to upgrading from 2.62 to 3.00-3 > > > > But I haven't touch the mcafee autoupdate script in months... > >revision 1.1 >date: 2001/12/13 18:25:07; author: jkf; state: Exp; >branches: 1.1.2; >Added McAfee autoupdate script with some bug-fixes from a user. > > >That would I guess have first gone out in 3.0. I stand corrected. I have changed the code back again (removed some brackets from lines 115-116) and will put it in the next release. The only interesting part of the diff was this: 114,115c115,116 < unlink $DATlink if -l $DATlink; < symlink $DATdir, $DATlink; --- > unlink($DATlink) if -l $DATlink; > symlink($DATdir, $DATlink); -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 15 09:05:21 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: SpamAssassin Problems In-Reply-To: References: Message-ID: <5.1.0.14.2.20020115090353.03f0ccf8@imap.ecs.soton.ac.uk> At 01:56 15/01/2002, you wrote: >Going back and doing a "make test" will also fail a number of spamd tests >though. This is what is making me nervous. MailScanner doesn't use spamd, so I wouldn't lose too much sleep over it... :-) If the basic is-this-spam-or-not "spamassassin -t" tests work, you should be okay. Not that MailScanner uses "spamassassin -t" either, but it's a good test. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 15 09:15:54 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: Message-ID: <5.1.0.14.2.20020115091258.03f2b528@imap.ecs.soton.ac.uk> At 05:41 15/01/2002, you wrote: >I've been running the same testing and seeing the same results. Me too! I haven't had time to debug SpamAssassin, I know from the docs (and some sample code supplied by its author) that I'm calling it correctly, and most of the time it works as it should. But it still gets it wrong some times. Their compile_now() method definitely has bugs, it was causing some people's setups to report every message as spam, and on my own systems was causing it to never read the preferences file. I took out the call to compile_now() and all those problems just vanished. Anyone who feels like debugging SA, you are very welcome to the job! > I've >been trying to narrow it down also. It's definitely not a timing issue >since I can pass the same message thru several times on my test box and >SpamAssassin still returns 0 to mailscanner. But if you run the cmdline >program against it, it gets tagged as spam. I want to say that it has >something to with html formated messages and the perl spamassassin apis >though I'm trying to figure out how it functions while trying to diag >the issue. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From alan at ESSEX.AC.UK Tue Jan 15 10:04:40 2002 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:14:16 2006 Subject: Cannot call method "parts" Message-ID: <7AC902A40BEDD411A3A800D0B7847B665F33F1@sernt14.essex.ac.uk> I am attempting to run MailScanner as mail.mail to work with exim. It works for a few minutes, then I get the message Can't call method "parts" on an undefined value at /usr/local/MailScanner/bin/explode.pl line 261. and MailScanner dies. Can anyone suggest what I am doing wrong? -------- Alan Stanier Essex University Information Systems Services Systems Group From jkf at ecs.soton.ac.uk Tue Jan 15 11:12:05 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Cannot call method "parts" In-Reply-To: <7AC902A40BEDD411A3A800D0B7847B665F33F1@sernt14.essex.ac.uk > Message-ID: <5.1.0.14.2.20020115111137.03c9aa60@imap.ecs.soton.ac.uk> At 10:04 15/01/2002, you wrote: >I am attempting to run MailScanner as mail.mail to work with exim. > >It works for a few minutes, then I get the message > >Can't call method "parts" on an undefined value at >/usr/local/MailScanner/bin/explode.pl line 261. > >and MailScanner dies. > >Can anyone suggest what I am doing wrong? My guess would be you are using an old version of MailScanner. Upgrade to a newer release and this problem should disappear. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From s-luppescu at UCHICAGO.EDU Tue Jan 15 15:03:34 2002 From: s-luppescu at UCHICAGO.EDU (Stuart Luppescu) Date: Thu Jan 12 21:14:16 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <5.1.0.14.2.20020115084844.03dd1630@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020114191806.03553e48@hawk.ecs.soton.ac.uk> <7B0A15E17340D41186B6009027F694557E8826@nuwhexs1.nuwh.home> <5.1.0.14.2.20020114191806.03553e48@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020115084844.03dd1630@imap.ecs.soton.ac.uk> Message-ID: <1011107014.3791.6.camel@musuko.uchicago.edu> On ?, 2002-01-15 at 02:57, Julian Field wrote: > At 22:26 14/01/2002, you wrote: > >On Mon, Jan 14, 2002 at 07:18:26PM +0000, Julian Field wrote: > > > At 16:50 14/01/2002, you wrote: > > > >I also experience this problem. The unlink and symlink does not appear > > to be > > > >working. I'm not sure that LockMcafee and UnlockMcafee are working either > > > >because I do not see the print statements when running autoupdate from the > > > >command line. Weird. It was working prior to upgrading from 2.62 to 3.00-3 > > > > > > But I haven't touch the mcafee autoupdate script in months... > > > >revision 1.1 > >date: 2001/12/13 18:25:07; author: jkf; state: Exp; > >branches: 1.1.2; > >Added McAfee autoupdate script with some bug-fixes from a user. > > > > > >That would I guess have first gone out in 3.0. > > I stand corrected. I have changed the code back again (removed some > brackets from lines 115-116) and will put it in the next release. > > The only interesting part of the diff was this: > 114,115c115,116 > < unlink $DATlink if -l $DATlink; > < symlink $DATdir, $DATlink; > --- > > unlink($DATlink) if -l $DATlink; > > symlink($DATdir, $DATlink); Sorry, but this still doesn't fix it. When I run the script I get this message: A target has not been specified for scanning! /usr/local/mcafee/dat/ /usr/local/mcafee/20020115 It seems that it's happening at line 89, and then, because of the error, it's not even getting down to line 115 where it makes the symlinks, but I don't have the facility in perl to be sure. -- Stuart Luppescu -=- s-luppescu@uchicago.edu University of Chicago -=- CCSR ???????? -=- Kernel 2.4.14-xfs "Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020115/42536efa/attachment.bin From lawbar at NPCUSA.COM Tue Jan 15 15:48:28 2002 From: lawbar at NPCUSA.COM (Lawrence E. Bartash/NPCUSA Engineering) Date: Thu Jan 12 21:14:16 2006 Subject: Weirdnesses in McAfee autoupdate Message-ID: <7B0A15E17340D41186B6009027F694557E882C@nuwhexs1.nuwh.home> OK I got this one fixed. Taking braces out does absolutely nothing. I changed the perl calls to system calls temporarily and noticed that $DATlink had a trailing / on it. Very bad, perl doesn't barf on this! :-( therefore the real fix is on line 39 my($DATlink) = "$mcafeeroot/dat"; also line 123 needs to be changed print "DATdir\n"; These changes make everything work, including the removal of the old dat files via the system call. :-) > -----Original Message----- > From: Stuart Luppescu [SMTP:s-luppescu@UCHICAGO.EDU] > Sent: Tuesday, January 15, 2002 9:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Weirdnesses in McAfee autoupdate > > On $B2P (J, 2002-01-15 at 02:57, Julian Field wrote: (J > > At 22:26 14/01/2002, you wrote: > > >On Mon, Jan 14, 2002 at 07:18:26PM +0000, Julian Field wrote: > > > > At 16:50 14/01/2002, you wrote: > > > > >I also experience this problem. The unlink and symlink does not > appear > > > to be > > > > >working. I'm not sure that LockMcafee and UnlockMcafee are working > either > > > > >because I do not see the print statements when running autoupdate > from the > > > > >command line. Weird. It was working prior to upgrading from 2.62 to > 3.00-3 > > > > > > > > But I haven't touch the mcafee autoupdate script in months... > > > > > >revision 1.1 > > >date: 2001/12/13 18:25:07; author: jkf; state: Exp; > > >branches: 1.1.2; > > >Added McAfee autoupdate script with some bug-fixes from a user. > > > > > > > > >That would I guess have first gone out in 3.0. > > > > I stand corrected. I have changed the code back again (removed some > > brackets from lines 115-116) and will put it in the next release. > > > > The only interesting part of the diff was this: > > 114,115c115,116 > > < unlink $DATlink if -l $DATlink; > > < symlink $DATdir, $DATlink; > > --- > > > unlink($DATlink) if -l $DATlink; > > > symlink($DATdir, $DATlink); > > Sorry, but this still doesn't fix it. When I run the script I get this > message: > A target has not been specified for scanning! > /usr/local/mcafee/dat/ > > /usr/local/mcafee/20020115 > It seems that it's happening at line 89, and then, because of the error, > it's not even getting down to line 115 where it makes the symlinks, but > I don't have the facility in perl to be sure. > -- > Stuart Luppescu -=- s-luppescu@uchicago.edu > University of Chicago -=- CCSR > $B:MJ8$HCRF`H~$NIc (J -=- Kernel 2.4.14-xfs (J > "Call immediately. Time is running out. We both > need to do something monstrous before we die." -- > Message from Ralph Steadman to Hunter Thompson > From jkf at ecs.soton.ac.uk Tue Jan 15 16:08:31 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Weirdnesses in McAfee autoupdate In-Reply-To: <7B0A15E17340D41186B6009027F694557E882C@nuwhexs1.nuwh.home> Message-ID: <5.1.0.14.2.20020115160810.03ede828@imap.ecs.soton.ac.uk> Thanks for that. Fix incorporated in 3.03 (due out soon). At 15:48 15/01/2002, you wrote: >OK I got this one fixed. >Taking braces out does absolutely nothing. >I changed the perl calls to system calls temporarily and noticed that >$DATlink had a trailing / on it. Very bad, perl doesn't barf on this! :-( >therefore the real fix is on line 39 > >my($DATlink) = "$mcafeeroot/dat"; > >also line 123 needs to be changed > >print "DATdir\n"; > >These changes make everything work, including the removal of the old dat >files via the system call. :-) > > > -----Original Message----- > > From: Stuart Luppescu [SMTP:s-luppescu@UCHICAGO.EDU] > > Sent: Tuesday, January 15, 2002 9:04 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Weirdnesses in McAfee autoupdate > > > > On $B2P (J, 2002-01-15 at 02:57, Julian Field wrote: (J > > > At 22:26 14/01/2002, you wrote: > > > >On Mon, Jan 14, 2002 at 07:18:26PM +0000, Julian Field wrote: > > > > > At 16:50 14/01/2002, you wrote: > > > > > >I also experience this problem. The unlink and symlink does not > > appear > > > > to be > > > > > >working. I'm not sure that LockMcafee and UnlockMcafee are working > > either > > > > > >because I do not see the print statements when running autoupdate > > from the > > > > > >command line. Weird. It was working prior to upgrading from 2.62 to > > 3.00-3 > > > > > > > > > > But I haven't touch the mcafee autoupdate script in months... > > > > > > > >revision 1.1 > > > >date: 2001/12/13 18:25:07; author: jkf; state: Exp; > > > >branches: 1.1.2; > > > >Added McAfee autoupdate script with some bug-fixes from a user. > > > > > > > > > > > >That would I guess have first gone out in 3.0. > > > > > > I stand corrected. I have changed the code back again (removed some > > > brackets from lines 115-116) and will put it in the next release. > > > > > > The only interesting part of the diff was this: > > > 114,115c115,116 > > > < unlink $DATlink if -l $DATlink; > > > < symlink $DATdir, $DATlink; > > > --- > > > > unlink($DATlink) if -l $DATlink; > > > > symlink($DATdir, $DATlink); > > > > Sorry, but this still doesn't fix it. When I run the script I get this > > message: > > A target has not been specified for scanning! > > /usr/local/mcafee/dat/ > > > > /usr/local/mcafee/20020115 > > It seems that it's happening at line 89, and then, because of the error, > > it's not even getting down to line 115 where it makes the symlinks, but > > I don't have the facility in perl to be sure. > > -- > > Stuart Luppescu -=- s-luppescu@uchicago.edu > > University of Chicago -=- CCSR > > $B:MJ8$HCRF`H~$NIc (J -=- Kernel 2.4.14-xfs (J > > "Call immediately. Time is running out. We both > > need to do something monstrous before we die." -- > > Message from Ralph Steadman to Hunter Thompson > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From ian at FASTNET.BC.CA Tue Jan 15 16:49:14 2002 From: ian at FASTNET.BC.CA (Ian Dobson) Date: Thu Jan 12 21:14:16 2006 Subject: SpamAssassin, how do I know that it's working In-Reply-To: <5.1.0.14.2.20020115090353.03f0ccf8@imap.ecs.soton.ac.uk> References: Message-ID: <3C43ED0A.9565.7578DC9@localhost> I've installed Mailscanner with Mcafee and its working great, however None of the emails are ever tagged as being checked for spam. are the headers only changed if they are spam? How can I test it? all the tests passed and I'm using spamassassin 2.0, I was using 1.5 and I didn't see a difference. and also do I have to start spamassassin, or does mailscanner take care of that for me? So many questions :) From jkf at ecs.soton.ac.uk Tue Jan 15 17:04:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: SpamAssassin, how do I know that it's working In-Reply-To: <3C43ED0A.9565.7578DC9@localhost> References: <5.1.0.14.2.20020115090353.03f0ccf8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020115170152.066f1870@imap.ecs.soton.ac.uk> At 16:49 15/01/2002, you wrote: >I've installed Mailscanner with Mcafee and its working great, however None of >the emails are ever tagged as being checked for spam. > >are the headers only changed if they are spam? Yes. >How can I test it? Send yourself the SpamAssassin sample-spam file. Alternatively, crank down the "required_hits" in ~root/.spamassassin.cf and restart MailScanner. Then send yourself virtually any mail that even remotely looks like spam, and it should trigger it. >all the tests passed and I'm using spamassassin 2.0, I was using 1.5 and I >didn't see a difference. I haven't tried 2.0 as it's still in development. >and also do I have to start spamassassin, or does mailscanner take care of >that for me? MailScanner takes care of all of that for you. I trust you have enabled SpamAssassin in mailscanner.conf... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Tue Jan 15 20:54:41 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:16 2006 Subject: SpamAssassin, how do I know that it's working In-Reply-To: <5.1.0.14.2.20020115170152.066f1870@imap.ecs.soton.ac.uk> Message-ID: I have never been able to get spamassassin to flag spam sent to myself. It works fine for incoming spam though. Checking the spamassassin docs it says that if you receive three mails which are not matched as spam from the same id then spamassassin automatically inserts that id into it's whitelist and will not flag messages from that id again no matter how "spammish" they appear. For command line users this happens automatically. Gerry On Tue, 15 Jan 2002, Julian Field wrote: > At 16:49 15/01/2002, you wrote: > >I've installed Mailscanner with Mcafee and its working great, however None of > >the emails are ever tagged as being checked for spam. > > > >are the headers only changed if they are spam? > > Yes. > > >How can I test it? > > Send yourself the SpamAssassin sample-spam file. Alternatively, crank down > the "required_hits" in ~root/.spamassassin.cf and restart MailScanner. Then > send yourself virtually any mail that even remotely looks like spam, and it > should trigger it. > > >all the tests passed and I'm using spamassassin 2.0, I was using 1.5 and I > >didn't see a difference. > > I haven't tried 2.0 as it's still in development. > > >and also do I have to start spamassassin, or does mailscanner take care of > >that for me? > > MailScanner takes care of all of that for you. I trust you have enabled > SpamAssassin in mailscanner.conf... > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- "The lyfe so short, the craft so long to learne" Chaucer From brose at MED.WAYNE.EDU Wed Jan 16 02:22:40 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: I added get_hits () to the sendmail.pl and also uncommented the line to save to a queue for analysis (had to move it into the routine where $dfilename was getting set though). Since $dfilename doesn't include the header, I have to subtract 8.33 from both. For a message that doesn't get marked as spam, it's score was 4.26 when mailscanner passed it off. If I went to the queue where I dumped $dfilename and passed that same message thru spamassassin -t it scored 13.2-8.33=4.87 I then sent a message that did get tagged as spam thru. It's score when passed off from mailscanner was 5.92. When I piped it's $dfilename to spamassassin -t it's score was 13.79-8.33=5.46 I'm going to check tomorrow and see if the headers are actually not included or if I have the line to save a copy $dfilename in the wrong place. -=B -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Tuesday, January 15, 2002 4:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. At 05:41 15/01/2002, you wrote: >I've been running the same testing and seeing the same results. Me too! I haven't had time to debug SpamAssassin, I know from the docs (and some sample code supplied by its author) that I'm calling it correctly, and most of the time it works as it should. But it still gets it wrong some times. Their compile_now() method definitely has bugs, it was causing some people's setups to report every message as spam, and on my own systems was causing it to never read the preferences file. I took out the call to compile_now() and all those problems just vanished. Anyone who feels like debugging SA, you are very welcome to the job! > I've >been trying to narrow it down also. It's definitely not a timing issue >since I can pass the same message thru several times on my test box and >SpamAssassin still returns 0 to mailscanner. But if you run the >cmdline program against it, it gets tagged as spam. I want to say that >it has something to with html formated messages and the perl >spamassassin apis though I'm trying to figure out how it functions >while trying to diag the issue. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Wed Jan 16 02:42:41 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: In the contruction of the @wholemessage array should the headers get pushed to the $dfilename? If the header is included, then the score from spamassassin -t $dfilename is closer to what it gets from the mailscanner hand off. I think it might be a good idea to add the score into the header that way we can see it for debugging since I think I know what maybe occurring. We're saving the message from the email client, eg pine and piping that message off to spamassassin which seems to generate a higher score than what the same message gets if processed by the MTAs. I'll setup procmail and see what the score is for the same messages. -----Original Message----- From: Rose, Bobby Sent: Tuesday, January 15, 2002 9:23 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. I added get_hits () to the sendmail.pl and also uncommented the line to save to a queue for analysis (had to move it into the routine where $dfilename was getting set though). Since $dfilename doesn't include the header, I have to subtract 8.33 from both. For a message that doesn't get marked as spam, it's score was 4.26 when mailscanner passed it off. If I went to the queue where I dumped $dfilename and passed that same message thru spamassassin -t it scored 13.2-8.33=4.87 I then sent a message that did get tagged as spam thru. It's score when passed off from mailscanner was 5.92. When I piped it's $dfilename to spamassassin -t it's score was 13.79-8.33=5.46 I'm going to check tomorrow and see if the headers are actually not included or if I have the line to save a copy $dfilename in the wrong place. -=B -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Tuesday, January 15, 2002 4:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. At 05:41 15/01/2002, you wrote: >I've been running the same testing and seeing the same results. Me too! I haven't had time to debug SpamAssassin, I know from the docs (and some sample code supplied by its author) that I'm calling it correctly, and most of the time it works as it should. But it still gets it wrong some times. Their compile_now() method definitely has bugs, it was causing some people's setups to report every message as spam, and on my own systems was causing it to never read the preferences file. I took out the call to compile_now() and all those problems just vanished. Anyone who feels like debugging SA, you are very welcome to the job! > I've >been trying to narrow it down also. It's definitely not a timing issue >since I can pass the same message thru several times on my test box and >SpamAssassin still returns 0 to mailscanner. But if you run the >cmdline program against it, it gets tagged as spam. I want to say that >it has something to with html formated messages and the perl >spamassassin apis though I'm trying to figure out how it functions >while trying to diag the issue. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Wed Jan 16 04:01:23 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: Message-ID: On Tue, 15 Jan 2002, Rose, Bobby wrote: > > I'll setup procmail and see what the score is for the same messages. > If you set up procmail be sure to add a lock file to the beginning of the recipe. I cut and pasted a recipe from somewhere in the spamassassin doc's that didn't have a lock file. I started getting corrupted messages. Gerry From LISTSERV at JISCMAIL.AC.UK Wed Jan 16 02:44:15 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: abryan@UPGRADEBASE.COM requested to join Message-ID: <200201160244.CAA10848@magpie.ecs.soton.ac.uk> Wed, 16 Jan 2002 02:44:15 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Alan Bryan You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER abryan@UPGRADEBASE.COM Alan Bryan PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER abryan@UPGRADEBASE.COM Alan Bryan // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 16 05:32:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: ard@PERGAMENTUM.COM requested to join Message-ID: <200201160532.FAA16380@magpie.ecs.soton.ac.uk> Wed, 16 Jan 2002 05:32:33 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Alisdair Davey You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ard@PERGAMENTUM.COM Alisdair Davey PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ard@PERGAMENTUM.COM Alisdair Davey // EOJ From jkf at ecs.soton.ac.uk Wed Jan 16 11:07:20 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: Message-ID: <5.1.0.14.2.20020116110520.0356f010@hawk.ecs.soton.ac.uk> At 02:22 16/01/2002, you wrote: >I added get_hits () to the sendmail.pl and also uncommented the line to >save to a queue for analysis (had to move it into the routine where >$dfilename was getting set though). Ah! I had never seen any mention of get_hits() before. I have just tweaked the code so that instead of saying X-MailScanner-SpamCheck: SpamAssassin it will now say X-MailScanner-SpamCheck: SpamAssassin (10 hits) or whatever. I know some people had been asking for this, I didn't realise there was a way of doing it :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 16 15:36:45 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: <3C459CC6.B3ABA489@bangor.ac.uk> References: <5.1.0.14.2.20020116110520.0356f010@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020116153503.063704d0@hawk.ecs.soton.ac.uk> At 15:31 16/01/2002, you wrote: >Julian Field wrote: > > > > At 02:22 16/01/2002, you wrote: > > >I added get_hits () to the sendmail.pl and also uncommented the line to > > >save to a queue for analysis (had to move it into the routine where > > >$dfilename was getting set though). > > > > Ah! I had never seen any mention of get_hits() before. I have just tweaked > > the code so that instead of saying > > X-MailScanner-SpamCheck: SpamAssassin > > it will now say > > X-MailScanner-SpamCheck: SpamAssassin (10 hits) > > or whatever. > >Excellent! I've just started using spamassassin and was curious about the >hits. Unfortunately so far I think the score from SpamAssassin is > >accurately tagged spam 1 >not-spam tagged 3 >spam not tagged 2 > >I'll keep watching it... I'm running with a "required_hits" of 10, which seems to strike quite a good balance (no false positives, a few false negatives). >Do I gather correctly from the archive that the way to adjust the >spamassassin threshold for mailscanner is to alter root's spamassassin.cf? Indeed. Or if you are using Exim and running as some other user, then their ".spamassassin.cf" file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From m.sapsed at BANGOR.AC.UK Wed Jan 16 15:31:18 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. References: <5.1.0.14.2.20020116110520.0356f010@hawk.ecs.soton.ac.uk> Message-ID: <3C459CC6.B3ABA489@bangor.ac.uk> Julian Field wrote: > > At 02:22 16/01/2002, you wrote: > >I added get_hits () to the sendmail.pl and also uncommented the line to > >save to a queue for analysis (had to move it into the routine where > >$dfilename was getting set though). > > Ah! I had never seen any mention of get_hits() before. I have just tweaked > the code so that instead of saying > X-MailScanner-SpamCheck: SpamAssassin > it will now say > X-MailScanner-SpamCheck: SpamAssassin (10 hits) > or whatever. Excellent! I've just started using spamassassin and was curious about the hits. Unfortunately so far I think the score from SpamAssassin is accurately tagged spam 1 not-spam tagged 3 spam not tagged 2 I'll keep watching it... Do I gather correctly from the archive that the way to adjust the spamassassin threshold for mailscanner is to alter root's spamassassin.cf? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From brose at MED.WAYNE.EDU Wed Jan 16 16:08:44 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: Great! I was going see if I could do this also instead of just logging to syslog. I also added this to the sub SpamAssassinChecks routine so that I could get a hardcopy of @wholemessage so I could manually run it thru spamassassin to get a report. The numbers are are more accurate this way then saving the message from an email client. local(*DOUT); open(DOUT, ">>/var/spam/queue/sp$mID") or Log::DieLog("Failed to create copy of spam message sp$mID"); print DOUT "Whole message is this:\n"; print DOUT "----------------------\n"; print DOUT join("\n",@WholeMessage) . "\n"; print DOUT "---------------\n"; print DOUT "End of message.\n"; close DOUT; On my test box, I had updated to v2 of spamassassin which according to the lists, sounds close to release. There doesn't appear to be any compatibility issue with mailscanner. I'll have to go back and look at the 1.5 docs. Maybe get_hits() was undocumented in 1.5 or something. Note that if anyone updates to v2 be prepared to go thru and manually delete the 1.5 modules because the install didn't seem to install the .pm or something. I ended up manually removing everything including it's prefs which may have been the problem. -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Wednesday, January 16, 2002 6:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. At 02:22 16/01/2002, you wrote: >I added get_hits () to the sendmail.pl and also uncommented the line to >save to a queue for analysis (had to move it into the routine where >$dfilename was getting set though). Ah! I had never seen any mention of get_hits() before. I have just tweaked the code so that instead of saying X-MailScanner-SpamCheck: SpamAssassin it will now say X-MailScanner-SpamCheck: SpamAssassin (10 hits) or whatever. I know some people had been asking for this, I didn't realise there was a way of doing it :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From paul at CWIE.NET Wed Jan 16 16:52:26 2002 From: paul at CWIE.NET (Paul Fries) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: <5.1.0.14.2.20020116110520.0356f010@hawk.ecs.soton.ac.uk> Message-ID: <001701c19eae$2d770f00$d900000a@paul01> Julian, Sorry I am not following you... =) what exactly did you modify in sendmail.pl to get the "hits" to appear in the header? Regards, Paul Fries paul@cwie.net -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 16, 2002 4:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. At 02:22 16/01/2002, you wrote: >I added get_hits () to the sendmail.pl and also uncommented the line to >save to a queue for analysis (had to move it into the routine where >$dfilename was getting set though). Ah! I had never seen any mention of get_hits() before. I have just tweaked the code so that instead of saying X-MailScanner-SpamCheck: SpamAssassin it will now say X-MailScanner-SpamCheck: SpamAssassin (10 hits) or whatever. I know some people had been asking for this, I didn't realise there was a way of doing it :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 16 17:04:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: <001701c19eae$2d770f00$d900000a@paul01> References: <5.1.0.14.2.20020116110520.0356f010@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020116170352.064db2b0@hawk.ecs.soton.ac.uk> At 16:52 16/01/2002, you wrote: >Sorry I am not following you... =) what exactly did you modify in >sendmail.pl to get the "hits" to appear in the header? Here's the diff from the previous version: 202c202,204 < if (SpamAssassinChecks($Headers, $mID)) { --- > my($spammy); > $spammy = SpamAssassinChecks($Headers, $mID); > if ($spammy) { 204c206 < $SpamText->{$mID} .= "SpamAssassin"; --- > $SpamText->{$mID} .= "SpamAssassin ($spammy hits)"; 279a282 > $SAResult = int($spamness->get_hits()) if $SAResult; 321c324 < # Don't care about return code in this case, we ignore it anyway --- > # The return from the pipe is a measure of how spammy it was >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, January 16, 2002 4:07 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassassin, mailscanner 3, etc. > >At 02:22 16/01/2002, you wrote: > >I added get_hits () to the sendmail.pl and also uncommented the line to > >save to a queue for analysis (had to move it into the routine where > >$dfilename was getting set though). > >Ah! I had never seen any mention of get_hits() before. I have just >tweaked >the code so that instead of saying > X-MailScanner-SpamCheck: SpamAssassin >it will now say > X-MailScanner-SpamCheck: SpamAssassin (10 hits) >or whatever. > >I know some people had been asking for this, I didn't realise there was >a >way of doing it :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Wed Jan 16 17:30:53 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: Since I've already hacked mine, I couldn't diff it but I've got it in there now. Works great. Now to figure out the reason why I still see intermittent spam messages that score less when they go thru the api than what is scored when passed the commandline. I still see a difference which doesn't make sense. The @wholemessage array is the same as the file I dump out. One message that I have scores 4.66 thru mailscanner but a 6.76 thru the spammassassin -t. A message that was tagged scored 9.16 thru spamassassin -t but 7 (int) when mailscannner passes it off. -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Wednesday, January 16, 2002 12:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. At 16:52 16/01/2002, you wrote: >Sorry I am not following you... =) what exactly did you modify in >sendmail.pl to get the "hits" to appear in the header? Here's the diff from the previous version: 202c202,204 < if (SpamAssassinChecks($Headers, $mID)) { --- > my($spammy); > $spammy = SpamAssassinChecks($Headers, $mID); > if ($spammy) { 204c206 < $SpamText->{$mID} .= "SpamAssassin"; --- > $SpamText->{$mID} .= "SpamAssassin ($spammy hits)"; 279a282 > $SAResult = int($spamness->get_hits()) if $SAResult; 321c324 < # Don't care about return code in this case, we ignore it anyway --- > # The return from the pipe is a measure of how spammy it was >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, January 16, 2002 4:07 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassassin, mailscanner 3, etc. > >At 02:22 16/01/2002, you wrote: > >I added get_hits () to the sendmail.pl and also uncommented the line > >to save to a queue for analysis (had to move it into the routine > >where $dfilename was getting set though). > >Ah! I had never seen any mention of get_hits() before. I have just >tweaked the code so that instead of saying > X-MailScanner-SpamCheck: SpamAssassin >it will now say > X-MailScanner-SpamCheck: SpamAssassin (10 hits) >or whatever. > >I know some people had been asking for this, I didn't realise there was >a way of doing it :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 16 17:45:13 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: dustin.baer@IHS.COM left the JISCmail list Message-ID: <200201161745.RAA01373@magpie.ecs.soton.ac.uk> Wed, 16 Jan 2002 17:45:12 Dustin Baer has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From ard at PERGAMENTUM.COM Wed Jan 16 18:14:24 2002 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:14:16 2006 Subject: Virus in message body rather than attachment In-Reply-To: from "Rose, Bobby" at Jan 16, 2002 11:08:44 AM Message-ID: <200201161814.g0GIEO703989@www.pergamentum.com> Could somebody confirm the expected behaviour of mailscanner in the situation where the virus is in the message body as opposed to an attachment? I was testing mailscanner (3.02-1) last night using sendmail and Sophos sweep. When using EICAR to test the scanner I noted that if I included it as an attachment it was detected without a problem. However, if I inserted it into the message body it went undetected. Now in the README is describes the execution loop that mailscanner follows... 3.Move simple plain-text messages to the outgoing queue and trigger their delivery 4.Unpack MIME structure of all remaining messages 5.Scan everything for viruses Does mailscanner regard a message containing the EICAR string as being a purely plain text message? I tried the test including Magistr both as an attachment and in the body of the message. No problems with detecting it as an attachment but in the body of the message it was passed as clean. Thanks Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions "Pergamentum init, exit pergamentum" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From mdchaney at MICHAELCHANEY.COM Wed Jan 16 20:41:43 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: ; from brose@MED.WAYNE.EDU on Tue, Jan 15, 2002 at 09:22:40PM -0500 References: Message-ID: <20020116144143.A3971@michaelchaney.com> On Tue, Jan 15, 2002 at 09:22:40PM -0500, Rose, Bobby wrote: > I added get_hits () to the sendmail.pl and also uncommented the line to > save to a queue for analysis (had to move it into the routine where > $dfilename was getting set though). > > Since $dfilename doesn't include the header, I have to subtract 8.33 > from both. > > For a message that doesn't get marked as spam, it's score was 4.26 when > mailscanner passed it off. If I went to the queue where I dumped > $dfilename and passed that same message thru spamassassin -t it scored > 13.2-8.33=4.87 > > I then sent a message that did get tagged as spam thru. It's score when > passed off from mailscanner was 5.92. When I piped it's $dfilename to > spamassassin -t it's score was 13.79-8.33=5.46 > > I'm going to check tomorrow and see if the headers are actually not > included or if I have the line to save a copy $dfilename in the wrong > place. My next round is going to involve getting spamassassin to return its header to add to the mailscanner headers. I think the only way to track down the discrepency that we're seeing between the spamassassin command-line version and the mailscanner code is to see what's matching in each and find out why some things aren't matching in mailscanner. My guess is that spamassassin is confused about the headers or something like that, i.e. it's only matching header or only matching body, and perhaps only on some messages. I have 1000 spams to work with, it's only catching 700, so I have 300 to look at and figure out the problem. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From brose at MED.WAYNE.EDU Wed Jan 16 20:52:06 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: Well I can say that it's not mailscanner because it's just using the spamassassin apis. Since the only ones out there using SA apis are Mailscanner and SA itself, it could be a perl bug in the apis that SA guys don't know about yet. I think the key is to figure how SA is storing their message content in their program and what they have written in the document. I've yet to get procmail or even the .forward to work with SA. I keep getting the (/usr/lib/smrsh) exited with EX_TEMPFAIL. I know I have the smrsh stuff correct since it run the vacation program fine. I can't seem to find a definitive answer on the net for this one yet so I'm still testing with spamassassin -t by dumping @wholemessage to file from mailscanner. I just had weird one where a spam message got tagged as SPAM, but spamassassin -t gave it a lower score that passing it off thru the apis. Weird! -----Original Message----- From: Michael Chaney [mailto:mdchaney@MICHAELCHANEY.COM] Sent: Wednesday, January 16, 2002 3:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin, mailscanner 3, etc. <> My next round is going to involve getting spamassassin to return its header to add to the mailscanner headers. I think the only way to track down the discrepency that we're seeing between the spamassassin command-line version and the mailscanner code is to see what's matching in each and find out why some things aren't matching in mailscanner. My guess is that spamassassin is confused about the headers or something like that, i.e. it's only matching header or only matching body, and perhaps only on some messages. I have 1000 spams to work with, it's only catching 700, so I have 300 to look at and figure out the problem. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From brose at MED.WAYNE.EDU Thu Jan 17 01:06:20 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. Message-ID: Ok I think I found something. Most of the messages that are spam that I'm using for testing are one that I'm having forwarded from the person it was actually sent to. They're helping me test the spam functions before turning them on for our gateway. When the message is forwarded to me, it includes the Original Message markups, example -----Original Message----- From: John Smith Sent: Tuesday, January 15, 2002 1:57 PM To: Bobby Span account (E-mail) Subject: FW: How many Credit Cards can you get? It appears when this is tacked onto an HTML spam message a couple times, it somehow how lowers the scores...even in spamassassin. For example, I took a message that didn't get tagged originally, I forwarded it back thru my test gateway and it doesn't get tagged. I take out the Original message lines, and send it again and it gets tagged. I forward it a second time and it gets tagged again. The third and fourth times it doesn't get tagged. Here's the SA scores from commandline 1st time -> 6.64 (original message markers removed) 2nd time -> 5.07 (1 original markers) 3rd time -> 5.07 (2 original markers) 4th time -> 4.97 (3 original markers) Now when passed off from mailscan 1st time -> 5.26 2nd time -> 5.36 3rd time -> 4.36 4th time -> 4.26 Now for the differences in scoring... I modified the Saforkandtest sub to have SA rewrite the message and then I grab that and dump it to file so that I have the full message plus report to compare. The scoring is different because there seems to be different rules applied. I've attached two files from the same SPAM message. The content analysis is too different to be an content error. I took a look inside the spamassassin script and they are also passing along the rules_filename and a userprefs_filename when the new Mail::SpamAssassin object is being created. Maybe that's the difference. Maybe mailscanner is picking up different rules??? -------------- next part -------------- Whole message is this: ---------------------- From brose@med.wayne.edu Wed Jan 16 19:29:50 2002 Return-Path: Received: from med-core03.med.wayne.edu (med-core03.med.wayne.edu [146.9.19.65]) by apollo.med.wayne.edu (8.12.1/8.12.1) with ESMTP id g0H0TWb0016001 for ; Wed, 16 Jan 2002 19:29:32 -0500 (EST) Full-Name: Bobby Rose X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain Subject: *****SPAM***** FW: Rent DVD's online - FREE trial & No late fees ever! Date: Wed, 16 Jan 2002 19:29:27 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rent DVD's online - FREE trial & No late fees ever! Thread-Index: AcGeYte8VxCoYYeMRI+ALCu6xtAk9wAMTYLAABJMv+A= From: "Rose, Bobby" To: X-Spam-Status: Yes, hits=5.7 required=5.0 tests=PLING,WEB_BUGS,FREQ_SPAM_PHRASE,SPAM_PHRASES_020 version=2.0 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.0 (devel $Id: SpamAssassin.pm,v 1.55 2002/01/14 06:04:16 jmason Exp $) X-Spam-Prev-Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C19EEE.056AD19C" SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.66 hits, 5 required) SPAM: Hit! (0.5 points) Subject has an exclamation mark SPAM: Hit! (2.33 points) BODY: Image tag with an ID code to identify you SPAM: Hit! (1.83 points) Contains phrases frequently found in spam SPAM: [score: 20, hits: click here, for free, from] SPAM: [your, here for, not wish, please click, right] SPAM: [now, when you, wish receive, you not, you] SPAM: [want] SPAM: Hit! (1 point) spam-phrase score is over 20 SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- This is a multi-part message in MIME format.------_=_NextPart_001_01C19EEE.056AD19CContent-Type: text/plain; charset="us-ascii"Content-Transfer-Encoding: quoted-printable=20Dear Friend:Rent DVDs Online!=20For a Limited Time, Try NetFlix FREE!=20Tired of video store hassles? The poor selection, the lines, the latefees? Try a better way to rent DVDs. Rent DVDs online from Netflix.Click Here =for theFREE TRIAL.It's easy:1. Create a list online of movies you want to see. Netflix has theworld's largest selection of DVDs.=092. Netflix sends you the first three movies from your list in twoto four days via first-class mail.=093. No due dates and no late fees means you can keep them as longas you want. Have up to three on hand.=094. When you're done watching one, send it back in its pre-paidenvelope and Netflix will send you another from your list.=09Netflix.com =20See for yourself. Right now Netflix is offering=20a FREE TRIAL of their service -- Click Here=20You are receiving this Special Offer as a valued iExpect.com member. Ifyou do not wish to receive any Special Offers from us in the future,please click here to unsubscribe.=20Free trial offer expires 02/28/2002.=09=09=09------_=_NextPart_001_01C19EEE.056AD19CContent-Type: text/html; charset="us-ascii"Content-Transfer-Encoding: quoted-printableMessage
 

Dear=20 Friend:
Rent=20 DVDs Online!
For a Limited Time, Try NetFlix FREE!

Tired of video store hassles? The =poor=20 selection, the lines, the late fees? Try a better way to =rent DVDs.=20 Rent DVDs online from Netflix.   Click=20 Here for the FREE TRIAL.

It's =easy:

1. Create a list online of movies you want to =see. Netflix=20 has the world's largest selection of =DVDs.
2. Netflix sends you the first three movies from =your list=20 in two to four days via first-class =mail.
3. No due dates and no late fees means you can =keep them=20 as long as you want. Have up to three on =hand.
4. When you're done watching one, send it back =in its=20 pre-paid envelope and Netflix will send you another =from your=20 list.

3DNetflix.com

See for yourself. Right now Netflix =is=20 offering 
a FREE TRIAL of their service -- Click=20 Here

You are receiving this Special Offer =as a valued=20 iExpect.com member. If you do not wish to receive any =Special Offers=20 from us in the future, please click here=20 to unsubscribe. =

Free trial offer expires=20 02/28/2002.
=00------_=_NextPart_001_01C19EEE.056AD19C-- --------------- End of message. -------------- next part -------------- From brose@med.wayne.edu Wed Jan 16 19:37:50 2002 X-Mail-Format-Warning: Bad RFC822 header formatting in Whole message is this: X-Mail-Format-Warning: Bad RFC822 header formatting in ---------------------- Return-Path: Received: from med-core03.med.wayne.edu (med-core03.med.wayne.edu [146.9.19.65]) by apollo.med.wayne.edu (8.12.1/8.12.1) with ESMTP id g0H0TWb0016001 for ; Wed, 16 Jan 2002 19:29:32 -0500 (EST) Full-Name: Bobby Rose X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain Subject: *****SPAM***** FW: Rent DVD's online - FREE trial & No late fees ever! Date: Wed, 16 Jan 2002 19:29:27 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rent DVD's online - FREE trial & No late fees ever! Thread-Index: AcGeYte8VxCoYYeMRI+ALCu6xtAk9wAMTYLAABJMv+A= From: "Rose, Bobby" To: X-Spam-Status: Yes, hits=6.8 required=5.0 tests=PLING,DEAR_FRIEND,CLICK_BELOW,FREQ_SPAM_PHRASE,SPAM_PHRASES_020 version=2.0 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.0 (devel $Id: SpamAssassin.pm,v 1.55 2002/01/14 06:04:16 jmason Exp $) X-Spam-Prev-Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C19EEE.056AD19C" SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (6.76 hits, 5 required) SPAM: Hit! (0.5 points) Subject has an exclamation mark SPAM: Hit! (1.39 points) BODY: How dear can you be if you don't know my name? SPAM: Hit! (2.04 points) BODY: Asks you to click below SPAM: Hit! (1.83 points) Contains phrases frequently found in spam SPAM: [score: 24, hits: click here, for free, from] SPAM: [your, here for, not wish, please click, right] SPAM: [now, when you, wish receive, you not, you] SPAM: [want] SPAM: Hit! (1 point) spam-phrase score is over 20 SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- This is a multi-part message in MIME format. ------_=_NextPart_001_01C19EEE.056AD19C Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable =20 Dear Friend: Rent DVDs Online!=20 For a Limited Time, Try NetFlix FREE! =20 Tired of video store hassles? The poor selection, the lines, the late fees? Try a better way to rent DVDs. Rent DVDs online from Netflix. Click Here = for the FREE TRIAL. It's easy: 1. Create a list online of movies you want to see. Netflix has the world's largest selection of DVDs.=09 2. Netflix sends you the first three movies from your list in two to four days via first-class mail.=09 3. No due dates and no late fees means you can keep them as long as you want. Have up to three on hand.=09 4. When you're done watching one, send it back in its pre-paid envelope and Netflix will send you another from your list.=09 Netflix.com =20 See for yourself. Right now Netflix is offering=20 a FREE TRIAL of their service -- Click Here =20 You are receiving this Special Offer as a valued iExpect.com member. If you do not wish to receive any Special Offers from us in the future, please click here to unsubscribe. =20 Free trial offer expires 02/28/2002.=09 =09 =09 ------_=_NextPart_001_01C19EEE.056AD19C Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
 

Dear=20 Friend:
Rent=20 DVDs Online!
For a Limited Time, Try NetFlix FREE!

Tired of video store hassles? The = poor=20 selection, the lines, the late fees? Try a better way to = rent DVDs.=20 Rent DVDs online from Netflix.   Click=20 Here for the FREE TRIAL.

It's = easy:

1. Create a list online of movies you want to = see. Netflix=20 has the world's largest selection of = DVDs.
2. Netflix sends you the first three movies from = your list=20 in two to four days via first-class = mail.
3. No due dates and no late fees means you can = keep them=20 as long as you want. Have up to three on = hand.
4. When you're done watching one, send it back = in its=20 pre-paid envelope and Netflix will send you another = from your=20 list.

3DNetflix.com

See for yourself. Right now Netflix = is=20 offering 
a FREE TRIAL of their service -- Click=20 Here

You are receiving this Special Offer = as a valued=20 iExpect.com member. If you do not wish to receive any = Special Offers=20 from us in the future, please click here=20 to unsubscribe. =

Free trial offer expires=20 02/28/2002.
=00 ------_=_NextPart_001_01C19EEE.056AD19C-- --------------- End of message. SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (6.76 hits, 5 required) SPAM: Hit! (0.5 points) Subject has an exclamation mark SPAM: Hit! (1.39 points) BODY: How dear can you be if you don't know my name? SPAM: Hit! (2.04 points) BODY: Asks you to click below SPAM: Hit! (1.83 points) Contains phrases frequently found in spam SPAM: [score: 24, hits: click here, for free, from] SPAM: [your, here for, not wish, please click, right] SPAM: [now, when you, wish receive, you not, you] SPAM: [want] SPAM: Hit! (1 point) spam-phrase score is over 20 SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- From mdchaney at MICHAELCHANEY.COM Thu Jan 17 01:26:17 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin, mailscanner 3, etc. In-Reply-To: ; from brose@MED.WAYNE.EDU on Wed, Jan 16, 2002 at 08:06:20PM -0500 References: Message-ID: <20020116192617.A4922@michaelchaney.com> On Wed, Jan 16, 2002 at 08:06:20PM -0500, Rose, Bobby wrote: > Ok I think I found something. Most of the messages that are spam that > I'm using for testing are one that I'm having forwarded from the person > it was actually sent to. They're helping me test the spam functions > before turning them on for our gateway. In my testing, all the messages were collected into a Mutt mailbox (an mbox) by the user, and I use the Mutt bounce command to resend them. There should be no difference in the beside an extra header. More testing coming up. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From ian at FASTNET.BC.CA Thu Jan 17 10:06:18 2002 From: ian at FASTNET.BC.CA (Ian Dobson) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin and spam detection In-Reply-To: Message-ID: <3C46319A.24024.10335DDC@localhost> How do I setup mailscanner so it only uses spamassassin for spam detection and not its own stuff? From jkf at ecs.soton.ac.uk Thu Jan 17 10:12:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: Spamassassin and spam detection In-Reply-To: <3C46319A.24024.10335DDC@localhost> References: Message-ID: <5.1.0.14.2.20020117101122.06412008@imap.ecs.soton.ac.uk> At 10:06 17/01/2002, you wrote: >How do I setup mailscanner so it only uses spamassassin for spam >detection and not its own stuff? Just don't set any RBL "Spam List" entries in the mailscanner.conf file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 10:12:17 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: joan.bryan@KCL.AC.UK requested to join Message-ID: <200201171012.KAA18075@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 10:12:17 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Joan Bryan You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER joan.bryan@KCL.AC.UK Joan Bryan PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER joan.bryan@KCL.AC.UK Joan Bryan // EOJ From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 17 12:04:00 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:16 2006 Subject: SpamAssassin build Message-ID: I am hesitant to ask questions about building SpamAssassin on the MailScanner list but since the latter relies on the SpamAssassin web site for installation instructions, and these do not work, here goes! I am trying out SpamAssassin in advance of installing MailScanner 3.00. I obtained the *.tar.gz lump from http://spamassassin.org and tried to build it as per the README file. A couple of problems: 1. Sun's Professional C compiler fails because it does not like a comment line in the file spamd/spam.c (line 283). It seems that gcc is more forgiving. 2. Of more significance is that Mail::Audit is not "optional" as the README file suggests. Even if you remove reference to it as a pre-requisite in "Makefile.PL", it is otherwise referenced in various pre-built SpamAssassin libraries. So you can build SpamAssassin by tweaking the "Makefile.PL" file but you cannot run it because of the missing Mail::Audit stuff on your system. This leads me to my questions: 1. is NET-DNS-0.12 sufficient or do you need the later (buggy?) version. 2. does MailScanner need the functionality of Mail::Audit in SA? If so, why? 3. it would appear that some changes are needed to "spamassassin.cf" if only so you do not attempt to access inappropriate "blackhole" sites. Is there a list anywhere of suggested changes/additions? 4. are there any other useful hints about building/using SpamAssassin in the context of using it with MailScanner? It might be better if any replies are sent off-list and I will summarise to the list if appropriate. Thanks Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 12:20:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: marko@HUMAN.PEFRI.HR requested to join Message-ID: <200201171220.MAA24642@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 12:20:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Marko Malikovic You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER marko@HUMAN.PEFRI.HR Marko Malikovic PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER marko@HUMAN.PEFRI.HR Marko Malikovic // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 13:26:36 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: borsk@TX.TECHNION.AC.IL left the JISCmail list Message-ID: <200201171326.NAA28894@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 13:26:36 Boris Skoblo has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Thu Jan 17 15:25:50 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: ANNOUNCE: Version 3.03-1 released Message-ID: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> I have just released Version 3.03-1. I hesitated about calling it 3.10 as it includes a couple of new features, but they were only little'uns... New Features ============ Several virus scanners can now be used together. "X-MailScanner-SpamCheck: SpamAssassin" headers now include the number of hits. "Lock File Dir" configuration option. Improvements and Fixes ====================== Improved F-Prot output parser to fix handling of joke programs, trojan programs and encrypted archives. All F-Prot users should upgrade. F-Prot output parser no longer stops when it gets output it doesn't recognise. Minor Inoculate and CommandAV parser fixes. Double-bounces of MailScanner messages now go to local postmaster. Fixed wrapping of virus scanner reports. Fixed bug where virus scanner would still be called with "Virus Scanning = no". Fixed bug in subject line spam tagging for Exim. All Exim users should upgrade. Improvement to "Sophos.install", checks for install.sh script before calling it. I recommend that at least all F-Prot and/or Exim users should upgrade, as significant changes have been made in these areas. The bulk of the Sophos/McAfee/sendmail users needn't bother upgrading unless they want the new features. It is downloadable, as ever, from www.mailscanner.info -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Thu Jan 17 16:00:19 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:16 2006 Subject: No X-Mailscanner header in clean HTML or other multipart messages Message-ID: <003801c19f70$0fcaff80$65000a0a@ramws1> Hi list, When HTML or other multipart messages get scanned and are found to be clean, no X-Mailscanner header is added; at least not in my situation. The header is added to plain text messages and plain text messages with plain text attachments. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com From s-luppescu at UCHICAGO.EDU Thu Jan 17 16:14:18 2002 From: s-luppescu at UCHICAGO.EDU (Stuart Luppescu) Date: Thu Jan 12 21:14:16 2006 Subject: Mailscanner doesn't detect virus Message-ID: <1011284058.19381.12.camel@musuko.uchicago.edu> One of our users got an attachment with the W32/Magister.dam3 virus, but MailScanner passed it with ``found to be clean'' in the header. When I run mcafeewrapper on the attachment by hand it gives: Found the W32/Magistr.dam3 virus !!! MailScanner otherwise seems to be working correctly -- it detects a virus every day or so. Just this one got by. I even tested it by attaching it to a message and sending it to myself and it again was not detected. Does anyone know what's going on? (I'm running MailScanner 3.02 on RedHat Linux 6.2 with McAfee and daily updates.) -- Stuart Luppescu -=- s-luppescu@uchicago.edu University of Chicago -=- CCSR $B:MJ8$HCRF`H~$NIc(B -=- Kernel 2.4.14-xfs Immature poets imitate, mature poets steal. -- T.S. Eliot, "Philip Massinger" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020117/9f580f23/attachment.bin From jkf at ecs.soton.ac.uk Thu Jan 17 16:13:52 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: No X-Mailscanner header in clean HTML or other multipart messages In-Reply-To: <003801c19f70$0fcaff80$65000a0a@ramws1> Message-ID: <5.1.0.14.2.20020117161325.065d1590@imap.ecs.soton.ac.uk> At 16:00 17/01/2002, you wrote: >When HTML or other multipart messages get scanned and are found to be clean, >no X-Mailscanner header is added; at least not in my situation. >The header is added to plain text messages and plain text messages with >plain text attachments. You must be doing something strange. It certainly works for me: X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 17 Jan 2002 16:12:32 +0000 To: jkf@ecs.soton.ac.uk From: Julian Field Subject: This is a test. X-MailScanner: Found to be clean This is a test. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020117/a901b59d/attachment.html From gerry at DORFAM.CA Thu Jan 17 17:40:27 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:16 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> Message-ID: Julian, I always see an error when installing mailscanner. It shows as Unterminated C<...> at line 143 in mail/Cap.pm Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From S.R.Patterson at soton.ac.uk Thu Jan 17 18:07:54 2002 From: S.R.Patterson at soton.ac.uk (Steven Patterson) Date: Thu Jan 12 21:14:16 2006 Subject: Auto-responding virus Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jules et al, We've got a bit of a problem at the moment. Local Postmaster is set to "Serviceline@soton.ac.uk" (our "helpdesk" email address) in order that virus warning emails go out with this address to which people can reply and ask questions of our knowledgable and friendly staff ;-) The problem is that there seems to be some virus out there somewhere which automatically replies to any email by mailing itself back to the sender - and serviceline is getting flooded with (disinfected) auto replies. Now I'm guessing that these auto-responding viruses aren't too clever, so my suggestion is that a configuration option is offered to allow the setting of a reply-to address on the various warning messages. Then we can set the from to be a nice /dev/null account like "nobody" and set the reply-to to be something a human being will read. We can even include text in the messages telling any real human out there that they should reply to the reply-to address rather than the from address. Alternatively, how about some sort of "complex header" option in the config file which specifies whether the virus warning messages contain only the body text or also some user-specified headers - so you could write a sender-report.txt along the lines of: From: E-Mail Virus Scanner Reply-To: $Config::Local_Postmaster (or whatever it is) Subject: Warning: E-Mail viruses were present in your message $subject X-Mailscanner-Info: $report $host $qid (or whatever) This is to warn you that your message... (etc) The first blank line being the seperator between headers and body, as per convention. Just a thought, it's not a big issue. Steve -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPEcS962fOiTs5+WvEQJ9qACg/gG0SMwhVEkGAAvek55ZfhgOtQkAnibO i4Eh67npb1TMV9Oa+pHjobkr =NJAl -----END PGP SIGNATURE----- From jkf at ecs.soton.ac.uk Thu Jan 17 18:10:23 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: References: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> Message-ID: <5.1.0.14.2.20020117180343.033e3dd0@hawk.ecs.soton.ac.uk> At 17:40 17/01/2002, you wrote: >Julian, I always see an error when installing mailscanner. It shows as > >Unterminated C<...> at line 143 in mail/Cap.pm What's "mail/Cap.pm"? Is this when using the RPM distribution? I haven't changed the versions of the Perl modules in there. Check you haven't got a corrupted file by any chance. The file is in the MailTools perl module (Mail/Cap.pm). Line 143 is just documentation so it shouldn't affect the operation (unless it completely stops the module installing). Can you give me a bit more of the previous output before this error, so I can see what it's trying to do when the error occurs? Does it stop MailScanner actually installing? Or is it just printed as a warning? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Thu Jan 17 18:31:53 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:16 2006 Subject: No X-Mailscanner header in clean HTML or other multipart messages In-Reply-To: <5.1.0.14.2.20020117161325.065d1590@imap.ecs.soton.ac.uk> Message-ID: <005c01c19f85$3c5b07b0$65000a0a@ramws1> Even more strange... It also seems to delete the Return-Path header from the mentioned kind of e-mails. But if I'm the only one having this problem it must be something in my setup. Tnx anyway for your help. -- Evert Jan van Ramselaar -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Thursday, January 17, 2002 5:14 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: No X-Mailscanner header in clean HTML or other multipart messages At 16:00 17/01/2002, you wrote: When HTML or other multipart messages get scanned and are found to be clean, no X-Mailscanner header is added; at least not in my situation. The header is added to plain text messages and plain text messages with plain text attachments. You must be doing something strange. It certainly works for me: X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 17 Jan 2002 16:12:32 +0000 To: jkf@ecs.soton.ac.uk From: Julian Field Subject: This is a test. X-MailScanner: Found to be clean This is a test. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com ___ This message has been scanned for viruses and dangerous content and is believed to be clean. www.vr-it.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020117/ac7f4395/attachment.html From brose at MED.WAYNE.EDU Thu Jan 17 18:40:33 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:16 2006 Subject: Auto-responding virus Message-ID: When I see such occurrances, I just blacklist the address in sendmail for a few days. Maybe the autoresponder can be like vacation where it records that I've already sent a message to this person but the downside to that is that you aren't nagging the person that they have a virus. Typical user is one virus message = ignore ;-) I prefer blacklisting anyway because the mail system doesn't have to process the extra junk which can still fill up queues and make sendmail and mailscanner work harder when they don't need to. -----Original Message----- From: Steven Patterson [mailto:S.R.Patterson@SOTON.AC.UK] Sent: Thursday, January 17, 2002 1:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Auto-responding virus -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jules et al, We've got a bit of a problem at the moment. Local Postmaster is set to "Serviceline@soton.ac.uk" (our "helpdesk" email address) in order that virus warning emails go out with this address to which people can reply and ask questions of our knowledgable and friendly staff ;-) The problem is that there seems to be some virus out there somewhere which automatically replies to any email by mailing itself back to the sender - and serviceline is getting flooded with (disinfected) auto replies. Now I'm guessing that these auto-responding viruses aren't too clever, so my suggestion is that a configuration option is offered to allow the setting of a reply-to address on the various warning messages. Then we can set the from to be a nice /dev/null account like "nobody" and set the reply-to to be something a human being will read. We can even include text in the messages telling any real human out there that they should reply to the reply-to address rather than the from address. Alternatively, how about some sort of "complex header" option in the config file which specifies whether the virus warning messages contain only the body text or also some user-specified headers - so you could write a sender-report.txt along the lines of: From: E-Mail Virus Scanner Reply-To: $Config::Local_Postmaster (or whatever it is) Subject: Warning: E-Mail viruses were present in your message $subject X-Mailscanner-Info: $report $host $qid (or whatever) This is to warn you that your message... (etc) The first blank line being the seperator between headers and body, as per convention. Just a thought, it's not a big issue. Steve -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPEcS962fOiTs5+WvEQJ9qACg/gG0SMwhVEkGAAvek55ZfhgOtQkAnibO i4Eh67npb1TMV9Oa+pHjobkr =NJAl -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 19:07:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: dmcferrin@TEA.STATE.TX.US requested to join Message-ID: <200201171907.TAA20435@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 19:07:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Debie McFerrin You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dmcferrin@TEA.STATE.TX.US Debie McFerrin PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dmcferrin@TEA.STATE.TX.US Debie McFerrin // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 21:23:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:16 2006 Subject: MAILSCANNER: serge.slivitzky@FTI-IBIS.COM requested to join Message-ID: <200201172123.VAA28055@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 21:23:44 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Serge Slivitzky You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER serge.slivitzky@FTI-IBIS.COM Serge Slivitzky PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER serge.slivitzky@FTI-IBIS.COM Serge Slivitzky // EOJ From jkf at ecs.soton.ac.uk Fri Jan 18 09:34:43 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:16 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: References: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> Message-ID: <5.1.0.14.2.20020118093328.03daec10@imap.ecs.soton.ac.uk> At 17:40 17/01/2002, you wrote: >Julian, I always see an error when installing mailscanner. It shows as >Unterminated C<...> at line 143 in mail/Cap.pm This has been confirmed as a bug in the documentation in one of the Perl modules (that I didn't write). It does not affect MailScanner's operation at all. It just makes the installation slightly noisy, and the mistake has always been there, it only just now was noticed. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Jan 18 09:36:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Auto-responding virus In-Reply-To: Message-ID: <5.1.0.14.2.20020118093523.03a1cdf8@imap.ecs.soton.ac.uk> At 18:07 17/01/2002, you wrote: >Now I'm guessing that these auto-responding viruses aren't too clever, so my >suggestion is that a configuration option is offered to allow the setting of >a reply-to address on the various warning messages. Then we can set the >from >to be a nice /dev/null account like "nobody" and set the reply-to to be >something a human being will read. We can even include text in the messages >telling any real human out there that they should reply to the reply-to >address rather than the from address. This will work until the next virus comes along which looks for a "Reply-To" address :-( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From ulrich at DESIGN-D.DE Fri Jan 18 09:37:43 2002 From: ulrich at DESIGN-D.DE (Heinz Ulrich Stille) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> Message-ID: Hi! Still some bugs in the RPM: - The RPM installs into /usr/local/MailScanner and references /usr/local/Sophos, but some script files (check_mailscanner.* and config.pl) refer to /opt/mailscanner and /opt/sophos. - The default scanner now is sophos, but unpacking tnef is still on. - The RPM recompiles and installs the perl modules every time. I'd prefer standalone RPMs for that, like mailscanner-File-Spec-*.i386.rpm, or at least a check for an existing version. - Modified config files get clobbered without backup or warning. MfG, Ulrich -- This means either that the universe is more full of wonders than we can hope to understand or, more probably, that scientists make things up as they go along. T. Pratchett, "Pyramids" From jkf at ecs.soton.ac.uk Fri Jan 18 10:00:40 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: References: <5.1.0.14.2.20020117152543.03ad19f8@wheresmymailserver.com> Message-ID: <5.1.0.14.2.20020118095703.03bf1e88@imap.ecs.soton.ac.uk> At 09:37 18/01/2002, you wrote: >- The RPM installs into /usr/local/MailScanner and references >/usr/local/Sophos, but some script files (check_mailscanner.* and >config.pl) refer to /opt/mailscanner and /opt/sophos. The script check_mailscanner refers to /usr/local/MailScanner, which is correct. I happen to ship the Solaris version of check_mailscanner too, but it's not used. config.pl can refer to wherever it likes as this is over-ridden by the mailscanner.conf file anyway. >- The default scanner now is sophos, but unpacking tnef is still on. That is intentional, to protect people from themselves. It doesn't do any harm if they use Sophos with tnef unpacking on, but it does a lot of harm if they use some other virus checker and leave tnef checking turned off. >- The RPM recompiles and installs the perl modules every time. I'd prefer >standalone RPMs for that, like mailscanner-File-Spec-*.i386.rpm, or at >least a check for an existing version. Your preference... >- Modified config files get clobbered without backup or warning. The mailscanner.conf file is marked as a config file in the RPM spec (check on the web site if you don't believe me, the SPEC file is there for download), and your old mailscanner.conf file should be saved as mailscanner.conf.rpmsave when you upgrade to the new version. Sorry, this is how RPM does it, not under my control. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From ulrich at DESIGN-D.DE Fri Jan 18 10:51:41 2002 From: ulrich at DESIGN-D.DE (Heinz Ulrich Stille) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <5.1.0.14.2.20020118095703.03bf1e88@imap.ecs.soton.ac.uk> Message-ID: On Fri, 18 Jan 2002, Julian Field wrote: > config.pl can refer to wherever it likes as this is over-ridden by the > mailscanner.conf file anyway. OK, it does work like this now, but didn't when I first installed it (ver 3.01), mailscanner just died. > download), and your old mailscanner.conf file should be saved as > mailscanner.conf.rpmsave when you upgrade to the new version. Sorry, this > is how RPM does it, not under my control. I know, but this didn't happen. And on re-installing the package just now it did not get installed at all, not even as .rpmnew. Moving to .rpmsave should generate a warning, anyway. Strange... MfG, Ulrich -- And of course this misses a fundamental point. What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?" T. Pratchett, "Pyramids" From LISTSERV at JISCMAIL.AC.UK Fri Jan 18 11:25:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: J.McIntyre@NAPIER.AC.UK requested to join Message-ID: <200201181125.LAA07046@magpie.ecs.soton.ac.uk> Fri, 18 Jan 2002 11:25:33 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jennifer Moxey You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER J.McIntyre@NAPIER.AC.UK Jennifer Moxey PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER J.McIntyre@NAPIER.AC.UK Jennifer Moxey // EOJ From dave at NONSTOP-NETWORKS.CO.UK Fri Jan 18 14:47:11 2002 From: dave at NONSTOP-NETWORKS.CO.UK (Dave Atkin) Date: Thu Jan 12 21:14:17 2006 Subject: Rereading config file Message-ID: Is there a nice way to get MailScanner to reread its config file, eg kill -HUP or something like that? Dave Atkin www.nonstop-networks.co.uk From jkf at ecs.soton.ac.uk Fri Jan 18 14:48:40 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Rereading config file In-Reply-To: Message-ID: <5.1.0.14.2.20020118144754.03b6bdd8@imap.ecs.soton.ac.uk> At 14:47 18/01/2002, you wrote: >Is there a nice way to get MailScanner to reread its config file, >eg kill -HUP or something like that? Afraid not. The fastest way is to use "check_mailscanner" to find its PID, kill that PID, then run "check_mailscanner" again to re-start it. Can be quite safely used on a busy production system, nothing will get lost. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From t.d.lee at DURHAM.AC.UK Fri Jan 18 15:08:24 2002 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:14:17 2006 Subject: Possible MailScanner bottleneck Message-ID: Last week, on the campus mail machines which receive email from the outside world (MX records for our domains), we moved from an early version of MailScanner to 3.02-1. I also enabled "Spam Checks" (which we had disabled in the earlier version). Since then, on the MX-preferred machine, which typically handles, say, 2,000 msgs/hour, we have often seen big build-ups of email, often considerably over 1000, sitting in the "incoming" directory, waiting for the "mailscanner" process to get around to processing them. The output side of mailscanner is configured: Delivery Method = batch Deliver In Background = yes specifically to try to keep itself moving,yet we still get this logjam. When this does happen, a "truss -p " of mailscanner often shows it waiting for a long time (few minutes) in the Solaris "door_call" function. This obscurely named routine is, I understand, the kernel interface to name lookups such as userids, group names and host names. My strong suspicion is the code at sendmail.pl, approx line 185: for ($i=0; $i<@Config::SpamNames; $i++) { # Look up $relay in each of the @Config::SpamDomains we have $RBLEntry = gethostbyname("$relay." . $Config::SpamDomains[$i]); and that it is hanging on "gethostbyname(...)" for a remote site. In other words, the email throughput of the entire machine can be brought to a snail's pace or slower by one DNS lookup. (Note that even if the above analysis of this particular problem is incorrect, I still believe there is a potential bottleneck here anyway.) I see a few possible solutions (there may be more): 1. Multi-threading: allow the mailscanner process to be multi-threaded; 2. Multi-processing: allow multiple parallel invocations of mailscanner; 3. Timeout: guard the "gethostbyname(...)" code with a timer. Multi-threading may be a non-starter: different OSes do it different ways, if at all. The programming effort may be large. Multi-processing may be useful anyway (it's what sendmail does in forking a new process). But I seem to recall that the MailScanner cannot, at present, work this way (is my recollection faulty?). Is the programming effort to implement this small, medium, or large? Multi-processing could also be augmented by timeout ... Timeout: I don't know the code well enough, but guess that extra coding work would be needed to classify messages for which "gethostbyname(...)" was abandoned (timed-out). Thoughts? (Or have I completely missed something obvious?) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From LISTSERV at JISCMAIL.AC.UK Thu Jan 17 19:07:02 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: dmcferrin@TEA.STATE.TX.US requested to join Message-ID: <200201171907.TAA20405@magpie.ecs.soton.ac.uk> Thu, 17 Jan 2002 19:07:02 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Debie McFerrin You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dmcferrin@TEA.STATE.TX.US Debie McFerrin PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dmcferrin@TEA.STATE.TX.US Debie McFerrin // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Jan 18 16:10:27 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: Pablo.Iranzo@UV.ES requested to join Message-ID: <200201181610.QAA26218@magpie.ecs.soton.ac.uk> Fri, 18 Jan 2002 16:10:27 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Pablo Iranzo G?mez The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Pablo.Iranzo@UV.ES Pablo Iranzo G?mez PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Pablo.Iranzo@UV.ES Pablo Iranzo G?mez SET MAILSCANNER CONCEAL FOR Pablo.Iranzo@UV.ES // EOJ From chicks at CHICKS.NET Fri Jan 18 16:26:11 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <5.1.0.14.2.20020118095703.03bf1e88@imap.ecs.soton.ac.uk> Message-ID: On Fri, 18 Jan 2002, Julian Field wrote: > >- Modified config files get clobbered without backup or warning. > > The mailscanner.conf file is marked as a config file in the RPM spec (check > on the web site if you don't believe me, the SPEC file is there for > download), and your old mailscanner.conf file should be saved as > mailscanner.conf.rpmsave when you upgrade to the new version. Sorry, this > is how RPM does it, not under my control. If the config file in the rpm doesn't change, it won't blow away the modified user's config file. -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From mk at quadstone.com Fri Jan 18 18:28:41 2002 From: mk at quadstone.com (Michael Keightley) Date: Thu Jan 12 21:14:17 2006 Subject: Symantec AntiVirus Command Line Scanner for Unix Message-ID: <20020118182841.A14900@quadstone.com> Can "Symantec AntiVirus Command Line Scanner 1.0 for Unix" be used with MailScanner? You don't seem to be able to download a trial version. See: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=65&PID=8886449&EID=0 Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From nwp at LEMON-COMPUTING.COM Fri Jan 18 18:49:37 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Rereading config file In-Reply-To: <5.1.0.14.2.20020118144754.03b6bdd8@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Fri, Jan 18, 2002 at 02:48:40PM +0000 References: <5.1.0.14.2.20020118144754.03b6bdd8@imap.ecs.soton.ac.uk> Message-ID: <20020118184937.H7403@lemon-computing.com> On Fri, Jan 18, 2002 at 02:48:40PM +0000, Julian Field wrote: > At 14:47 18/01/2002, you wrote: > >Is there a nice way to get MailScanner to reread its config file, > >eg kill -HUP or something like that? Don't forget that it'll reread the config file when it re-execs itself (every 4 hours, or after processing a certain number of messages, in the default config I think) -- Nick Phillips -- nwp@lemon-computing.com That secret you've been guarding, isn't. From nwp at LEMON-COMPUTING.COM Fri Jan 18 18:58:16 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Possible MailScanner bottleneck In-Reply-To: ; from t.d.lee@DURHAM.AC.UK on Fri, Jan 18, 2002 at 03:08:24PM +0000 References: Message-ID: <20020118185816.I7403@lemon-computing.com> On Fri, Jan 18, 2002 at 03:08:24PM +0000, David Lee wrote: > My strong suspicion is the code at sendmail.pl, approx line 185: > for ($i=0; $i<@Config::SpamNames; $i++) { > # Look up $relay in each of the @Config::SpamDomains we have > $RBLEntry = gethostbyname("$relay." . $Config::SpamDomains[$i]); > > and that it is hanging on "gethostbyname(...)" for a remote site. > > In other words, the email throughput of the entire machine can be brought > to a snail's pace or slower by one DNS lookup. Sounds likely. > 1. Multi-threading: allow the mailscanner process to be multi-threaded; Apparently multithreading is in perl 5.6. I avoid perl 5.6 because it seems too unstable to me. A possibly large programming effort, too. > 2. Multi-processing: allow multiple parallel invocations of mailscanner; Currently not possible, as you (correctly) remember. I did start thinking about it a while ago (while I was considering what needed to be locked when in order to keep MTAs happy), and concluded that while most of what's needed would be fairly simple, it would be a significant (although probably not too massive) programming effort. It would however be a massive *testing* effort. > 3. Timeout: guard the "gethostbyname(...)" code with a timer. Perl seems to be breaking on us often enough in the areas where we use timers already... just ask Julian how scared he got when I suggested playing with a couple of minor modifications to the code which forks the commercial scanner (and guards it with a timeout)... > Thoughts? (Or have I completely missed something obvious?) Nothing too obvious. Of the three, I'd only really *avoid* the multithreading. And that's not based on having any experience of using perl 5.6 to do multithreading, just based on the number of segfaults I've seen with perl 5.6 vs the number I've seen with perl 5.005. And then there's getting it tested. -- Nick Phillips -- nwp@lemon-computing.com Are you ever going to do the dishes? Or will you change your major to biology? From nwp at LEMON-COMPUTING.COM Fri Jan 18 18:58:49 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Possible MailScanner bottleneck In-Reply-To: ; from t.d.lee@DURHAM.AC.UK on Fri, Jan 18, 2002 at 03:08:24PM +0000 References: Message-ID: <20020118185849.J7403@lemon-computing.com> On Fri, Jan 18, 2002 at 03:08:24PM +0000, David Lee wrote: > Thoughts? (Or have I completely missed something obvious?) Oh, I forgot one - lack of time ;( -- Nick Phillips -- nwp@lemon-computing.com Good day for overcoming obstacles. Try a steeplechase. From nwp at LEMON-COMPUTING.COM Fri Jan 18 19:19:29 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Symantec AntiVirus Command Line Scanner for Unix In-Reply-To: <20020118182841.A14900@quadstone.com>; from mk@QUADSTONE.COM on Fri, Jan 18, 2002 at 06:28:41PM +0000 References: <20020118182841.A14900@quadstone.com> Message-ID: <20020118191929.K7403@lemon-computing.com> On Fri, Jan 18, 2002 at 06:28:41PM +0000, Michael Keightley wrote: > Can "Symantec AntiVirus Command Line Scanner 1.0 for Unix" > be used with MailScanner? You don't seem to be able to download a trial > version. > See: > http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=65&PID=8886449&EID=0 There are several barriers to getting support for this into mailscanner, none of which should be insurmountable: * whoever writes the code needs to work on a system with a working version of the scanner * it's not something that a lot of people have been asking for * someone has to take the time to write (and test) it. So, no, it can't be used at the moment, but if there's enough demand (like lots of people who want it a little bit or one person who wants it very badly) then I guess it will get done. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will wish you hadn't. From hans at VALLDEN.COM Fri Jan 18 19:49:11 2002 From: hans at VALLDEN.COM (Hans Vallden) Date: Thu Jan 12 21:14:17 2006 Subject: Mac viruses In-Reply-To: <20020118191929.K7403@lemon-computing.com> References: <20020118182841.A14900@quadstone.com> <20020118191929.K7403@lemon-computing.com> Message-ID: It seems that Sophos for Linux is unable to detect Macintosh viruses. I tried a huge bunch (42) viruses and they all went through Sophos undetected. Does any of the other Mailscanner supported (Linux) virus checkers detect Macintosh specific viruses? -- -- Hans Vallden hans@vallden.com From Pablo.Iranzo at UV.ES Fri Jan 18 19:39:55 2002 From: Pablo.Iranzo at UV.ES (=?iso-8859-1?Q?Pablo_Iranzo_G=F3mez?=) Date: Thu Jan 12 21:14:17 2006 Subject: MRTG not showing neither SPAM or VIRUS In-Reply-To: <20020118185849.J7403@lemon-computing.com> Message-ID: Hi I've MailScanner configured to detect SPAM using SpamAssasin and Viruses using F-prot, it works fine as some messages are marked as "{SPAM?}" in subject and the Eicar tests I did over the Virus Scanner worked fine aswell. MRTG is installed too and works fine with the incoming mail, but it isn't showing anything about spam or viruses (The updated period is 5 minutes and works fine with email, but nothing more is showed about the other two parameters) ?Do I need to do anything more? ?Some special swicht or parameter to activate? I did a search in the webpage for older requests and appears one similar to mine and it has no answers yet. Thanks in advance Pablo Pablo Iranzo G?mez (Pablo.Iranzo@uv.es) http://www.uv.es/~iranzop/ring/astron/ (Anillo Astron?mico) http://www.uv.es/~iranzop/hp48/ (P?gina de la HP) -- ICQ UIN: 36614467 (PGPKey Available on http://www.uv.es/~iranzop/PGPKey.pgp) -- Principio de Heisenberg sobre la Incertidumbre: La localizaci?n de todos los objetos no se puede conocer de forma simult?nea. Corolario: Si encuentra un objeto que estaba perdido, desaparecer? otro. -- From tyler at beloit.edu Fri Jan 18 19:58:23 2002 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:14:17 2006 Subject: Symantec AntiVirus Command Line Scanner for Unix In-Reply-To: <20020118191929.K7403@lemon-computing.com> from "Nick Phillips" at Jan 18, 2002 07:19:29 PM Message-ID: <200201181958.NAA22316@beloit.edu> Nick, I also would be seriously interested in Norton's unix command line version if I could assure myself that it would work on an AIX 4.3 system. Norton has some extordinary competitive prices for education for student support. If they apply the same price structure as they are to us for distributing Norton Antivirus to student desktops, then they would blow away Sophos and McAfee for pricing. Not sure about this, but I havn't approached them because I didn't think it was an option for Mailscanner. But since the issue has been raised, I am definately interested. Tim > >On Fri, Jan 18, 2002 at 06:28:41PM +0000, Michael Keightley wrote: >> Can "Symantec AntiVirus Command Line Scanner 1.0 for Unix" >> be used with MailScanner? You don't seem to be able to download a trial >> version. >> See: >> http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=65&PID=8886449&EID=0 > >There are several barriers to getting support for this into mailscanner, >none of which should be insurmountable: > >* whoever writes the code needs to work on a system with a working version of > the scanner >* it's not something that a lot of people have been asking for >* someone has to take the time to write (and test) it. > > >So, no, it can't be used at the moment, but if there's enough demand (like >lots of people who want it a little bit or one person who wants it very >badly) then I guess it will get done. > > >Cheers, > > >Nick >-- >Nick Phillips -- nwp@lemon-computing.com >You will wish you hadn't. > -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu Go Packers! Go Badgers! 1999&2000 Rose Bowl Champions! From nwp at LEMON-COMPUTING.COM Fri Jan 18 20:11:20 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Mac viruses In-Reply-To: ; from hans@VALLDEN.COM on Fri, Jan 18, 2002 at 09:49:11PM +0200 References: <20020118182841.A14900@quadstone.com> <20020118191929.K7403@lemon-computing.com> Message-ID: <20020118201120.B18979@lemon-computing.com> On Fri, Jan 18, 2002 at 09:49:11PM +0200, Hans Vallden wrote: > It seems that Sophos for Linux is unable to detect Macintosh viruses. > I tried a huge bunch (42) viruses and they all went through Sophos > undetected. > > Does any of the other Mailscanner supported (Linux) virus checkers > detect Macintosh specific viruses? Sophos does. At least it should, so I suspect that there's something funny going on. Were they all in Mac-specific archives? Does it detect them if you try it from the command line? Sophos is actually available for the Mac too, and all the various platform versions should use the same engine and detect the same viruses. Which viruses were they? How old are they? -- Nick Phillips -- nwp@lemon-computing.com You will be reincarnated as a toad; and you will be much happier. From nwp at LEMON-COMPUTING.COM Fri Jan 18 20:20:59 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: ; from chicks@CHICKS.NET on Fri, Jan 18, 2002 at 11:26:11AM -0500 References: <5.1.0.14.2.20020118095703.03bf1e88@imap.ecs.soton.ac.uk> Message-ID: <20020118202059.D18979@lemon-computing.com> On Fri, Jan 18, 2002 at 11:26:11AM -0500, Christopher Hicks wrote: > If the config file in the rpm doesn't change, it won't blow away the > modified user's config file. A system that blows away a user's modified conffile is braindamaged. Period. Any decent system would do no such thing. ;) -- Nick Phillips -- nwp@lemon-computing.com Excellent time to become a missing person. From chicks at CHICKS.NET Fri Jan 18 21:34:05 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <20020118202059.D18979@lemon-computing.com> Message-ID: On Fri, 18 Jan 2002, Nick Phillips wrote: > A system that blows away a user's modified > conffile is braindamaged. Period. Any decent system would do no such > thing. I totally agree, but in my experience rpm Does The Right Thing (TM) regarding config files. I generate RPM's for various utilities we use internally and it works very well. I've never had a problem with it regarding config files, but I try to keep my config files in the rpm as stable as possible so I don't have to worry about all the .rpmsave and .rpmnew detritus that happens. -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From gerry at DORFAM.CA Fri Jan 18 22:09:17 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:17 2006 Subject: ANNOUNCE: Version 3.03-1 released In-Reply-To: <20020118202059.D18979@lemon-computing.com> Message-ID: When I upgraded my system earlier this week to 3.03-1 I saw a message that mailscanner.conf had been saved as mailscanner.conf.rpmsave. It was renamed as stated. I don't see how it can be otherwise as the old conf files may not be compatible with new releases (general statement not mailscanner specific). In any case, the fresh new unmodified mailscanner.conf file was waiting for me to customize in the appropriate place. In summary, it all worked as advertised. Gerry On Fri, 18 Jan 2002, Nick Phillips wrote: > On Fri, Jan 18, 2002 at 11:26:11AM -0500, Christopher Hicks wrote: > > > If the config file in the rpm doesn't change, it won't blow away the > > modified user's config file. > > > A system that blows away a user's modified conffile is braindamaged. Period. > Any decent system would do no such thing. > > > ;) > -- > Nick Phillips -- nwp@lemon-computing.com > Excellent time to become a missing person. > -- "The lyfe so short, the craft so long to learne" Chaucer From Pablo.Iranzo at UV.ES Sat Jan 19 21:48:17 2002 From: Pablo.Iranzo at UV.ES (=?iso-8859-1?Q?Pablo_Iranzo_G=F3mez?=) Date: Thu Jan 12 21:14:17 2006 Subject: MRTG not showing neither SPAM or VIRUS In-Reply-To: Message-ID: It seems that MailScanner doesn't log SPAM or VIRUSES to the /var/log/maillog file where sendmail stores its info. ?What do I need to configure to allow this to work? Thanks -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Pablo Iranzo G?mez Enviado el: viernes, 18 de enero de 2002 20:40 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: MRTG not showing neither SPAM or VIRUS Hi I've MailScanner configured to detect SPAM using SpamAssasin and Viruses using F-prot, it works fine as some messages are marked as "{SPAM?}" in subject and the Eicar tests I did over the Virus Scanner worked fine aswell. MRTG is installed too and works fine with the incoming mail, but it isn't showing anything about spam or viruses (The updated period is 5 minutes and works fine with email, but nothing more is showed about the other two parameters) ?Do I need to do anything more? ?Some special swicht or parameter to activate? I did a search in the webpage for older requests and appears one similar to mine and it has no answers yet. Thanks in advance Pablo Pablo Iranzo G?mez (Pablo.Iranzo@uv.es) http://www.uv.es/~iranzop/ring/astron/ (Anillo Astron?mico) http://www.uv.es/~iranzop/hp48/ (P?gina de la HP) -- ICQ UIN: 36614467 (PGPKey Available on http://www.uv.es/~iranzop/PGPKey.pgp) -- Principio de Heisenberg sobre la Incertidumbre: La localizaci?n de todos los objetos no se puede conocer de forma simult?nea. Corolario: Si encuentra un objeto que estaba perdido, desaparecer? otro. -- From ian at FASTNET.BC.CA Sun Jan 20 07:20:40 2002 From: ian at FASTNET.BC.CA (Ian Dobson) Date: Thu Jan 12 21:14:17 2006 Subject: MRTG not showing neither SPAM or VIRUS In-Reply-To: References: Message-ID: <3C49FF48.26978.2910DBB@localhost> Its in the FAQ or the troubleshhoting guide add a -r to the command that starts syslog :) On 19 Jan 2002 at 22:48, Pablo Iranzo G?mez wrote: > It seems that MailScanner doesn't log SPAM or VIRUSES to the > /var/log/maillog file where sendmail stores its info. ?What do I need to > configure to allow this to work? > Thanks > > > > -----Mensaje original----- > De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En > nombre de Pablo Iranzo G?mez > Enviado el: viernes, 18 de enero de 2002 20:40 > Para: MAILSCANNER@JISCMAIL.AC.UK > Asunto: MRTG not showing neither SPAM or VIRUS > > > Hi > I've MailScanner configured to detect SPAM using SpamAssasin and > Viruses using F-prot, it works fine as some messages are marked as > "{SPAM?}" in subject and the Eicar tests I did over the Virus Scanner > worked fine aswell. MRTG is installed too and works fine with the > incoming mail, but it isn't showing anything about spam or viruses (The > updated period is 5 minutes and works fine with email, but nothing more > is showed about the other two parameters) > > ?Do I need to do anything more? ?Some special swicht or > parameter to activate? > I did a search in the webpage for older requests and appears one > similar to mine and it has no answers yet. > > Thanks in advance > Pablo > > > > > Pablo Iranzo G?mez (Pablo.Iranzo@uv.es) > http://www.uv.es/~iranzop/ring/astron/ (Anillo Astron?mico) > http://www.uv.es/~iranzop/hp48/ (P?gina de la HP) > -- > ICQ UIN: 36614467 > (PGPKey Available on http://www.uv.es/~iranzop/PGPKey.pgp) > -- > Principio de Heisenberg sobre la Incertidumbre: > La localizaci?n de todos los objetos no se puede conocer de > forma simult?nea. > > Corolario: > Si encuentra un objeto que estaba perdido, desaparecer? otro. > -- > Isn't having a smoking section in a restaurant like having a peeing section in a swimming pool? From LISTSERV at JISCMAIL.AC.UK Sun Jan 20 05:31:53 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: fizz@BOMB.NET requested to join Message-ID: <200201200531.FAA12915@magpie.ecs.soton.ac.uk> Sun, 20 Jan 2002 05:31:53 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Kelly Hamlin You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER fizz@BOMB.NET Kelly Hamlin PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER fizz@BOMB.NET Kelly Hamlin // EOJ From marko at HUMAN.PEFRI.HR Sun Jan 20 17:24:44 2002 From: marko at HUMAN.PEFRI.HR (Marko Malikovic) Date: Thu Jan 12 21:14:17 2006 Subject: MailScanner on Debian Message-ID: <1067.161.53.147.41.1011540284.squirrel@www.human.pefri.hr> Hello everybody on list! My name is Marko Malikovic, I'm new on the this list and I live in Croatia. I have this kind of problem and maybe somebody of you have experience with this: My server is working under Debian 3.0 (I'm new in Debian - GNU/Linux because before I had Solaris). I tried to install "Solaris/Other Linux/other Unix version 3.02-1" on my Debian but I have problem because in /etc/init.d/sendmail I have not a line "sendmail -bd -q15m" and I can not to make a changes describen in http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml where you can read: You should change this to the following two lines: sendmail -bd -ODeliveryMode=queueonly - OQueueDirectory=/var/spool/mqueue.in sendmail -q15m On my system, every changes I have to do in /etc/mail/sendmail.conf Below you can read my /etc/init.d/sendmail and /etc/mail/sendmail.conf: /etc/init.d/sendmail: #!/bin/sh -e # # Sendmail rc script for Debian (/etc/init.d/sendmail) # # Copyright (c) 2001-2001, Richard Nelson . # Time-stamp: <2001/08/20 10:00:00 cowboy> # # Notes (to all): # * This is no longer a conffile - don't edit this... instead # edit /etc/mail/sendmail.conf # # Notes (to self): # * # set -e; PATH=/bin:/usr/bin:/sbin:/usr/sbin; #--------------------------------------------------------------------------- --- # Autoconf variables - in a form suitable for sh, perl # Generated automatically from autoconf.sh.in by configure. #--------------------------------------------------------------------------- --- # Variables for, and by, Autoconf (Don't touch these! edit config step) PACKAGE_NAME="Sendmail"; PACKAGE_VERSION="8.12.1"; prefix="/usr"; exec_prefix="/usr"; bindir="/usr/bin"; sbindir="/usr/sbin"; libexecdir="/usr/lib/sm.bin"; datadir="/usr/share"; sysconfdir="/etc"; sharedstatedir="/usr/com"; localstatedir="/var"; libdir="/usr/lib"; includedir="/usr/include"; infodir="/usr/share/info"; mandir="/usr/share/man"; docdir="/usr/share/doc"; srcdir="/local/home/src/sendmail/sendmail-8.12.1/.."; # All the real work is done by helper functions defined herein if [ ! -x ${datadir}/sendmail/sm_helper.sh ]; then exit 0; fi; . ${datadir}/sendmail/sm_helper.sh; # Some requisite initialization Get_Parameters; # Ok, why are we here... case "$1" in #------------------------------------------------------------------- ---- # Debian required/optional targets: #------------------------------------------------------------------- ---- start) echo -n "Starting Mail Transport Agent: " start_sendmail; echo "$NAME." ;; stop) echo -n "Stopping Mail Transport Agent: " stop_sendmail; echo "$NAME." ;; restart) echo -n "Restarting Transport Agent..."; # reload is equivalent (but faster) than stop/start ! reload_sendmail; echo "$NAME."; ;; restart-if-running) if ! is_running mta && ! is_running msp; then echo "Mail Transport Agent: $NAME is not running"; else $0 restart; fi; ;; reload|force-reload) echo -n "Reloading Mail Transport Agent configuration..."; reload_sendmail; echo "$NAME."; ;; #------------------------------------------------------------------- ---- # Local targets (sendmail commands/aliases) for MSP/MTA split support # These targets will pass along any provided parameters #------------------------------------------------------------------- ---- newaliases) shift; newaliases $*; ;; hoststat) shift; hoststat $*; ;; purgestat) shift; purgestat $*; ;; mailstats) shift; mailstats $*; ;; mailq) shift; mailq $*; ;; runq) shift; runq $*; ;; #------------------------------------------------------------------- ---- # Local targets for extended support/debugging #------------------------------------------------------------------- ---- status) shift; status $*; ;; debug) # # If not running, can't debug if is_running msp; then echo -n "Dumping MSP state..."; $SIGNAL_MSP_CMD --signal USR1; echo "done."; fi; if is_running mta; then echo -n "Dumping MTA state..."; $SIGNAL_MTA_CMD --signal USR1; echo "done."; fi; ;; clean|clean_que*|clean-que*) # # If running, don't clean the queues... if is_running mta; then echo "MTA is running, queue cleaning ill advised..."; else echo -n "Cleaning up the queues..."; clean_queues; echo "done."; fi; ;; #------------------------------------------------------------------- ---- # Local targets for cronjob support #------------------------------------------------------------------- ---- cron-msp) cron_msp; ;; cron-mta) cron_mta; ;; #------------------------------------------------------------------- ---- # Default target - bitch and moan #------------------------------------------------------------------- ---- *) echo "Invalid command <$1>"; echo "Usage: $0 "; echo " Where is one of the following"; echo " start|stop|restart|restart-if-running"; echo " reload|force-reload"; echo " newaliases|hoststat|purgestat|mailstats|mailq|runq"; echo " status|debug|clean"; exit 1; ;; esac; exit 0; /etc/mail/sendmail.conf: #--------------------------------------------------------------------------- --- # # /etc/mail/sendmail.conf # # Copyright (c) 2001-2001 Richard Nelson. All Rights Reserved. # Version: 1.1.3 # Time-stamp: <2001/08/15 12:00:00 cowboy> # # Parameter file for sendmail (sourced by /etc/init.d/sendmail) # Make all changes herein, instead of altering /etc/init.d/sendmail. # # After making changes here, you'll need to run /usr/sbin/sendmailconfig # or /usr/share/sendmail/update_conf to have the changes take effect - # If you change DAEMON_MODE, QUEUE_MODE, or QUEUE_INTERVAL, you'll also # need to run /etc/init.d/sendmail restart. # # Changes made herein will be kept across upgrades. # # Supported parameters (and defaults) are listed herein. # # Notes: # * This setup allows sendmail to run in several modes: # - listener and queue runner..DAEMON_MODE="daemon".QUEUE_MODE="daemon" # - listener only..............DAEMON_MODE="daemon".QUEUE_MODE="none" # - queue runner only..........DAEMON_MODE="none"...QUEUE_MODE="daemon" # - *NOTHING* ?!?..............DAEMON_MODE="none"...QUEUE_MODE="none" # # * You can also run the listener from inetd: # - listener and queue runner..DAEMON_MODE="inetd"..QUEUE_MODE="daemon" # - listener only..............DAEMON_MODE="inetd"..QUEUE_MODE="none" # # * You can also run the queue runner from cron: # - listener and queue runner..DAEMON_MODE="....."..QUEUE_MODE="cron" # - queue runner only..........DAEMON_MODE="none"...QUEUE_MODE="cron" # # * _PARMS entries herein are shown in precedence order, any later _PARMS # field will, if applicable, override any previous _PARMS fields. # # * Values *MUST* be surrounded with double quotes ("), single quotes # will *NOT* work ! # #--------------------------------------------------------------------------- --- # SMTP Listener Configuration # # DAEMON_MODE="Daemon"; Keyword SMTP listener # daemon: Run as standalone daemon # inetd: Run from inet supervisor (forks for each mail) # none: No listener (ie, nullclient/smarthost) # # NOTE: for the nonce, DAEMON_MODE="none" is *NOT* supported !!! # DAEMON_MODE="Daemon"; # # DAEMON_PARMS=""; String Listener parms # Any parameters here will be ignored when run from cron. # Note that MISC_PARMS and CRON_PARMS, if applicable, will override # anything declared herein. # DAEMON_PARMS=""; # # DAEMON_HOSTSTATS="No"; Boolean Listener stats # This parameter determines whether or not host stats are collected # and available for the `hoststat` command to display. There will # be a (minor) performance hit, as files will be created/updated for each # sendmail delivery attempt. The files are fixed in size, and small, # but there can be many of them. # DAEMON_HOSTSTATS="Yes"; # # DAEMON_MAILSTATS="No"; Boolean Listener stats # This parameter determines whether or not mailer stats are collected # and available for the `mailstats` command to display. There will # be a (minor) performance hit, as this file will be updated for each # item coming into, or out of, sendmail. The file is fixed in size, # and small, so there's no need to rotate it. # DAEMON_MAILSTATS="No"; # #--------------------------------------------------------------------------- --- # SMTP MTA Queue Runner Configuration # # QUEUE_MODE="${DAEMON_MODE}"; Keyword SMTP queue runner # daemon: Run as standalone daemon # cron: Run from crontab # none: No queue runner (ie, nullclient/smarthost) # # NOTE: for the nonce, QUEUE_MODE="none" is *NOT* supported !!! # QUEUE_MODE="${DAEMON_MODE}"; # # QUEUE_INTERVAL="10"; Integer in minutes # Interval at which to run the MTA queues. What interval should you use? # The amount of time that is acceptable before retrying delivery on # mail that couldn't be delivered in one run, or how long an item can # set in the queue before having the first delivery attempt done. # QUEUE_INTERVAL="10"; # # QUEUE_PARMS=""; String queue parameters # Any parameters here are also used when run from cron. # Note that MISC_PARMS and CRON_PARMS, if applicable, will override # anything declared herein. # QUEUE_PARMS=""; # #--------------------------------------------------------------------------- --- # SMTP - MSP Queue Runner Configuration # # MSP_MODE="${QUEUE_MODE}"; Keyword MSP queue runner mode # daemon: Run as standalone daemon # cron: Run from crontab # none: No queue runner (ie, nullclient/smarthost) # # NOTE: If QUEUE_MODE="cron" & MSP_MODE="none", the MSP queue will # be run as part of the MTA queue running process. # MSP_MODE="${QUEUE_MODE}"; # # MSP_INTERVAL="${QUEUE_INTERVAL}"; Integer in minutes # Interval at which to run the MSP queues. What interval should you use? # The amount of time that is acceptable before retrying delivery on # mail that couldn't be accepted by the MTA, and was therefore left # in the message submission queue. Probably should be the same as the # whats used in QUEUE_INTERVAL. # MSP_INTERVAL="${QUEUE_INTERVAL}"; # # MSP_PARMS="${QUEUE_PARMS}"; String queue parameters # Any parameters here are also used when run from cron. # Note that MISC_PARMS and CRON_PARMS, if applicable, will override # anything declared herein. # MSP_PARMS="${QUEUE_PARMS}"; # # MSP_MAILSTATS="${DAEMON_MAILSTATS}"; Boolean Listener stats # This parameter determines whether or not mailer stats are collected # and available for the `mailstats` command to display. There will # be a (minor) performance hit, as this file will be updated for each # item coming into, or out of, sendmail. The file is fixed in size, # and small, so there's no need to rotate it. # MSP_MAILSTATS="No"; # #--------------------------------------------------------------------------- --- # Miscellaneous Confguration # # MISC_PARMS=""; String miscellaneous parameters # Miscellaneous parameters - applied to any sendmail invocation. # Any parameters here are also used when run from cron. # Applied after {DAEMON,QUEUE}_PARMS, and can therefore override them # if need be (in which case why did use them?) # Note that CRON_PARMS, if applicable, will override anything # declared herein. # # Here is where'd you setup and debugging or special parms that you # want shared betwixt the possibly separate listener/queue-runner # processes. # MISC_PARMS=""; # #--------------------------------------------------------------------------- --- # Cron Job Configuration # # CRON_MAILTO="root"; String cronjob output # Recipient of *rare* cronjob output. Some cronjobs will be running # under user `mail`, so any problems encountered would probably be missed # so define a user who actually (hopefully) checks email now and again. # CRON_MAILTO="root"; # # CRON_PARMS=""; String cron specific parmeters # Cron parameters - applied *only* when sendmail queue running is done # via a cronjob. Applied after QUEUE_PARMS and MISC_PARMS, and can # therefore override them if need be. # CRON_PARMS=""; # #--------------------------------------------------------------------------- --- # Queue Aging Configuration # # Why would you want to age your queues? On every queue-run interval, # sendmail will try *every* file in the queue... If a site is down # for a while, considerable time can be wasted each interval in retrying # it. The scheme supported allows aging by time, and can move the older # files to another (less frequently run queue), thereby reducing overal # system impact - and providing better mail throughput. # # Note that this support is completely separate from QUEUE_MODE=cron, # you can age queues even if you're running QUEUE_MODE=daemon. # # There are four parts to the queue aging support, and these parts # may be repeated, to operate on multiple queues. # # 1. Interval at which to age the queues (in minutes). # What interval should you use? Roughly twice the normal queue # interval, so that messages are tried twice in each successively # slower queue. # # 2. Criteria (optional and defaults to interval). This is the # specification of which files to move. It defaults moving # files whose age in the queues exceeds the interval. # This field, if specified can be very complex - supporting # aging by just about anything! see qtool(8) for details. # # 3. To queue. This is the queue to which files will be moved. # It may be fully qualified, or relative to /var/spool/mqueue. # # 4. From queue. This is the queue from which files will be moved. # It may be fully qualified, or relative to /var/spool/mqueue. # # Samples: # AGE_DATA="[['25', '', 'hourly', 'main']]"; # Every 25 minutes, move any file older than 25 minutes from # /var/spool/mqueue/main to /var/spool/mqueue/hourly # # AGE_DATA="[['25', '', 'hourly', 'main'],\ # ['125', '', 'daily', 'hourly']]"; # Same as the above, but also move files from the hourly queue # to the daily queue after 125 minutes in the hourly queue. # # AGE_DATA="[['25',\ # '-e \'$msg->{message} = Deferred: 452 4.2.2 Over quota\'',\ # 'overquota', 'main']]"; # Every 25 minutes, move all files deferred because of quota # violations from /var/spool/mqueue/main to # /var/spool/mqueue/overquota where they can be processed on # a different interval, or by some other means. # # If the above samples suggest Perl arrays, well, they are... # # AGE_DATA=""; Perl array Queue aging data # AGE_DATA=""; # #--------------------------------------------------------------------------- --- # Hidden variables (the blood be upon your hands) # # #--------------------------------------------------------------------------- --- # Deprecated variables (kept for reference) # DAEMON_STATS="${DAEMON_MAILSTATS}"; MSP_STATS="${MSP_MAILSTATS}"; # #--------------------------------------------------------------------------- --- # Unknown variables (kept for reference) # #--------------------------------------------------------------------------- --- # If somebody have can help me, I will be very happy. Thank you very much for help and greetings from (in this time also cold) Croatia!!! -- Marko Malikovic Strucni suradnik za kompjuterske aplikacije na Odsjeku za psihologiju CARNet sistem administrator Filozofski fakultet u Rijeci Trg Ivana Klobucarica 1 Tel: ++385/51/315-232, 315-233 From fizz at BOMB.NET Sun Jan 20 17:10:29 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Couple Small Questions.. Message-ID: Im new the Mailscanner and love it so far. Ive intergrated SpamAssassin which also seems to work great. However i have a few small questions as im a X qmail user. please bare with me, i was up till 3am looking at documentation and how to do these things. 1. How can i tell that spamassassin is even working? 2. By default sendmail has logs going to your messages and syslog files, i heard you can have seprate logs for sendmail, if this is true what do i have to do.(i know i will have to recompile most likely, but im hoping its just a sendmail.cf thing) 3. How do i intergrate Razor into SpamAssassin and MailScanner, it has info for everything else except this. I might have missed the pbvious but any help is greatly appriciated. Keep up the great work guys! Kelly From doko at CS.TU-BERLIN.DE Sun Jan 20 17:36:10 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:17 2006 Subject: beginnings of a configuration system ... Message-ID: <15435.10.517318.618240@gargle.gargle.HOWL> Attached you find an autoconf (2.50) file and three .in files (mailscanner.in, check_mailscanner.in, mailscanner.conf.in), which get rid off the symlinks as distributed and setup the scripts for exim/sendmail respectively. They are far from beeing complete, but I currently do not have enough time to finish them ... -------------- next part -------------- A non-text attachment was scrubbed... Name: msconf.tgz Type: application/octet-stream Size: 9782 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020120/4145fc2a/msconf.obj From fizz at BOMB.NET Sun Jan 20 19:33:07 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs Message-ID: <001001c1a1e9$49d03bc0$ac722241@fizz> Ive followed what was in the FAQ about adding a -r to the syslogd startup, but its still not logging anything reguarding spam or virus's. Ive had plenty of both come through (virus's clean of course) and spam tagged appropriately. Any help would be appriciated. Im running Slackware 7.1. Kelly -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020120/cc3b23c2/attachment.html From benjamin.mercusot at SOPHOS.FR Mon Jan 21 00:00:38 2002 From: benjamin.mercusot at SOPHOS.FR (Benjamin MERCUSOT) Date: Thu Jan 12 21:14:17 2006 Subject: Benjamin Mercusot =?iso-8859-1?Q?=E0_quitt=E9_SOPHOS?= Message-ID: Je serai absent(e) du 18/01/2002 au 28/02/2003. I leaved SOPHOS since 01/18/2002. Please redirect your emails to the support by using this e-mail address support@sophos.fr. Regards J'ai quitt? SOPHOS d?finitivement depuis le 18/01/2002 Veuillez contacter le support technique de Sophos ? l'adresse : support@sophos.fr Ou si ce message est personnel veuillez l'adresser ? benjm@altern.org Cordialement, From nwp at LEMON-COMPUTING.COM Mon Jan 21 09:38:44 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: beginnings of a configuration system ... In-Reply-To: <15435.10.517318.618240@gargle.gargle.HOWL>; from doko@CS.TU-BERLIN.DE on Sun, Jan 20, 2002 at 06:36:10PM +0100 References: <15435.10.517318.618240@gargle.gargle.HOWL> Message-ID: <20020121093844.A13425@lemon-computing.com> On Sun, Jan 20, 2002 at 06:36:10PM +0100, Matthias Klose wrote: Content-Description: message body text > Attached you find an autoconf (2.50) file and three .in files > (mailscanner.in, check_mailscanner.in, mailscanner.conf.in), which get > rid off the symlinks as distributed and setup the scripts for > exim/sendmail respectively. They are far from beeing complete, but I > currently do not have enough time to finish them ... Thanks; have you managed to get mailscanner working yet? -- Nick Phillips -- nwp@lemon-computing.com You will soon forget this. From nwp at LEMON-COMPUTING.COM Mon Jan 21 09:52:27 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs In-Reply-To: <001001c1a1e9$49d03bc0$ac722241@fizz>; from fizz@BOMB.NET on Sun, Jan 20, 2002 at 02:33:07PM -0500 References: <001001c1a1e9$49d03bc0$ac722241@fizz> Message-ID: <20020121095227.B13425@lemon-computing.com> On Sun, Jan 20, 2002 at 02:33:07PM -0500, Kelly Hamlin wrote: > Ive followed what was in the FAQ about adding a -r to the syslogd startup, but its still not logging anything reguarding spam or virus's. Ive had plenty of both come through (virus's clean of course) and spam tagged appropriately. Any help would be appriciated. Im running Slackware 7.1. > Kelly Are you getting *any* logging at all from mailscanner? Anyway, I suggest you check where your syslog.conf is routing messages for facility "mail". Then try using the "logger" command to log a message with facility "mail" and priority "info". See whether that gets there. And if you have any packet filtering, check that you're not dropping or blocking packets on 514/udp on the loopback interface (they may not have 127.0.0.1 source and/or destination addresses). Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You have been selected for a secret mission. From LISTSERV at JISCMAIL.AC.UK Sun Jan 20 16:51:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: pablo.iranzo@UV.ES left the JISCmail list Message-ID: <200201201651.QAA00382@magpie.ecs.soton.ac.uk> Sun, 20 Jan 2002 16:51:29 pablo.iranzo@UV.ES has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Mon Jan 21 03:37:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: pochy_s@TELOCITY.COM requested to join Message-ID: <200201210337.DAA21298@magpie.ecs.soton.ac.uk> Mon, 21 Jan 2002 03:37:55 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Pochy Serrano You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pochy_s@TELOCITY.COM Pochy Serrano PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pochy_s@TELOCITY.COM Pochy Serrano // EOJ From gerry at DORFAM.CA Mon Jan 21 12:53:07 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:17 2006 Subject: [SAtalk] make test fails (install Mail::Spamassassin) (fwd) Message-ID: For those of you who have run into this problem (like me!!!) and wondered if you were doing something wrong.... Gerry -- "The lyfe so short, the craft so long to learne" Chaucer ---------- Forwarded message ---------- Date: Mon, 21 Jan 2002 11:25:21 -0000 From: Matt Sergeant To: 'Olivier M.' , spamassassin-talk@lists.sourceforge.net Subject: RE: [SAtalk] make test fails (install Mail::Spamassassin) > -----Original Message----- > From: Olivier M. [mailto:qmail@orion.8304.ch] > > Hi, FYI, install Mail::Spamassassin (via cpan) never worked > on the systems > I'm using (Suse linux-7.3 based): it always finish this way: > > t/forged_rcvd.......ok > > t/nonspam...........ok > > t/reportheader......ok > > t/spam..............ok > > t/spamd.............ok > > t/spamd_port........ok > > t/strip2............NOK 12FAILED tests 8, 10, 12 > > Failed 3/12 tests, 75.00% okay > t/stripmarkup.......ok > > Failed Test Status Wstat Total Fail Failed List of failed > -------------------------------------------------------------- > ----------------- > t/strip2.t 12 3 25.00% 8, 10, 12 > Failed 1/8 test scripts, 87.50% okay. 3/121 subtests failed, > 97.52% okay. > make: *** [test_dynamic] Error 29 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force I sent a patch to the list for this. Not sure if it's been applied yet. Subject was "SA Patch (fixes Mail::Audit bug again)" Matt. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Spamassassin-talk mailing list Spamassassin-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/spamassassin-talk From fizz at BOMB.NET Mon Jan 21 13:47:18 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs References: <001001c1a1e9$49d03bc0$ac722241@fizz> <20020121095227.B13425@lemon-computing.com> Message-ID: <01c501c1a282$2498dad0$48cf75cc@fizz> this might help.. i get errors when running logger.pl by itself. this may have something to do with it root@sairys:/opt/mailscanner/bin# ./logger.pl mail info ./logger.pl: use: command not found ./logger.pl: use: command not found ./logger.pl: package: command not found ./logger.pl: sub: command not found ./logger.pl: line 41: syntax error near unexpected token `Sys::Syslog::openlog(@ _,' ./logger.pl: line 41: ` Sys::Syslog::openlog(@_, 'pid, nowait', 'mail');' root@sairys:/opt/mailscanner/bin# also, here is my syslog.conf ************************** # /etc/syslog.conf # For info about the format of this file, see "man syslog.conf" (the BSD man # page), and /usr/doc/sysklogd/README.linux. # *.=info;*.=notice;*.=mail /usr/adm/messages *.=debug /usr/adm/debug # We don't log messages of level 'warn'. Why? Because if you're running # a news site (with INN), each and every article processed generates a # warning and a disk access. This slows news processing to a crawl. # If you want to log warnings, you'll need to uncomment this line: #*.warn /usr/adm/syslog *.err /usr/adm/syslog # # This might work instead to log on a remote host: # * @hostname **************** ----- Original Message ----- From: "Nick Phillips" To: Sent: Monday, January 21, 2002 4:52 AM Subject: Re: Sendmail Logs > On Sun, Jan 20, 2002 at 02:33:07PM -0500, Kelly Hamlin wrote: > > Ive followed what was in the FAQ about adding a -r to the syslogd startup, but its still not logging anything reguarding spam or virus's. Ive had plenty of both come through (virus's clean of course) and spam tagged appropriately. Any help would be appriciated. Im running Slackware 7.1. > > Kelly > > Are you getting *any* logging at all from mailscanner? > > Anyway, I suggest you check where your syslog.conf is routing messages for > facility "mail". > > Then try using the "logger" command to log a message with facility "mail" > and priority "info". See whether that gets there. > > And if you have any packet filtering, check that you're not dropping or > blocking packets on 514/udp on the loopback interface (they may not have > 127.0.0.1 source and/or destination addresses). > > > Cheers, > > > Nick > -- > Nick Phillips -- nwp@lemon-computing.com > You have been selected for a secret mission. > From nwp at LEMON-COMPUTING.COM Mon Jan 21 13:51:25 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs In-Reply-To: <01c501c1a282$2498dad0$48cf75cc@fizz>; from fizz@BOMB.NET on Mon, Jan 21, 2002 at 08:47:18AM -0500 References: <001001c1a1e9$49d03bc0$ac722241@fizz> <20020121095227.B13425@lemon-computing.com> <01c501c1a282$2498dad0$48cf75cc@fizz> Message-ID: <20020121135125.H13425@lemon-computing.com> On Mon, Jan 21, 2002 at 08:47:18AM -0500, Kelly Hamlin wrote: > this might help.. > i get errors when running logger.pl by itself. this may have something to do > with it Not logger.pl, "logger", which is a standard system command ("man logger"). > *.=info;*.=notice;*.=mail /usr/adm/messages OK, well this is wrong. "mail" is a facility, not a priority. Try: *.=info;*.=notice /usr/adm/messages mail.* /usr/adm/mail ...and restart syslogd. -- Nick Phillips -- nwp@lemon-computing.com Be different: conform. From fizz at BOMB.NET Mon Jan 21 14:02:14 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs References: <001001c1a1e9$49d03bc0$ac722241@fizz> <20020121095227.B13425@lemon-computing.com> <01c501c1a282$2498dad0$48cf75cc@fizz> <20020121135125.H13425@lemon-computing.com> Message-ID: <01dc01c1a284$3abb49e0$48cf75cc@fizz> ok, i was able to write to syslog with logger.. i see the same stuff that was being written to messages now in mail, but still nothing reguarding spam or virus's. I keep sending my self a virus from another machine, and mailscanner is cleaning the message, but still nothing in the syslog/messages/mail logs. and there is no packet filtering on this box right now. i checked services and 514/udp is setup. ----- Original Message ----- From: "Nick Phillips" To: Sent: Monday, January 21, 2002 8:51 AM Subject: Re: Sendmail Logs > On Mon, Jan 21, 2002 at 08:47:18AM -0500, Kelly Hamlin wrote: > > this might help.. > > i get errors when running logger.pl by itself. this may have something to do > > with it > > Not logger.pl, "logger", which is a standard system command ("man logger"). > > > *.=info;*.=notice;*.=mail /usr/adm/messages > > OK, well this is wrong. "mail" is a facility, not a priority. > > Try: > > *.=info;*.=notice /usr/adm/messages > mail.* /usr/adm/mail > > > ...and restart syslogd. > -- > Nick Phillips -- nwp@lemon-computing.com > Be different: conform. > From LISTSERV at JISCMAIL.AC.UK Mon Jan 21 12:38:16 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: pochy_s@TELOCITY.COM left the JISCmail list Message-ID: <200201211238.MAA14048@magpie.ecs.soton.ac.uk> Mon, 21 Jan 2002 12:38:16 Pochy Serrano has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Mon Jan 21 14:07:03 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: rkunstnik@YAHOO.COM left the JISCmail list Message-ID: <200201211407.OAA19569@magpie.ecs.soton.ac.uk> Mon, 21 Jan 2002 14:07:03 Robert Kunstnik has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From fizz at BOMB.NET Mon Jan 21 15:20:19 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs References: <001001c1a1e9$49d03bc0$ac722241@fizz> <20020121095227.B13425@lemon-computing.com> <01c501c1a282$2498dad0$48cf75cc@fizz> <20020121135125.H13425@lemon-computing.com> <01dc01c1a284$3abb49e0$48cf75cc@fizz> Message-ID: <000d01c1a28f$23412720$48cf75cc@fizz> i beleive the problem lies some where other than syslog. Im able to do logger -p mail.info test and it writes fine. I think there is something between mailscanner and logger.pl which is what actually writes the logs to syslog. I may be wronge, but im almost sure im right. How can i test logger.pl to make sure its writing or to maybe debug to see what the hangup is? ----- Original Message ----- From: "Kelly Hamlin" To: Sent: Monday, January 21, 2002 9:02 AM Subject: Re: Sendmail Logs > ok, i was able to write to syslog with logger.. > i see the same stuff that was being written to messages now in mail, but > still nothing reguarding spam or virus's. I keep sending my self a virus > from another machine, and mailscanner is cleaning the message, but still > nothing in the syslog/messages/mail logs. > and there is no packet filtering on this box right now. i checked services > and 514/udp is setup. > ----- Original Message ----- > From: "Nick Phillips" > To: > Sent: Monday, January 21, 2002 8:51 AM > Subject: Re: Sendmail Logs > > > > On Mon, Jan 21, 2002 at 08:47:18AM -0500, Kelly Hamlin wrote: > > > this might help.. > > > i get errors when running logger.pl by itself. this may have something > to do > > > with it > > > > Not logger.pl, "logger", which is a standard system command ("man > logger"). > > > > > *.=info;*.=notice;*.=mail /usr/adm/messages > > > > OK, well this is wrong. "mail" is a facility, not a priority. > > > > Try: > > > > *.=info;*.=notice /usr/adm/messages > > mail.* /usr/adm/mail > > > > > > ...and restart syslogd. > > -- > > Nick Phillips -- nwp@lemon-computing.com > > Be different: conform. > > > From fizz at BOMB.NET Mon Jan 21 15:22:59 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs References: <001001c1a1e9$49d03bc0$ac722241@fizz> <20020121095227.B13425@lemon-computing.com> <01c501c1a282$2498dad0$48cf75cc@fizz> <20020121135125.H13425@lemon-computing.com> <01dc01c1a284$3abb49e0$48cf75cc@fizz> <000d01c1a28f$23412720$48cf75cc@fizz> Message-ID: <001701c1a28f$82669af0$48cf75cc@fizz> on another note, when i did the updates with CPAN it installed 5.6.1 of perl, is it possible it didnt install sys::syslog? ----- Original Message ----- From: "Kelly Hamlin" To: Sent: Monday, January 21, 2002 10:20 AM Subject: Re: Sendmail Logs > i beleive the problem lies some where other than syslog. Im able to do > logger -p mail.info test and it writes fine. I think there is something > between mailscanner and logger.pl which is what actually writes the logs to > syslog. I may be wronge, but im almost sure im right. How can i test > logger.pl to make sure its writing or to maybe debug to see what the hangup > is? > > ----- Original Message ----- > From: "Kelly Hamlin" > To: > Sent: Monday, January 21, 2002 9:02 AM > Subject: Re: Sendmail Logs > > > > ok, i was able to write to syslog with logger.. > > i see the same stuff that was being written to messages now in mail, but > > still nothing reguarding spam or virus's. I keep sending my self a virus > > from another machine, and mailscanner is cleaning the message, but still > > nothing in the syslog/messages/mail logs. > > and there is no packet filtering on this box right now. i checked services > > and 514/udp is setup. > > ----- Original Message ----- > > From: "Nick Phillips" > > To: > > Sent: Monday, January 21, 2002 8:51 AM > > Subject: Re: Sendmail Logs > > > > > > > On Mon, Jan 21, 2002 at 08:47:18AM -0500, Kelly Hamlin wrote: > > > > this might help.. > > > > i get errors when running logger.pl by itself. this may have something > > to do > > > > with it > > > > > > Not logger.pl, "logger", which is a standard system command ("man > > logger"). > > > > > > > *.=info;*.=notice;*.=mail /usr/adm/messages > > > > > > OK, well this is wrong. "mail" is a facility, not a priority. > > > > > > Try: > > > > > > *.=info;*.=notice /usr/adm/messages > > > mail.* /usr/adm/mail > > > > > > > > > ...and restart syslogd. > > > -- > > > Nick Phillips -- nwp@lemon-computing.com > > > Be different: conform. > > > > > > From chicks at CHICKS.NET Mon Jan 21 15:27:27 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs In-Reply-To: <001701c1a28f$82669af0$48cf75cc@fizz> Message-ID: On Mon, 21 Jan 2002, Kelly Hamlin wrote: > on another note, when i did the updates with CPAN it installed 5.6.1 > of perl, is it possible it didnt install sys::syslog? More likely you have conflicting versions of perl running around on your machine. CPAN isn't supposed to upgrade perl. That it did is accidental, not intentional - there have been several CPAN bugs where it failed to recognize the core perl distribution as such. A clean install of perl from rpm or src might be in order. Make sure you get rid of all remnants of your old and new perl before you do that. On Red Hat machines I generally reinstall CPAN.pm before anything else, log out of the CPAN shell, and back in. That seems to get around the core distribution recognition problem. -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From fizz at BOMB.NET Mon Jan 21 15:56:49 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sendmail Logs References: Message-ID: <000901c1a294$3c5fdee0$48cf75cc@fizz> last question then ill go away :) Do i need to remove the old installs of perl? is there an easy way to do this? i have perl installed in 3 locations now that i do some searching. cpan screwed it up :( /usr/lib/perl5 /usr/local/lib/perl5/siteperl /usr/local/lib/perl5/5.6.1 ----- Original Message ----- From: "Christopher Hicks" To: Sent: Monday, January 21, 2002 10:27 AM Subject: Re: Sendmail Logs > On Mon, 21 Jan 2002, Kelly Hamlin wrote: > > > on another note, when i did the updates with CPAN it installed 5.6.1 > > of perl, is it possible it didnt install sys::syslog? > > More likely you have conflicting versions of perl running around on your > machine. CPAN isn't supposed to upgrade perl. That it did is accidental, > not intentional - there have been several CPAN bugs where it failed to > recognize the core perl distribution as such. A clean install of perl > from rpm or src might be in order. Make sure you get rid of all remnants > of your old and new perl before you do that. > > On Red Hat machines I generally reinstall CPAN.pm before anything else, > log out of the CPAN shell, and back in. That seems to get around the core > distribution recognition problem. > > -- > > > "Outside of a dog, a man's best friend is a good book. > Inside of a dog, it's too dark to read." - Groucho Marx > From LISTSERV at JISCMAIL.AC.UK Mon Jan 21 16:41:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: Kai.Johannsen@TU-BERLIN.DE requested to join Message-ID: <200201211641.QAA00477@magpie.ecs.soton.ac.uk> Mon, 21 Jan 2002 16:41:58 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Kai Johannsen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Kai.Johannsen@TU-BERLIN.DE Kai Johannsen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Kai.Johannsen@TU-BERLIN.DE Kai Johannsen // EOJ From fizz at BOMB.NET Tue Jan 22 04:16:27 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:17 2006 Subject: Sucesss Message-ID: <000c01c1a2fb$8fcc0c90$ac722241@fizz> I dont know what the diffrence between redhat 7.2 and slackware 7.1 BUT it writes to syslog without a problem so im happy. What i would like to know is how you guys are handling MRTG and log rotation. Basically if i read this right, you shoudl have logs rotate every night at midnight so the graph starts fresh for the next day? If im wronge, please tell me :) thanks for any advice. Kelly -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020121/c62e8259/attachment.html From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 04:58:54 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: carl@CAPAHO.COM left the JISCmail list Message-ID: <200201220458.EAA04851@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 04:58:54 Carl Hogue has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Tue Jan 22 09:05:20 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Sucesss In-Reply-To: <000c01c1a2fb$8fcc0c90$ac722241@fizz> Message-ID: <5.1.0.14.2.20020122090433.05afc588@imap.ecs.soton.ac.uk> Kelly, At 04:16 22/01/2002, you wrote: >What i would like to know is how you guys are handling MRTG and log >rotation. Basically if i read this right, you shoudl have logs rotate >every night at midnight so the graph starts fresh for the next day? If im >wronge, please tell me :) The MRTG setup does assume it has 1 day's worth of logs to process. So you should rotate the log every night at midnight (or thereabouts) as you suggest. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From m.sapsed at BANGOR.AC.UK Tue Jan 22 10:26:46 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:17 2006 Subject: mailscanner/spamassassin false positives Message-ID: <3C4D3E66.E81540@bangor.ac.uk> Hello all, I'm using MailScanner-3.01-3 and SpamAssassin-1.5 and getting mails marked as spam but some of them are only scoring 5 hits. (My Daily Dilberts score 9 and get marked!) I've changed required_hits to 10 in /root/.spamassassin.cf already after a previous discussion but it doesn't appear to have helped. Should I upgrade either or both of the components (Sophos is my AV engine and Linux is the server platform) or is there something I should change somewhere? Thanks, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From jkf at ecs.soton.ac.uk Tue Jan 22 10:37:54 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: mailscanner/spamassassin false positives In-Reply-To: <3C4D3E66.E81540@bangor.ac.uk> Message-ID: <5.1.0.14.2.20020122103722.03a9a7a0@imap.ecs.soton.ac.uk> At 10:26 22/01/2002, you wrote: >I'm using MailScanner-3.01-3 and SpamAssassin-1.5 and getting mails marked >as spam but some of them are only scoring 5 hits. (My Daily Dilberts score >9 and get marked!) I've changed required_hits to 10 in >/root/.spamassassin.cf already after a previous discussion but it doesn't >appear to have helped. Should I upgrade either or both of the components >(Sophos is my AV engine and Linux is the server platform) or is there >something I should change somewhere? This was a known problem with 3.01-3. Upgrade your MailScanner to the latest release and the problem will disappear. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jbayer at bayerfamily.net Tue Jan 22 12:40:38 2002 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:14:17 2006 Subject: Couple Small Questions.. In-Reply-To: References: Message-ID: <198118286356.20020122074038@bayerfamily.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Kelly, It depends on how you are reporting the spam. Check the headers of our messages and look for a header beginning with X-Spam..... JBB Sunday, January 20, 2002, 12:10:29 PM, you wrote: KH> Im new the Mailscanner and love it so far. Ive intergrated SpamAssassin KH> which also seems to work great. However i have a few small questions as im KH> a X qmail user. please bare with me, i was up till 3am looking at KH> documentation and how to do these things. KH> 1. How can i tell that spamassassin is even working? KH> 2. By default sendmail has logs going to your messages and syslog files, i KH> heard you can have seprate logs for sendmail, if this is true what do i KH> have to do.(i know i will have to recompile most likely, but im hoping its KH> just a sendmail.cf thing) KH> 3. How do i intergrate Razor into SpamAssassin and MailScanner, it has KH> info for everything else except this. I might have missed the pbvious but KH> any help is greatly appriciated. KH> Keep up the great work guys! KH> Kelly - -- Best regards, Jonathan mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxNXccACgkQLWek1tt+K525rACaAjH/ZqNp+dD64xEWHJWCU6ZI kP0AnjuQqwwn6RmGhA55GSuooCEDBMST =jEZQ -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 12:42:45 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:17 2006 Subject: MAILSCANNER: carl@CAPAHO.COM requested to join Message-ID: <200201221242.MAA28135@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 12:42:45 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Carl Hogue The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER carl@CAPAHO.COM Carl Hogue PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER carl@CAPAHO.COM Carl Hogue SET MAILSCANNER NOMIME DIGEST FOR carl@CAPAHO.COM // EOJ From sveinn at SVEINNG.COM Tue Jan 22 14:25:45 2002 From: sveinn at SVEINNG.COM (Sveinn G. Gunnarsson) Date: Thu Jan 12 21:14:17 2006 Subject: Question - Feature request ? Message-ID: <006001c1a350$ae146d50$c88fb0d5@islandssimi.is> Hi folks. First of all, I want to thank Julian and all the good people that have helped, for this great software. I've been testing a Mailscanner/Sophos combo on a RS/6000 P43 under AIX 4.3.3, and it's working like a charm. I have one question. Is it possible to filter which domains I want to scan, and which I want to pass straight through without being scanned? Best of all would be a config file under /opt/mailscanner/etc/ that could work like spam.whitelist.conf, and there I would put the domains that I wanted to be scanned. Is this possible without much rewrite, or better yet, has someone done this patch already? ____________________ Sveinn G. Gunnarsson System administrator Islandssimi hf. www.islandssimi.is -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020122/ad59758e/attachment.html From jkf at ecs.soton.ac.uk Tue Jan 22 14:55:10 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Question - Feature request ? In-Reply-To: <006001c1a350$ae146d50$c88fb0d5@islandssimi.is> Message-ID: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> At 14:25 22/01/2002, you wrote: >First of all, I want to thank Julian and all the good people that have >helped, for this great software. >I've been testing a Mailscanner/Sophos combo on a RS/6000 P43 under AIX >4.3.3, and it's working like a charm. Thanks! >Is it possible to filter which domains I want to scan, and which I want to >pass straight through without being scanned? Not at the moment, no. >Best of all would be a config file under /opt/mailscanner/etc/ that could >work like spam.whitelist.conf, and there I would put the domains that I >wanted to be scanned. People wanted some horribly complicated per user + per domain scanning and spam delivery control mechanism, which is awfully complicated to implement. Per-domain scanning (and even per-user scanning) using a text file like spam.whitelist.conf shouldn't be too hard to do, let me think about it. >Is this possible without much rewrite, or better yet, has someone done >this patch already? It's not been done yet, ASAIK. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dave at NONSTOP-NETWORKS.CO.UK Tue Jan 22 15:17:11 2002 From: dave at NONSTOP-NETWORKS.CO.UK (Dave Atkin) Date: Thu Jan 12 21:14:17 2006 Subject: Question - Feature request ? References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> Message-ID: <005401c1a357$dd766290$4e0101c8@vitanuova.com> > People wanted some horribly complicated per user + per domain scanning and > spam delivery control mechanism, which is awfully complicated to implement. > What I'd *really* like is the config file to be split into a global section and a per-domain section (maybe each domain config could be in a separate file). Perhaps this could be done reasonably easily by running multiple mailscanner processes, one per domain, each one reading its own config file? Would this require mail for the different domains to be queued in separate directories? Dave Atkin www.nonstop-networks.co.uk From jkf at ecs.soton.ac.uk Tue Jan 22 15:15:38 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Per-domain scanning control In-Reply-To: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> References: <006001c1a350$ae146d50$c88fb0d5@islandssimi.is> Message-ID: <5.1.0.14.2.20020122151357.05d2a420@imap.ecs.soton.ac.uk> What's the general level of interest in a feature whereby you could have a file listing which domains get virus-scanned, and only scan messages destined for one of those domains. All other domains would not be virus-scanned. Spam detection would be unaffected by this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From m.sapsed at bangor.ac.uk Tue Jan 22 15:19:32 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:17 2006 Subject: mailscanner/spamassassin false positives References: <5.1.0.14.2.20020122103722.03a9a7a0@imap.ecs.soton.ac.uk> Message-ID: <3C4D8304.4CD7D959@bangor.ac.uk> Julian Field wrote: > At 10:26 22/01/2002, Martin Sapsed wrote: > >I'm using MailScanner-3.01-3 and SpamAssassin-1.5 and getting mails marked > >as spam but some of them are only scoring 5 hits. (My Daily Dilberts score > >9 and get marked!) I've changed required_hits to 10 in > >/root/.spamassassin.cf already after a previous discussion but it doesn't > >appear to have helped. Should I upgrade either or both of the components > >(Sophos is my AV engine and Linux is the server platform) or is there > >something I should change somewhere? > > This was a known problem with 3.01-3. Upgrade your MailScanner to the > latest release and the problem will disappear. I've done the upgrade but still had a message scoring 5 hits marked as spam. Is there something I might have missed in the upgrade? I got the tarball and unpacked it and merged it in with my current installation. Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From jkf at ecs.soton.ac.uk Tue Jan 22 15:19:56 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:17 2006 Subject: Question - Feature request ? In-Reply-To: <005401c1a357$dd766290$4e0101c8@vitanuova.com> References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> At 15:17 22/01/2002, you wrote: >What I'd *really* like is the config file to be split into a global section >and a per-domain section (maybe each domain config could be in a separate >file). Perhaps this could be done reasonably easily by running multiple >mailscanner processes, one per domain, each one reading its own config file? The fundamental difficulty with all this is that a mail message may have lots of recipients, all in different domains. So what do you do then? It becomes very heavyweight and awkward to split the message up into different messages, one for each recipient (you start having to generate your own queue entries, which I don't want to get into), but otherwise which rules do you apply to the message? Once someone can come up with a decent answer to this one, I'll take a better look at it. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From t.d.lee at durham.ac.uk Tue Jan 22 15:28:49 2002 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control In-Reply-To: <5.1.0.14.2.20020122151357.05d2a420@imap.ecs.soton.ac.uk> Message-ID: On Tue, 22 Jan 2002, Julian Field wrote: > What's the general level of interest in a feature whereby you could have a > file listing which domains get virus-scanned, and only scan messages > destined for one of those domains. All other domains would not be > virus-scanned. For us, it might be useful. But much, much higher up our request list would be the ability to run parallel mailscanner processes on a single domain (or across all domains), as the current single-process model looks like being a bottleneck. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From t.d.lee at durham.ac.uk Tue Jan 22 15:28:49 2002 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control In-Reply-To: <5.1.0.14.2.20020122151357.05d2a420@imap.ecs.soton.ac.uk> Message-ID: On Tue, 22 Jan 2002, Julian Field wrote: > What's the general level of interest in a feature whereby you could have a > file listing which domains get virus-scanned, and only scan messages > destined for one of those domains. All other domains would not be > virus-scanned. For us, it might be useful. But much, much higher up our request list would be the ability to run parallel mailscanner processes on a single domain (or across all domains), as the current single-process model looks like being a bottleneck. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From fizz at BOMB.NET Tue Jan 22 15:44:10 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control References: <006001c1a350$ae146d50$c88fb0d5@islandssimi.is> <5.1.0.14.2.20020122151357.05d2a420@imap.ecs.soton.ac.uk> Message-ID: <001901c1a35b$a2aa8480$48cf75cc@fizz> id be very interested in this personally. Kelly ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 22, 2002 10:15 AM Subject: Per-domain scanning control > What's the general level of interest in a feature whereby you could have a > file listing which domains get virus-scanned, and only scan messages > destined for one of those domains. All other domains would not be > virus-scanned. > > Spam detection would be unaffected by this. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From brose at MED.WAYNE.EDU Tue Jan 22 15:49:38 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control Message-ID: Sounds kind of foolish and scary. I prefer scanning everything thru our gateway including our own domains because even our own domains have been the source of email born viruses so I feel by scanning all mail I'm doing our part for the net. For example, when Goner came out last month, Symantec didn't release the definitions to their liveupdate servers until 5pm. We had two exchange users in our domain become infected and started their rampage before we could take measures to block at the Sendmail gateway and exchange systems to prevent it's further spread. That's when I went looking and found Mailscanner which really helped because we couldn't get a straight answer on licensing from Symantec on their AV for Gateways. The idea of licensing per protected user is stupid for gatways when they are used for trusted relaying. There is know way to know how many people go thru it plus are you not also protecting the external recipients also!? Time could probably be spent writing it but I see maybe less than 1% use of the feature plus wouldn't it slow down mailscanner processing if it has to do yet another comparison. "Trust no one Mr Mulder." -=Bobby -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Tuesday, January 22, 2002 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Per-domain scanning control What's the general level of interest in a feature whereby you could have a file listing which domains get virus-scanned, and only scan messages destined for one of those domains. All other domains would not be virus-scanned. Spam detection would be unaffected by this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Tue Jan 22 15:58:58 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control Message-ID: Seems like you could do that now by changing the process names couldn't you, eg have a separate mailscanner command for mailscanner1, mailscanner2, etc. I think the real request here is have mailscanner spin off multiple threads but my understanding is that can be a real pain in perl because of poor process scheduling. -----Original Message----- From: David Lee [mailto:t.d.lee@DURHAM.AC.UK] Sent: Tuesday, January 22, 2002 10:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Per-domain scanning control On Tue, 22 Jan 2002, Julian Field wrote: > What's the general level of interest in a feature whereby you could > have a file listing which domains get virus-scanned, and only scan > messages destined for one of those domains. All other domains would > not be virus-scanned. For us, it might be useful. But much, much higher up our request list would be the ability to run parallel mailscanner processes on a single domain (or across all domains), as the current single-process model looks like being a bottleneck. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 16:10:35 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: bobk@DWCINET.COM requested to join Message-ID: <200201221610.QAA13092@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 16:10:35 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Bob Ketterhagen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER bobk@DWCINET.COM Bob Ketterhagen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER bobk@DWCINET.COM Bob Ketterhagen // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 16:51:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: jonathan.arcand@CEGEPTR.QC.CA requested to join Message-ID: <200201221651.QAA16085@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 16:51:33 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jonathan Arcand You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jonathan.arcand@CEGEPTR.QC.CA Jonathan Arcand PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jonathan.arcand@CEGEPTR.QC.CA Jonathan Arcand // EOJ From mdchaney at MICHAELCHANEY.COM Tue Jan 22 18:46:59 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Jan 22, 2002 at 03:19:56PM +0000 References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> Message-ID: <20020122124659.C30545@michaelchaney.com> On Tue, Jan 22, 2002 at 03:19:56PM +0000, Julian Field wrote: > At 15:17 22/01/2002, you wrote: > >What I'd *really* like is the config file to be split into a global section > >and a per-domain section (maybe each domain config could be in a separate > >file). Perhaps this could be done reasonably easily by running multiple > >mailscanner processes, one per domain, each one reading its own config file? > > The fundamental difficulty with all this is that a mail message may have > lots of recipients, all in different domains. So what do you do then? You "or" the features together, so the email gets everything that everybody would get. That means that some people may get virus scanning as a freebie on mail messages that are sent to them and somebody at a domain that should get it. Oh well. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From cfast at ALLIEDBUILDING.COM Tue Jan 22 18:55:27 2002 From: cfast at ALLIEDBUILDING.COM (Clint Fast) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <20020122124659.C30545@michaelchaney.com> Message-ID: <3C4DB59F.BFE8776E@alliedbuilding.com> What's the point here? Why is this a needed feature? --Clint. Michael Chaney wrote: > > On Tue, Jan 22, 2002 at 03:19:56PM +0000, Julian Field wrote: > > At 15:17 22/01/2002, you wrote: > > >What I'd *really* like is the config file to be split into a global section > > >and a per-domain section (maybe each domain config could be in a separate > > >file). Perhaps this could be done reasonably easily by running multiple > > >mailscanner processes, one per domain, each one reading its own config file? > > > > The fundamental difficulty with all this is that a mail message may have > > lots of recipients, all in different domains. So what do you do then? > > You "or" the features together, so the email gets everything that > everybody would get. That means that some people may get virus scanning > as a freebie on mail messages that are sent to them and somebody at a > domain that should get it. Oh well. > > Michael > -- > Michael Darrin Chaney > mdchaney@michaelchaney.com > http://www.michaelchaney.com/ From jkf at ecs.soton.ac.uk Tue Jan 22 18:51:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <20020122124659.C30545@michaelchaney.com> References: <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020122185125.0340be98@hawk.ecs.soton.ac.uk> At 18:46 22/01/2002, you wrote: >On Tue, Jan 22, 2002 at 03:19:56PM +0000, Julian Field wrote: > > At 15:17 22/01/2002, you wrote: > > >What I'd *really* like is the config file to be split into a global > section > > >and a per-domain section (maybe each domain config could be in a separate > > >file). Perhaps this could be done reasonably easily by running multiple > > >mailscanner processes, one per domain, each one reading its own config > file? > > > > The fundamental difficulty with all this is that a mail message may have > > lots of recipients, all in different domains. So what do you do then? > >You "or" the features together, so the email gets everything that >everybody would get. That means that some people may get virus scanning >as a freebie on mail messages that are sent to them and somebody at a >domain that should get it. Oh well. What about delivery of postmaster messages, spam tagging, etc..? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Tue Jan 22 18:53:18 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020122185125.0340be98@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 22 Jan 2002, Julian Field wrote: > What about delivery of postmaster messages, spam tagging, etc..? The issue of multiple recipients is a red herring. Handling each recipient as if it were it's own e-mail would not dramatically increase the number of messages checked for most systems. -- Occam's Shaving Cream .... Simply Delightful. From jonathan.arcand at CEGEPTR.QC.CA Tue Jan 22 18:53:37 2002 From: jonathan.arcand at CEGEPTR.QC.CA (Jonathan Arcand) Date: Thu Jan 12 21:14:18 2006 Subject: Sendmail user open problem Message-ID: <01e701c1a376$19ecc3e0$f924fea9@intranet> Hello, I'm testing mailscanner. It seemed to work great when I tried it for the first time (start at the console). I placed the config in rc.d to start mailscanner and sendmail on a reboot. Since then, my sendmail doesn't work correctly anymore. I replaced the startup config by the old and the problem persist: 169 ? S 0:00 sendmail: ./g0MHLqn00167 my.domain.name.: user open All mail jams in the mqueue. What can be the cause of this problem? I don't find anything in www.sendmail.org. Thanks in advance ----------------------------------------------------------------- Jonathan Arcand Technicien en informatique C?gep de Trois-Rivi?res 3500 de Courval, Trois-Rivi?res (Qu?bec) G9A 5E6 (819) 376-1721 poste 2225 jonathan.arcand@cegeptr.qc.ca jonathan@netsaint.cegeptr.qc.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020122/809d0103/attachment.html From m.sapsed at bangor.ac.uk Tue Jan 22 15:19:32 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner/spamassassin false positives References: <5.1.0.14.2.20020122103722.03a9a7a0@imap.ecs.soton.ac.uk> Message-ID: <3C4D8304.4CD7D959@bangor.ac.uk> Julian Field wrote: > At 10:26 22/01/2002, Martin Sapsed wrote: > >I'm using MailScanner-3.01-3 and SpamAssassin-1.5 and getting mails marked > >as spam but some of them are only scoring 5 hits. (My Daily Dilberts score > >9 and get marked!) I've changed required_hits to 10 in > >/root/.spamassassin.cf already after a previous discussion but it doesn't > >appear to have helped. Should I upgrade either or both of the components > >(Sophos is my AV engine and Linux is the server platform) or is there > >something I should change somewhere? > > This was a known problem with 3.01-3. Upgrade your MailScanner to the > latest release and the problem will disappear. I've done the upgrade but still had a message scoring 5 hits marked as spam. Is there something I might have missed in the upgrade? I got the tarball and unpacked it and merged it in with my current installation. Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From jkf at ecs.soton.ac.uk Tue Jan 22 18:58:58 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: References: <5.1.0.14.2.20020122185125.0340be98@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020122185650.033c0000@hawk.ecs.soton.ac.uk> At 18:53 22/01/2002, you wrote: >On Tue, 22 Jan 2002, Julian Field wrote: > > What about delivery of postmaster messages, spam tagging, etc..? > >The issue of multiple recipients is a red herring. Handling each >recipient as if it were it's own e-mail would not dramatically increase >the number of messages checked for most systems. But I have to start generating my own queue ids for new messages, which I had wanted to avoid if possible. It varies with sendmail version for starters, not to say that it is of course totally different between sendmail and Exim. Any suggestions for coping with this problem? We could start with 3 algorithms and run sendmail to find its version number and choose the appropriate algorithm I guess. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Tue Jan 22 18:59:09 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020122185650.033c0000@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 22 Jan 2002, Julian Field wrote: > But I have to start generating my own queue ids for new messages, > which I had wanted to avoid if possible. It varies with sendmail > version for starters, not to say that it is of course totally > different between sendmail and Exim. Any suggestions for coping with > this problem? We could start with 3 algorithms and run sendmail to > find its version number and choose the appropriate algorithm I guess. Given that the queue id's would only show up in the outgoing queue, why not use one algorithm? What would the conflict be? -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From jkf at ecs.soton.ac.uk Tue Jan 22 19:05:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: References: <5.1.0.14.2.20020122185650.033c0000@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020122190527.02c0e2d8@hawk.ecs.soton.ac.uk> At 18:59 22/01/2002, you wrote: >On Tue, 22 Jan 2002, Julian Field wrote: > > > But I have to start generating my own queue ids for new messages, > > which I had wanted to avoid if possible. It varies with sendmail > > version for starters, not to say that it is of course totally > > different between sendmail and Exim. Any suggestions for coping with > > this problem? We could start with 3 algorithms and run sendmail to > > find its version number and choose the appropriate algorithm I guess. > >Given that the queue id's would only show up in the outgoing queue, why >not use one algorithm? What would the conflict be? I am assuming that the various mailers only like to see queue files that they think they generated. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mdchaney at MICHAELCHANEY.COM Tue Jan 22 19:41:24 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020122185125.0340be98@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Jan 22, 2002 at 06:51:53PM +0000 References: <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <20020122124659.C30545@michaelchaney.com> <5.1.0.14.2.20020122185125.0340be98@hawk.ecs.soton.ac.uk> Message-ID: <20020122134124.A31278@michaelchaney.com> On Tue, Jan 22, 2002 at 06:51:53PM +0000, Julian Field wrote: > At 18:46 22/01/2002, you wrote: > >On Tue, Jan 22, 2002 at 03:19:56PM +0000, Julian Field wrote: > > > At 15:17 22/01/2002, you wrote: > > > >What I'd *really* like is the config file to be split into a global > > section > > > >and a per-domain section (maybe each domain config could be in a separate > > > >file). Perhaps this could be done reasonably easily by running multiple > > > >mailscanner processes, one per domain, each one reading its own config > > file? > > > > > > The fundamental difficulty with all this is that a mail message may have > > > lots of recipients, all in different domains. So what do you do then? > > > >You "or" the features together, so the email gets everything that > >everybody would get. That means that some people may get virus scanning > >as a freebie on mail messages that are sent to them and somebody at a > >domain that should get it. Oh well. > > What about delivery of postmaster messages, spam tagging, etc..? What about it? The postmaster gets a message if they're supposed to, it's tagged as spam if it is, etc. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From mdchaney at MICHAELCHANEY.COM Tue Jan 22 19:42:48 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <3C4DB59F.BFE8776E@alliedbuilding.com>; from cfast@ALLIEDBUILDING.COM on Tue, Jan 22, 2002 at 01:55:27PM -0500 References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <20020122124659.C30545@michaelchaney.com> <3C4DB59F.BFE8776E@alliedbuilding.com> Message-ID: <20020122134248.B31278@michaelchaney.com> On Tue, Jan 22, 2002 at 01:55:27PM -0500, Clint Fast wrote: > What's the point here? > > Why is this a needed feature? Because not all of my customers will want to pay for commercial virus scanning, and I'm surely not going to pay for it myself. So, those who pay get Sophpos, those who don't get all the other checks. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From jkf at ecs.soton.ac.uk Tue Jan 22 20:20:58 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Sendmail user open problem In-Reply-To: <01e701c1a376$19ecc3e0$f924fea9@intranet> Message-ID: <5.1.0.14.2.20020122201919.02c1df08@hawk.ecs.soton.ac.uk> At 18:53 22/01/2002, you wrote: >I'm testing mailscanner. It seemed to work great when I tried it for the >first time (start at the console). >I placed the config in rc.d to start mailscanner and sendmail on a reboot. >Since then, my sendmail doesn't work correctly anymore. I replaced the >startup config by the old and the problem persist: You want to let MailScanner's init.d script start up the 2 sendmail processes it needs. Don't start a normal "sendmail -bd -q15m" as well! >169 ? S 0:00 sendmail: ./g0MHLqn00167 my.domain.name.: user open >All mail jams in the mqueue. >What can be the cause of this problem? What does your mailscanner rc.d script say? It should start 2 sendmail processes, then mailscanner itself (using the check_mailscanner script). Do not run a separate sendmail rc.d script as well. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jonathan.arcand at CEGEPTR.QC.CA Tue Jan 22 21:13:44 2002 From: jonathan.arcand at CEGEPTR.QC.CA (Jonathan Arcand) Date: Thu Jan 12 21:14:18 2006 Subject: Sendmail user open problem References: <5.1.0.14.2.20020122201919.02c1df08@hawk.ecs.soton.ac.uk> Message-ID: <026a01c1a389$ac7ffac0$f924fea9@intranet> My old config: # Start the sendmail daemon: if [ -x /usr/sbin/sendmail ]; then echo "Starting sendmail daemon (/usr/sbin/sendmail -bd -q15m)..." /usr/sbin/sendmail -bd -q15m fi My new config: # Start the sendmail daemon: if [ -x /usr/sbin/sendmail ]; then echo "Starting sendmail daemon" /usr/sbin/sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/ mqueue.in /usr/sbin/sendmail -q15m /usr/local/MailScanner/bin/check_mailscanner fi The problem appear at the first boot with the new config but if I use the old config, the problem persist. I'm using a Slackware 7.1 and the file is /etc/rc.d/rc.M ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 22, 2002 3:20 PM Subject: Re: Sendmail user open problem > At 18:53 22/01/2002, you wrote: > >I'm testing mailscanner. It seemed to work great when I tried it for the > >first time (start at the console). > >I placed the config in rc.d to start mailscanner and sendmail on a reboot. > >Since then, my sendmail doesn't work correctly anymore. I replaced the > >startup config by the old and the problem persist: > > You want to let MailScanner's init.d script start up the 2 sendmail > processes it needs. Don't start a normal "sendmail -bd -q15m" as well! > > >169 ? S 0:00 sendmail: ./g0MHLqn00167 my.domain.name.: user open > >All mail jams in the mqueue. > >What can be the cause of this problem? > > What does your mailscanner rc.d script say? It should start 2 sendmail > processes, then mailscanner itself (using the check_mailscanner script). Do > not run a separate sendmail rc.d script as well. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From sveinn at SVEINNG.COM Tue Jan 22 21:32:00 2002 From: sveinn at SVEINNG.COM (Sveinn G. Gunnarsson) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? References: <5.1.0.14.2.20020122145330.05d36378@imap.ecs.soton.ac.uk> <005401c1a357$dd766290$4e0101c8@vitanuova.com> <5.1.0.14.2.20020122151723.05d56770@imap.ecs.soton.ac.uk> <20020122124659.C30545@michaelchaney.com> <3C4DB59F.BFE8776E@alliedbuilding.com> <20020122134248.B31278@michaelchaney.com> Message-ID: <005f01c1a38c$3aa95790$6701a8c0@islandssimi.is> > > What's the point here? > > > > Why is this a needed feature? > > Because not all of my customers will want to pay for commercial virus > scanning, and I'm surely not going to pay for it myself. So, those who > pay get Sophpos, those who don't get all the other checks. This is exactly why I asked about this feature in the first place! And for us, who are operating on the ISP level, this is a big issue. As far as I am concerned after analyzing our mailflow, I think it is fully acceptable that in the situation of multiple recipients, that the original mail is scanned, even if that means, that a few freebies get their mail scanned every once in a while. If this feature is then found to be useful and needed, it could then be developed further down the road, including stuff like queue ids. ____________________ Sveinn G. Gunnarsson System administrator Islandssimi hf. www.islandssimi.is From leduc at CTS.COM Wed Jan 23 02:10:58 2002 From: leduc at CTS.COM (Gene & Mary LeDuc) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control Message-ID: <2.2.16.20020123021058.1e77d3c0@crash.cts.com> I wouldn't have much use for per-domain scanning, but then I only have 2 domains that I collect mail for. What I'd _really_ like is an option to send virus alerts back to the remote (originating) mail server's postmaster (in addition to the sender). I fell in love with this feature when I was trying out the sophos e-mail scanner. Several of our lists were getting fire-hosed by a clueless soul with sircam and a verizon broadband connection. The user's e-mail account was locked because it was full, so alerts sent to the user were bouncing. In addition to the wasted alerts to the sender, though, the scanner sent several hundred sircam alerts back to the postmaster@verizon.net. I'm sure it was the barrage of auto-alerts to them that finally got them to do something about the offender. At 03:15 PM 1/22/2002 +0000, you wrote: >What's the general level of interest in a feature whereby you could have a >file listing which domains get virus-scanned, and only scan messages >destined for one of those domains. All other domains would not be >virus-scanned. > >Spam detection would be unaffected by this. >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > From brose at MED.WAYNE.EDU Wed Jan 23 03:34:27 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:18 2006 Subject: Per-domain scanning control Message-ID: I concur on the sending notice to the postmaster for remote domain. Oh the poor aol.com postmasters well just be crying. Ha! -----Original Message----- From: Gene & Mary LeDuc [mailto:leduc@CTS.COM] Sent: Tuesday, January 22, 2002 9:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Per-domain scanning control I wouldn't have much use for per-domain scanning, but then I only have 2 domains that I collect mail for. What I'd _really_ like is an option to send virus alerts back to the remote (originating) mail server's postmaster (in addition to the sender). I fell in love with this feature when I was trying out the sophos e-mail scanner. Several of our lists were getting fire-hosed by a clueless soul with sircam and a verizon broadband connection. The user's e-mail account was locked because it was full, so alerts sent to the user were bouncing. In addition to the wasted alerts to the sender, though, the scanner sent several hundred sircam alerts back to the postmaster@verizon.net. I'm sure it was the barrage of auto-alerts to them that finally got them to do something about the offender. At 03:15 PM 1/22/2002 +0000, you wrote: >What's the general level of interest in a feature whereby you could >have a file listing which domains get virus-scanned, and only scan >messages destined for one of those domains. All other domains would not >be virus-scanned. > >Spam detection would be unaffected by this. >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > From m.sapsed at BANGOR.AC.UK Wed Jan 23 08:36:54 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner/spamassassin false positives In-Reply-To: <3C4D8304.4CD7D959@bangor.ac.uk> Message-ID: On Tue, 22 Jan 2002, Martin Sapsed wrote: > Julian Field wrote: > > This was a known problem with 3.01-3. Upgrade your MailScanner to the > > latest release and the problem will disappear. > > I've done the upgrade but still had a message scoring 5 hits marked as > spam. Is there something I might have missed in the upgrade? I got the > tarball and unpacked it and merged it in with my current installation. DOH! Must have done something stupid. It seems that I was somehow still running the old version and hence the spam threshold was still too low. I'm now definitely running the newer version and my Dilberts are coming through unscathed - phew! ;-) Sorry for the misinformation! Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From ntk at ru.acad.bg Wed Jan 23 08:44:21 2002 From: ntk at ru.acad.bg (Nikolay Kabaivanov) Date: Thu Jan 12 21:14:18 2006 Subject: Messages on console Message-ID: <3C4E77E5.B4144B61@ru.acad.bg> Hello list, Somethimes I see strange message on console generating by mailscanner-3.03 on Linux RedHat 7.0. These messages I can't find in maillog file. But I see that everything works fine, so I accept these lines like warning only. Is it right ? [root@octus ~]# ignoring text in character set `KOI8-R' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `KOI8-R' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `WINDOWS-1251' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 __________________________________ Nikolay Kabaivanov, ntk@ru.acad.bg University of Rousse, Bulgaria From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 22:00:56 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: felker@GMX.NET requested to join Message-ID: <200201222200.WAA06043@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 22:00:56 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Felker Belker You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER felker@GMX.NET Felker Belker PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER felker@GMX.NET Felker Belker // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 22 21:03:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: vaughn@BLUEMTNET.COM requested to join Message-ID: <200201222103.VAA02586@magpie.ecs.soton.ac.uk> Tue, 22 Jan 2002 21:03:08 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Vaughn Skinner You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER vaughn@BLUEMTNET.COM Vaughn Skinner PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER vaughn@BLUEMTNET.COM Vaughn Skinner // EOJ From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 23 11:05:29 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner Message-ID: Am running MailScanner 3.03-1 with SpamAssassin 1.5. Individually both work well. On enabling SpamAssassin within MailScanner I found that to get SpamAssassin to work I had to up the SpamAssassin Timeout to 20 (from 10). Without this change the sendmail logs showed "SpamAssassin timed out and was killed" every time it was invoked on a batch of messages. Even with a value of 20 (seconds?) there was a time yesterday when that was not high enough. I am running MailScanner/SpamAssassin on our Mail Relay with the lightest load. Even with SpamAssassin enabled it normally runs at more than 90% idle. Our Mail relays are Sparc Ultra-5_10s (400MHz) with 384MB of memory. The behaviour is curious on such a lightly loaded system. Note that I have disabled RBL+ plus checking by MailScanner and have instead enabled it within SpamAssassin (specifying rbl-plus.mail-abuse.ja.net and a weight of 10 in the /etc/mail/spamassassin.cf file). Any pointers as to what might be happening would be welcome. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From jkf at ecs.soton.ac.uk Wed Jan 23 11:17:05 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner In-Reply-To: Message-ID: <5.1.0.14.2.20020123111604.052328f8@hawk.ecs.soton.ac.uk> At 11:05 23/01/2002, you wrote: >Individually both work well. On enabling SpamAssassin within MailScanner >I found that to get SpamAssassin to work I had to up the SpamAssassin >Timeout to 20 (from 10). Without this change the sendmail logs showed >"SpamAssassin timed out and was killed" every time it was invoked on a >batch of messages. > >Even with a value of 20 (seconds?) there was a time yesterday when that >was not high enough. > >I am running MailScanner/SpamAssassin on our Mail Relay with the >lightest load. Even with SpamAssassin enabled it normally runs at more >than 90% idle. Our Mail relays are Sparc Ultra-5_10s (400MHz) with 384MB >of memory. The behaviour is curious on such a lightly loaded system. > >Note that I have disabled RBL+ plus checking by MailScanner and have >instead enabled it within SpamAssassin (specifying >rbl-plus.mail-abuse.ja.net and a weight of 10 in the >/etc/mail/spamassassin.cf file). > >Any pointers as to what might be happening would be welcome. Almost certainly DNS lookup delays. What happens if you move the RBL+ checking back into MailScanner? 20 seconds checking per message is not really practical... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 23 12:11:48 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner Message-ID: Julian Thanks for the reply. Moving RBL+ back into MailScanner makes no difference. If it is a DNS problem (with the Net::DNS stuff that I had to install along with SpamAssassin) then other checks within SpamAssassin, such as the MX check and the Razor check, are also likely to cause problems are they not? The more serious problem (bug?) is that if the SpamAssasin timeout is invoked then MailSanner does not then ignore SpamAssassin for that batch of messages and force their delivery but instead keeps trying repeatedly to re-run SpamAssassin on that same batch of messages. I infer this behaviour because the same process ID prefixes whole groups of the "SpamAssasin timed out..." messages in the sendmail logs. That said, it does _eventually_ seem to deliver that batch of messahes (after an hour?). I will have a look at the Net::DNS install since I do not know how it interfaces with the resolver stuff in Solaris (ie. does it use /etc/nsswitch.conf, etc). Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > Sent: 23 January 2002 11:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Need to optimise SpamAssassin with MailScanner > > > At 11:05 23/01/2002, you wrote: > >Individually both work well. On enabling SpamAssassin within > >MailScanner I found that to get SpamAssassin to work I had to up the > >SpamAssassin Timeout to 20 (from 10). Without this change > the sendmail > >logs showed "SpamAssassin timed out and was killed" every > time it was > >invoked on a batch of messages. > > > >Even with a value of 20 (seconds?) there was a time > yesterday when that > >was not high enough. > > > >I am running MailScanner/SpamAssassin on our Mail Relay with the > >lightest load. Even with SpamAssassin enabled it normally > runs at more > >than 90% idle. Our Mail relays are Sparc Ultra-5_10s (400MHz) with > >384MB of memory. The behaviour is curious on such a lightly loaded > >system. > > > >Note that I have disabled RBL+ plus checking by MailScanner and have > >instead enabled it within SpamAssassin (specifying > >rbl-plus.mail-abuse.ja.net and a weight of 10 in the > >/etc/mail/spamassassin.cf file). > > > >Any pointers as to what might be happening would be welcome. > > Almost certainly DNS lookup delays. What happens if you move > the RBL+ checking back into MailScanner? 20 seconds checking > per message is not really practical... > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From jkf at ecs.soton.ac.uk Wed Jan 23 12:23:14 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner In-Reply-To: Message-ID: <5.1.0.14.2.20020123122239.035aed78@hawk.ecs.soton.ac.uk> At 12:11 23/01/2002, you wrote: >The more serious problem (bug?) is that if the SpamAssasin timeout is >invoked then MailSanner does not then ignore SpamAssassin for that batch >of messages and force their delivery but instead keeps trying repeatedly >to re-run SpamAssassin on that same batch of messages. I infer this >behaviour because the same process ID prefixes whole groups of the >"SpamAssasin timed out..." messages in the sendmail logs. That said, it >does _eventually_ seem to deliver that batch of messahes (after an >hour?). If SpamAssassin times out, it simply ignores the return code. It doesn't test any message more than once. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Wed Jan 23 12:51:29 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner In-Reply-To: Message-ID: I'm not sure if it even works but spamassassin 2.0 has been released as stable. They claim that it's faster than the 1.5...plus a lot of other stuff. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From chicks at CHICKS.NET Wed Jan 23 13:40:34 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020122190527.02c0e2d8@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 22 Jan 2002, Julian Field wrote: > I am assuming that the various mailers only like to see queue files > that they think they generated. Do you mean the internal format of the queue files or the file names? -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From jkf at ecs.soton.ac.uk Wed Jan 23 14:09:19 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: References: <5.1.0.14.2.20020122190527.02c0e2d8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020123140820.05239208@hawk.ecs.soton.ac.uk> At 13:40 23/01/2002, you wrote: >On Tue, 22 Jan 2002, Julian Field wrote: > > I am assuming that the various mailers only like to see queue files > > that they think they generated. > >Do you mean the internal format of the queue files or the file names? The file names. I can copy the internal format of the files. Ideally I would like to be able to generate filenames that the mailers will use, but which they can't generate. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From chicks at CHICKS.NET Wed Jan 23 14:11:52 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:18 2006 Subject: Question - Feature request ? In-Reply-To: <5.1.0.14.2.20020123140820.05239208@hawk.ecs.soton.ac.uk> Message-ID: On Wed, 23 Jan 2002, Julian Field wrote: > The file names. I can copy the internal format of the files. Whew. I was worried for a second there. > Ideally I would like to be able to generate filenames that the mailers > will use, but which they can't generate. But what does that matter? MailScanner would be the only program putting files in the out spool, right? -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From jkf at ecs.soton.ac.uk Wed Jan 23 14:28:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner In-Reply-To: References: Message-ID: <5.1.0.14.2.20020123142804.03884008@imap.ecs.soton.ac.uk> At 12:51 23/01/2002, you wrote: >I'm not sure if it even works but spamassassin 2.0 has been released as >stable. They claim that it's faster than the 1.5...plus a lot of other >stuff. I have just upgraded our MailScanners to SpamAssassin 2.0 and they appear to be working fine. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From pipera at HRZ.UNI-MARBURG.DE Wed Jan 23 14:23:44 2002 From: pipera at HRZ.UNI-MARBURG.DE (Piper Andreas) Date: Thu Jan 12 21:14:18 2006 Subject: timeout-failure in mailscanner Message-ID: <200201231423.g0NENjIP017897@pcrz109.HRZ.Uni-Marburg.DE> Hello all, there seems to be a small, but malicious bug in mailscanners sweep.pl (all versions, I assume), which corrupts the killing of a timed-out virus-scan- process and gets mailscanner stuck, if the process can't be killed with the first 'kill -15' (which happened here with a .exe-attachment and mcafee-VirusScan) I did some digging and ended up with the following patch (for version 3.03, should be quite similar for earlier versions), which solved the problem for my site: *** sweep.pl.orig Wed Jan 23 14:50:20 2002 --- sweep.pl Wed Jan 23 14:50:34 2002 *************** *** 348,350 **** sleep 1; ! ($pid=0),last if kill(0, $pid); kill -15, $pid; --- 348,350 ---- sleep 1; ! ($pid=0),last unless kill(0, $pid); kill -15, $pid; ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE From jkf at ecs.soton.ac.uk Wed Jan 23 15:00:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: timeout-failure in mailscanner In-Reply-To: <200201231423.g0NENjIP017897@pcrz109.HRZ.Uni-Marburg.DE> Message-ID: <5.1.0.14.2.20020123145604.0347f728@hawk.ecs.soton.ac.uk> At 14:23 23/01/2002, you wrote: >there seems to be a small, but malicious bug in mailscanners sweep.pl (all >versions, I assume), which corrupts the killing of a timed-out virus-scan- >process and gets mailscanner stuck, if the process can't be killed with the >first 'kill -15' (which happened here with a .exe-attachment and >mcafee-VirusScan) Well spotted! It's nice to know that some users give the code a real hammering. This problem appears at 4 locations in the entire program: explode.pl line 184 sendmail.pl line 316 sweep.pl line 349 and line 843 In all 4 occurrences, you need to change the "if" to "unless". Please note that this is the first time this has been reported as a problem, so I don't expect it to cause many people any trouble. >I did some digging and ended up with the following patch (for version 3.03, >should be quite similar for earlier versions), which solved the problem for >my site: > >*** sweep.pl.orig Wed Jan 23 14:50:20 2002 >--- sweep.pl Wed Jan 23 14:50:34 2002 >*************** >*** 348,350 **** > sleep 1; >! ($pid=0),last if kill(0, $pid); > kill -15, $pid; >--- 348,350 ---- > sleep 1; >! ($pid=0),last unless kill(0, $pid); > kill -15, $pid; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Wed Jan 23 15:04:29 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner Message-ID: I've been running on Spamassassin v2 and it still seems compatible. The only hard part was installing it because the old v1.5 code wouldn't go away so I had to find everything from v1.5 and remove by hand. -----Original Message----- From: Gerry Doris [mailto:gerry@DORFAM.CA] Sent: Wednesday, January 23, 2002 7:51 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Need to optimise SpamAssassin with MailScanner I'm not sure if it even works but spamassassin 2.0 has been released as stable. They claim that it's faster than the 1.5...plus a lot of other stuff. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From jkf at ecs.soton.ac.uk Wed Jan 23 15:13:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner In-Reply-To: Message-ID: <5.1.0.14.2.20020123151324.034479b8@hawk.ecs.soton.ac.uk> At 15:04 23/01/2002, you wrote: >I've been running on Spamassassin v2 and it still seems compatible. The >only hard part was installing it because the old v1.5 code wouldn't go >away so I had to find everything from v1.5 and remove by hand. I just installed 2.0 over the top of 1.5. Is this likely to cause me trouble? It appears to work... ;-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Wed Jan 23 15:23:45 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:18 2006 Subject: MRTG/MailScanner Message-ID: <000b01c1a421$f2700c30$48cf75cc@fizz> I dont know if this is right, i started logging last night, it doesnt seem right. I have a script to run by cron at 1am every night to remove the maillog and restart syslogd to restart logging. http://sairys.bomb.net/sendmail/ does this look correct? thanks ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From brose at MED.WAYNE.EDU Wed Jan 23 15:27:17 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:18 2006 Subject: Need to optimise SpamAssassin with MailScanner Message-ID: When I did the install, it complain when I tried to run spamassassin for the testing that it couldn't find something in it's spamassassin.pm file even though the one there was the current build date. I think it may have been a config file issue but I didn't mess with it. I just removed it all and reinstall. I'd say if you didn't see any errors when running the spamassassin -t test then it was just my system. -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Wednesday, January 23, 2002 10:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Need to optimise SpamAssassin with MailScanner At 15:04 23/01/2002, you wrote: >I've been running on Spamassassin v2 and it still seems compatible. >The only hard part was installing it because the old v1.5 code wouldn't >go away so I had to find everything from v1.5 and remove by hand. I just installed 2.0 over the top of 1.5. Is this likely to cause me trouble? It appears to work... ;-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From felker at GMX.NET Wed Jan 23 20:16:16 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:18 2006 Subject: check_mailscanner: FATAL ... with eicar-containing mail in/var/spool/mqueue.in Message-ID: <32514.1011816976@www52.gmx.net> Hi, Short story: My mailscanner process crashes if it finds an eicar infected message in mqueue.in. Long story: I'm trying to get mailscanner working with f-prot. The result so far: non-infected mail is handled OK. However, eicar-infected mail stays in the /var/spool/mqueue.in forever. I then noticed that no mailscanner process was running anymore (ps -ef | grep -i mailsca). Restarting (with the eicar-infected message in in mqueue.in) mailscanner gave this result: [root@sanderold sander]# [root@sanderold sander]# /usr/local/MailScanner/bin/check_mailscanner Starting virus scanner... [root@sanderold sander]# FATAL: Read http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at /usr/local/MailScanner/bin/logger.pl line 60. [root@sanderold sander]# In other words: mailscanner crashed immedeately with a FATAL. After removing the eicar infected message from mqueue.in, running mailscanner was possible again. In other words (or: hypothesis): my mailscanner crashes if it finds an eicar infected message in mqueue.in. Alas, /usr/local/MailScanner/bin/logger.pl line 60 is only the 'die' itself, and I don't know where the call comes from. I'll dive deeper into this. If anybody has suggestions, please let me know. Sander -- Sent through GMX FreeMail - http://www.gmx.net From cfast at ALLIEDBUILDING.COM Wed Jan 23 20:48:59 2002 From: cfast at ALLIEDBUILDING.COM (Clint Fast) Date: Thu Jan 12 21:14:18 2006 Subject: check_mailscanner: FATAL ... with eicar-containing mailin/var/spool/mqueue.in References: <32514.1011816976@www52.gmx.net> Message-ID: <3C4F21BB.CC8695B4@alliedbuilding.com> Please go and *READ*: http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml just like the error message states. Since you're using F-prot, you need to change your configuration to beta instead of supported. --Clint. Sander Jonkers wrote: > > Hi, > > Short story: > My mailscanner process crashes if it finds an eicar infected message in > mqueue.in. > > Long story: > > I'm trying to get mailscanner working with f-prot. > > The result so far: non-infected mail is handled OK. However, eicar-infected > mail stays in the /var/spool/mqueue.in forever. > > I then noticed that no mailscanner process was running anymore (ps -ef | > grep -i mailsca). > > Restarting (with the eicar-infected message in in mqueue.in) mailscanner > gave this result: > > [root@sanderold sander]# > [root@sanderold sander]# /usr/local/MailScanner/bin/check_mailscanner > Starting virus scanner... > [root@sanderold sander]# FATAL: Read > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at /usr/local/MailScanner/bin/logger.pl line 60. > > [root@sanderold sander]# > > In other words: mailscanner crashed immedeately with a FATAL. > After removing the eicar infected message from mqueue.in, running > mailscanner was possible again. > > In other words (or: hypothesis): my mailscanner crashes if it finds an eicar > infected message in mqueue.in. > > Alas, /usr/local/MailScanner/bin/logger.pl line 60 is only the 'die' itself, > and I don't know where the call comes from. > > I'll dive deeper into this. If anybody has suggestions, please let me know. > > Sander > > -- > Sent through GMX FreeMail - http://www.gmx.net From felker at GMX.NET Wed Jan 23 21:01:36 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:18 2006 Subject: check_mailscanner: FATAL ... with eicar-containing mailin/var/spool/mqueue.in References: <3C4F21BB.CC8695B4@alliedbuilding.com> Message-ID: <30210.1011819696@www52.gmx.net> After reading the source (sweep.pl), I changed the following line in /usr/local/MailScanner/etc/mailscanner.conf Minimum Code Status = beta # was: supported After restarting mailscanner, the infected file eicar.com was moved to /var/spool/MailScanner/quarantine/. Great! > Please go and *READ*: > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml > > just like the error message states. I'm sorry: I thought it meant that mailscanner was reading that page. Yes, I know, it should then have said "Reading ..." and not "Read ...", but as an excuse: English is not my first language. Thanks. Sander > > Since you're using F-prot, you need to change your configuration to beta > instead of supported. > > --Clint. > > Sander Jonkers wrote: > > > > Hi, > > > > Short story: > > My mailscanner process crashes if it finds an eicar infected message in > > mqueue.in. > > > > Long story: > > > > I'm trying to get mailscanner working with f-prot. > > > > The result so far: non-infected mail is handled OK. However, > eicar-infected > > mail stays in the /var/spool/mqueue.in forever. > > > > I then noticed that no mailscanner process was running anymore (ps -ef | > > grep -i mailsca). > > > > Restarting (with the eicar-infected message in in mqueue.in) mailscanner > > gave this result: > > > > [root@sanderold sander]# > > [root@sanderold sander]# /usr/local/MailScanner/bin/check_mailscanner > > Starting virus scanner... > > [root@sanderold sander]# FATAL: Read > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at > /usr/local/MailScanner/bin/logger.pl line 60. > > > > [root@sanderold sander]# > > > > In other words: mailscanner crashed immedeately with a FATAL. > > After removing the eicar infected message from mqueue.in, running > > mailscanner was possible again. > > > > In other words (or: hypothesis): my mailscanner crashes if it finds an > eicar > > infected message in mqueue.in. > > > > Alas, /usr/local/MailScanner/bin/logger.pl line 60 is only the 'die' > itself, > > and I don't know where the call comes from. > > > > I'll dive deeper into this. If anybody has suggestions, please let me > know. > > > > Sander > > > > -- > > Sent through GMX FreeMail - http://www.gmx.net > -- Sent through GMX FreeMail - http://www.gmx.net From dpowell at LSSI.NET Wed Jan 23 22:41:54 2002 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying In-Reply-To: <5.1.0.14.2.20020108095848.030da4c8@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020108095848.030da4c8@imap.ecs.soton.ac.uk> Message-ID: <1011825725.1719.22.camel@powell> I have been having problems with mailscanner right after I installed the latest RPM mailscanner-3.03-1.i386.rpm. I also installed the latest Sophos tar file sweep version sweep -v Product version : 3.53 Engine version : 2.6 User interface version : 2.03.079 Platform : Linux/Intel Released : 07 January 2002 Total viruses (with IDEs) : 71192 Redhat 7.1 with all the updates The /var/spool/mqueue.in the last couple of mornings has been full and it takes restarting mailscanner to clear them out. I also turned off spam thinking this was the problem. I see below that Julian added "/" to the main source to fix the problem with mail scanner dying. So maybe my problem is not related, but this seemed the closest email to my problem. I have modified my mailscanner.conf to Delivery Method = batch and to not do spam everything else is defualt. One thing I did notice on install is /usr/local/Sophos/bin was not in my path. I don't remember this error showing up on earlier installs and for the life of me I cant get the path to stay. The root shell is korn. So I continued with the install.Any help would be greatly appreciated. I also wanted to say good job to Julian this has been a great security tool. On Tue, 2002-01-08 at 05:00, Julian Field wrote: > At 10:53 08/01/2002, you wrote: > >Maybe you could do both . $BASEDIR\/ first, then just $BASEDIR - the > >second should just do nothing (If we are right). > > I've added the "/" to the main source. That's definitely what appears to work. > > >Did you have any good test emails that have a high chance of sigv'ing > >mailscanner ? or are you pretty happy with your mod of getting rid of the > >do_compile(). ? > > The do_compile() was to solve SpamAssassin problems, the regexp tweaks were > to solve the segv'ing problem. > > I'm happy it all works now... > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Darrin Powell System Administrator LSSi, Corp. (919) 466-6803 From LISTSERV at JISCMAIL.AC.UK Wed Jan 23 20:46:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: msheean@IDMICRO.COM left the JISCmail list Message-ID: <200201232046.UAA20268@magpie.ecs.soton.ac.uk> Wed, 23 Jan 2002 20:46:21 Mitch Sheean has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Thu Jan 24 07:32:17 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: compu+mailscanner@UM.EDU.MT requested to join Message-ID: <200201240732.HAA16465@magpie.ecs.soton.ac.uk> Thu, 24 Jan 2002 07:32:17 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dave Mifsud The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER compu+mailscanner@UM.EDU.MT Dave Mifsud PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER compu+mailscanner@UM.EDU.MT Dave Mifsud SET MAILSCANNER CONCEAL FOR compu+mailscanner@UM.EDU.MT // EOJ From jkf at ecs.soton.ac.uk Thu Jan 24 09:08:51 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying Message-ID: <5.1.0.14.2.20020124090847.039d8068@wheresmymailserver.com> At 22:41 23/01/2002, you wrote: >I have been having problems with mailscanner right after I installed the >latest RPM mailscanner-3.03-1.i386.rpm. I also installed the latest >Sophos tar file sweep version > >sweep -v > >Product version : 3.53 >Engine version : 2.6 >User interface version : 2.03.079 >Platform : Linux/Intel >Released : 07 January 2002 >Total viruses (with IDEs) : 71192 > >Redhat 7.1 with all the updates What was printed in your logs before it died? Has MailScanner been putting anything in your logs? (If not, please read the Installation FAQ). The "/" has nothing to do with Sophos. >The /var/spool/mqueue.in the last couple of mornings has been full and >it takes restarting mailscanner to clear them out. I also turned off >spam thinking this was the problem. I see below that Julian added "/" to >the main source to fix the problem with mail scanner dying. So maybe my >problem is not related, but this seemed the closest email to my problem. >I have modified my mailscanner.conf to Delivery Method = batch and to >not do spam everything else is defualt. One thing I did notice on >install is /usr/local/Sophos/bin was not in my path. Doesn't need to be. But the /usr/local/Sophos/bin/sophoswrapper script does need to point to your installation of Sophos, so take a look at the wrapper script and check that it does. > I don't remember >this error showing up on earlier installs and for the life of me I cant >get the path to stay. The root shell is korn. So I continued with the >install.Any help would be greatly appreciated. I also wanted to say good >job to Julian this has been a great security tool. Glad you like it! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Jan 24 10:42:49 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:18 2006 Subject: MAILSCANNER: malcolm.bishop@KCL.AC.UK requested to join Message-ID: <200201241042.KAA26459@magpie.ecs.soton.ac.uk> Thu, 24 Jan 2002 10:42:49 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Malcolm Bishop You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER malcolm.bishop@KCL.AC.UK Malcolm Bishop PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER malcolm.bishop@KCL.AC.UK Malcolm Bishop // EOJ From dpowell at LSSI.NET Thu Jan 24 14:32:00 2002 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying In-Reply-To: <5.1.0.14.2.20020124090847.039d8068@wheresmymailserver.com> References: <5.1.0.14.2.20020124090847.039d8068@wheresmymailserver.com> Message-ID: <1011882721.4516.0.camel@powell> On Thu, 2002-01-24 at 04:08, Julian Field wrote: > At 22:41 23/01/2002, you wrote: > >I have been having problems with mailscanner right after I installed the > >latest RPM mailscanner-3.03-1.i386.rpm. I also installed the latest > >Sophos tar file sweep version > > > >sweep -v > > > >Product version : 3.53 > >Engine version : 2.6 > >User interface version : 2.03.079 > >Platform : Linux/Intel > >Released : 07 January 2002 > >Total viruses (with IDEs) : 71192 > > > >Redhat 7.1 with all the updates > > What was printed in your logs before it died? Has MailScanner been putting > anything in your logs? (If not, please read the Installation FAQ). Yes mailscanner is logging it starts like this Jan 20 05:03:05 www mailscanner[30942]: MailScanner E-Mail Virus Scanner version 3.03 starting. Jan 20 05:03:05 www mailscanner[30942]: Configuring mailscanner for sendmail... Jan 20 05:03:05 www mailscanner[3863]: Startup: found 1 messages waiting Jan 20 05:03:05 www mailscanner[3863]: Forwarding 1 clean messages, 2262 bytes Jan 20 05:03:05 www mailscanner[3863]: About to deliver 1 messages There is no actual indication that it dies in the logs. The mqueue.in fills up and won't empty until I /etc/rc.d/init.d/mailscanner restart. One thing I will check if it happens again is if mailscanner is still running. [root@www:/var/spool]# ps -ef | grep mail root 7473 1 0 Jan23 ? 00:00:00 sendmail: accepting connections root 7476 1 0 Jan23 ? 00:00:00 /usr/sbin/sendmail -q15m Would I be correct if /usr/sbin/sendmail -q15m was not running that mailscanner died? > > The "/" has nothing to do with Sophos. > > >The /var/spool/mqueue.in the last couple of mornings has been full and > >it takes restarting mailscanner to clear them out. I also turned off > >spam thinking this was the problem. I see below that Julian added "/" to > >the main source to fix the problem with mail scanner dying. So maybe my > >problem is not related, but this seemed the closest email to my problem. > >I have modified my mailscanner.conf to Delivery Method = batch and to > >not do spam everything else is defualt. One thing I did notice on > >install is /usr/local/Sophos/bin was not in my path. > > Doesn't need to be. But the /usr/local/Sophos/bin/sophoswrapper script does > need to point to your installation of Sophos, so take a look at the wrapper > script and check that it does. The /usr/local/Sophos/bin/sophoswrapper does point to the correct installation. PackageDir=/usr/local/Sophos prog=sweep # `basename $0` SAV_IDE=$PackageDir/ide LD_LIBRARY_PATH=$PackageDir/lib export SAV_IDE export LD_LIBRARY_PATH exec ${PackageDir}/bin/$prog "$@" > > > I don't remember > >this error showing up on earlier installs and for the life of me I cant > >get the path to stay. The root shell is korn. So I continued with the > >install.Any help would be greatly appreciated. I also wanted to say good > >job to Julian this has been a great security tool. > > Glad you like it! Thanks again for all your help. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Darrin Powell System Administrator LSSi, Corp. (919) 466-6803 From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 24 15:53:40 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:18 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! Message-ID: Have been checking the 2.0 version of SpamAssassin by running spamassassin -D Thu, 24 Jan 2002 15:58:22 valianp@SOUTHWESTERN.EDU has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From dpowell at LSSI.NET Thu Jan 24 16:48:33 2002 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying In-Reply-To: <1011882721.4516.0.camel@powell> References: <5.1.0.14.2.20020124090847.039d8068@wheresmymailserver.com> <1011882721.4516.0.camel@powell> Message-ID: <1011890913.4517.9.camel@powell> Mailscanner slowed down again today /var/spool/mqueue.in had 60 messages and below is what was running. Is this normal? root@www:/var/spool/mqueue.in]# ps -ef | grep mail root 7473 1 0 Jan23 ? 00:00:00 sendmail: accepting connections root 7476 1 0 Jan23 ? 00:00:00 /usr/sbin/sendmail -q15m root 29446 24734 0 11:38 ? 00:00:00 sendmail: ./g0OGc7a29439 ecarsbb root 29762 29741 0 11:46 pts/2 00:00:00 tail -f /var/log/maillog root 29767 7476 0 11:47 ? 00:00:00 sendmail: ./g0MK0I503474 databya root 29794 24548 0 11:48 pts/1 00:00:00 grep mail after about 5 min the /var/spool/mqueue.in immediately cleared? On Thu, 2002-01-24 at 09:32, Darrin Powell wrote: > On Thu, 2002-01-24 at 04:08, Julian Field wrote: > > At 22:41 23/01/2002, you wrote: > > >I have been having problems with mailscanner right after I installed the > > >latest RPM mailscanner-3.03-1.i386.rpm. I also installed the latest > > >Sophos tar file sweep version > > > > > >sweep -v > > > > > >Product version : 3.53 > > >Engine version : 2.6 > > >User interface version : 2.03.079 > > >Platform : Linux/Intel > > >Released : 07 January 2002 > > >Total viruses (with IDEs) : 71192 > > > > > >Redhat 7.1 with all the updates > > > > What was printed in your logs before it died? Has MailScanner been putting > > anything in your logs? (If not, please read the Installation FAQ). > > Yes mailscanner is logging it starts like this > > Jan 20 05:03:05 www mailscanner[30942]: MailScanner E-Mail Virus Scanner > version 3.03 starting. > Jan 20 05:03:05 www mailscanner[30942]: Configuring mailscanner for > sendmail... > Jan 20 05:03:05 www mailscanner[3863]: Startup: found 1 messages waiting > Jan 20 05:03:05 www mailscanner[3863]: Forwarding 1 clean messages, 2262 > bytes > Jan 20 05:03:05 www mailscanner[3863]: About to deliver 1 messages > > There is no actual indication that it dies in the logs. The mqueue.in > fills up and won't empty until I > > /etc/rc.d/init.d/mailscanner restart. > > One thing I will check if it happens again is if mailscanner is still > running. > > [root@www:/var/spool]# ps -ef | grep mail > root 7473 1 0 Jan23 ? 00:00:00 sendmail: accepting > connections > root 7476 1 0 Jan23 ? 00:00:00 /usr/sbin/sendmail -q15m > > Would I be correct if /usr/sbin/sendmail -q15m was not running that > mailscanner died? > > > > > > > > The "/" has nothing to do with Sophos. > > > > >The /var/spool/mqueue.in the last couple of mornings has been full and > > >it takes restarting mailscanner to clear them out. I also turned off > > >spam thinking this was the problem. I see below that Julian added "/" to > > >the main source to fix the problem with mail scanner dying. So maybe my > > >problem is not related, but this seemed the closest email to my problem. > > >I have modified my mailscanner.conf to Delivery Method = batch and to > > >not do spam everything else is defualt. One thing I did notice on > > >install is /usr/local/Sophos/bin was not in my path. > > > > Doesn't need to be. But the /usr/local/Sophos/bin/sophoswrapper script does > > need to point to your installation of Sophos, so take a look at the wrapper > > script and check that it does. > The /usr/local/Sophos/bin/sophoswrapper does point to the correct > installation. > > > PackageDir=/usr/local/Sophos > prog=sweep # `basename $0` > > SAV_IDE=$PackageDir/ide > LD_LIBRARY_PATH=$PackageDir/lib > export SAV_IDE > export LD_LIBRARY_PATH > > exec ${PackageDir}/bin/$prog "$@" > > > > > > > > I don't remember > > >this error showing up on earlier installs and for the life of me I cant > > >get the path to stay. The root shell is korn. So I continued with the > > >install.Any help would be greatly appreciated. I also wanted to say good > > >job to Julian this has been a great security tool. > > > > Glad you like it! > > Thanks again for all your help. > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > -- > Darrin Powell > System Administrator > LSSi, Corp. > (919) 466-6803 -- Darrin Powell System Administrator LSSi, Corp. (919) 466-6803 From jkf at ecs.soton.ac.uk Thu Jan 24 17:04:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying Message-ID: <5.1.0.14.2.20020124170449.03a2cdf0@wheresmymailserver.com> At 16:48 24/01/2002, you wrote: >Mailscanner slowed down again today > >/var/spool/mqueue.in had 60 messages and below is what was running. > >Is this normal? You should have a perl process running MailScanner as well, though you might have to "ps -fe | grep perl" to find it as sometimes the path can be too long for "ps -fe" to show the actual word "mailscanner". >root@www:/var/spool/mqueue.in]# ps -ef | grep mail >root 7473 1 0 Jan23 ? 00:00:00 sendmail: accepting >connections >root 7476 1 0 Jan23 ? 00:00:00 /usr/sbin/sendmail -q15m >root 29446 24734 0 11:38 ? 00:00:00 sendmail: ./g0OGc7a29439 >ecarsbb >root 29762 29741 0 11:46 pts/2 00:00:00 tail -f /var/log/maillog >root 29767 7476 0 11:47 ? 00:00:00 sendmail: ./g0MK0I503474 >databya >root 29794 24548 0 11:48 pts/1 00:00:00 grep mail > >after about 5 min the /var/spool/mqueue.in immediately cleared? In which case it is almost certainly slow DNS lookups causing the problem. Try switching off the spam detection and see if things improve. >On Thu, 2002-01-24 at 09:32, Darrin Powell wrote: > > On Thu, 2002-01-24 at 04:08, Julian Field wrote: > > > At 22:41 23/01/2002, you wrote: > > > >I have been having problems with mailscanner right after I installed the > > > >latest RPM mailscanner-3.03-1.i386.rpm. I also installed the latest > > > >Sophos tar file sweep version > > > > > > > >sweep -v > > > > > > > >Product version : 3.53 > > > >Engine version : 2.6 > > > >User interface version : 2.03.079 > > > >Platform : Linux/Intel > > > >Released : 07 January 2002 > > > >Total viruses (with IDEs) : 71192 > > > > > > > >Redhat 7.1 with all the updates > > > > > > What was printed in your logs before it died? Has MailScanner been > putting > > > anything in your logs? (If not, please read the Installation FAQ). > > > > Yes mailscanner is logging it starts like this > > > > Jan 20 05:03:05 www mailscanner[30942]: MailScanner E-Mail Virus Scanner > > version 3.03 starting. > > Jan 20 05:03:05 www mailscanner[30942]: Configuring mailscanner for > > sendmail... > > Jan 20 05:03:05 www mailscanner[3863]: Startup: found 1 messages waiting > > Jan 20 05:03:05 www mailscanner[3863]: Forwarding 1 clean messages, 2262 > > bytes > > Jan 20 05:03:05 www mailscanner[3863]: About to deliver 1 messages > > > > There is no actual indication that it dies in the logs. The mqueue.in > > fills up and won't empty until I > > > > /etc/rc.d/init.d/mailscanner restart. > > > > One thing I will check if it happens again is if mailscanner is still > > running. > > > > [root@www:/var/spool]# ps -ef | grep mail > > root 7473 1 0 Jan23 ? 00:00:00 sendmail: accepting > > connections > > root 7476 1 0 Jan23 ? 00:00:00 /usr/sbin/sendmail -q15m > > > > Would I be correct if /usr/sbin/sendmail -q15m was not running that > > mailscanner died? > > > > > > > > > > > > > > The "/" has nothing to do with Sophos. > > > > > > >The /var/spool/mqueue.in the last couple of mornings has been full and > > > >it takes restarting mailscanner to clear them out. I also turned off > > > >spam thinking this was the problem. I see below that Julian added "/" to > > > >the main source to fix the problem with mail scanner dying. So maybe my > > > >problem is not related, but this seemed the closest email to my problem. > > > >I have modified my mailscanner.conf to Delivery Method = batch and to > > > >not do spam everything else is defualt. One thing I did notice on > > > >install is /usr/local/Sophos/bin was not in my path. > > > > > > Doesn't need to be. But the /usr/local/Sophos/bin/sophoswrapper > script does > > > need to point to your installation of Sophos, so take a look at the > wrapper > > > script and check that it does. > > The /usr/local/Sophos/bin/sophoswrapper does point to the correct > > installation. > > > > > > PackageDir=/usr/local/Sophos > > prog=sweep # `basename $0` > > > > SAV_IDE=$PackageDir/ide > > LD_LIBRARY_PATH=$PackageDir/lib > > export SAV_IDE > > export LD_LIBRARY_PATH > > > > exec ${PackageDir}/bin/$prog "$@" > > > > > > > > > > > > > I don't remember > > > >this error showing up on earlier installs and for the life of me I cant > > > >get the path to stay. The root shell is korn. So I continued with the > > > >install.Any help would be greatly appreciated. I also wanted to say good > > > >job to Julian this has been a great security tool. > > > > > > Glad you like it! > > > > Thanks again for all your help. > > > > > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > -- > > Darrin Powell > > System Administrator > > LSSi, Corp. > > (919) 466-6803 >-- >Darrin Powell >System Administrator >LSSi, Corp. >(919) 466-6803 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Thu Jan 24 19:51:42 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:18 2006 Subject: Delivery Method. Message-ID: <000b01c1a510$8babdac0$48cf75cc@fizz> Just curious what you guys with higher volumn mail servers use for that option. I currently have it set to batch, and my mqueue.in folder is starting to backup a bit. We do around 75k mail a day on this server, thanks. Ive also set sendmail -q1m ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From miguelk at KONSULTEX.COM.BR Thu Jan 24 20:13:26 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:14:18 2006 Subject: Delivery Method. References: <000b01c1a510$8babdac0$48cf75cc@fizz> Message-ID: <3C506AE6.AB9B623A@konsultex.com.br> Kelly; This was a concern of mine when I first instaled Mail Scanner (about 3 months ago) and I set it up like this (not a 'high' volume site though): - delivery method = queue - starting Mail Scanner: /usr/sbin/sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in /usr/sbin/sendmail -q1m This has worked very well for me and I never see anything queued up nor any appreciable delay (not anything that anyone compains about). But I am interested in other people's opinion if this is the way to go for high throughput. Miguel Kelly Hamlin wrote: > Just curious what you guys with higher volumn mail servers use for that > option. I currently have it set to batch, and my mqueue.in folder is > starting to backup a bit. > We do around 75k mail a day on this server, thanks. > Ive also set sendmail -q1m > > ////// > ( o o ) > +--.oooO--(_)--Oooo.-----------------+ > | [Kelly Hamlin] > | kellyh@cyberstreet.com > | http://www.bomb.net > | .oooO > | ( ) Oooo. > +--- \ (----( )----------------------------+ > \_) ) / > (_/ From fizz at BOMB.NET Thu Jan 24 20:25:44 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:18 2006 Subject: Delivery Method. References: <000b01c1a510$8babdac0$48cf75cc@fizz> <3C506AE6.AB9B623A@konsultex.com.br> Message-ID: <002201c1a515$4cb4d420$48cf75cc@fizz> I had about 900 messages in my mqueue.in dir, i was starting to panic, this is the first day in a live prodcution enviroment. Im running spamassassin 2.0 with this also. Are you using spamassasin? i restarted with QUEUE to see if it works better than batch thanks. Kelly ----- Original Message ----- From: "Miguel Koren O'Brien de Lacy" To: Sent: Thursday, January 24, 2002 3:13 PM Subject: Re: Delivery Method. > Kelly; > > This was a concern of mine when I first instaled Mail Scanner (about 3 > months ago) and I set it up like this (not a 'high' volume site though): > > - delivery method = queue > > - starting Mail Scanner: > > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in > /usr/sbin/sendmail -q1m > > This has worked very well for me and I never see anything queued up nor any > appreciable delay (not anything that anyone compains about). > > But I am interested in other people's opinion if this is the way to go for > high throughput. > > Miguel > > Kelly Hamlin wrote: > > > Just curious what you guys with higher volumn mail servers use for that > > option. I currently have it set to batch, and my mqueue.in folder is > > starting to backup a bit. > > We do around 75k mail a day on this server, thanks. > > Ive also set sendmail -q1m > > > > ////// > > ( o o ) > > +--.oooO--(_)--Oooo.-----------------+ > > | [Kelly Hamlin] > > | kellyh@cyberstreet.com > > | http://www.bomb.net > > | .oooO > > | ( ) Oooo. > > +--- \ (----( )----------------------------+ > > \_) ) / > > (_/ > From miguelk at KONSULTEX.COM.BR Thu Jan 24 20:30:04 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:14:18 2006 Subject: Delivery Method. References: <000b01c1a510$8babdac0$48cf75cc@fizz> <3C506AE6.AB9B623A@konsultex.com.br> <002201c1a515$4cb4d420$48cf75cc@fizz> Message-ID: <3C506ECC.C91B60C0@konsultex.com.br> No, I'm using version 2.6, watching from the sidelines as all the new bugs are ironed out .... :-) Miguel Kelly Hamlin wrote: > I had about 900 messages in my mqueue.in dir, i was starting to panic, this > is the first day in a live prodcution enviroment. Im running spamassassin > 2.0 with this also. Are you using spamassasin? > i restarted with QUEUE to see if it works better than batch > thanks. > Kelly > > ----- Original Message ----- > From: "Miguel Koren O'Brien de Lacy" > To: > Sent: Thursday, January 24, 2002 3:13 PM > Subject: Re: Delivery Method. > > > Kelly; > > > > This was a concern of mine when I first instaled Mail Scanner (about 3 > > months ago) and I set it up like this (not a 'high' volume site though): > > > > - delivery method = queue > > > > - starting Mail Scanner: > > > > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly > > -OQueueDirectory=/var/spool/mqueue.in > > /usr/sbin/sendmail -q1m > > > > This has worked very well for me and I never see anything queued up nor > any > > appreciable delay (not anything that anyone compains about). > > > > But I am interested in other people's opinion if this is the way to go for > > high throughput. > > > > Miguel > > > > Kelly Hamlin wrote: > > > > > Just curious what you guys with higher volumn mail servers use for that > > > option. I currently have it set to batch, and my mqueue.in folder is > > > starting to backup a bit. > > > We do around 75k mail a day on this server, thanks. > > > Ive also set sendmail -q1m > > > > > > ////// > > > ( o o ) > > > +--.oooO--(_)--Oooo.-----------------+ > > > | [Kelly Hamlin] > > > | kellyh@cyberstreet.com > > > | http://www.bomb.net > > > | .oooO > > > | ( ) Oooo. > > > +--- \ (----( )----------------------------+ > > > \_) ) / > > > (_/ > > From jkf at ecs.soton.ac.uk Thu Jan 24 21:19:02 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:18 2006 Subject: Delivery Method. In-Reply-To: <002201c1a515$4cb4d420$48cf75cc@fizz> References: <000b01c1a510$8babdac0$48cf75cc@fizz> <3C506AE6.AB9B623A@konsultex.com.br> Message-ID: <5.1.0.14.2.20020124211254.02e26788@hawk.ecs.soton.ac.uk> Kelly, At 20:25 24/01/2002, you wrote: >I had about 900 messages in my mqueue.in dir, i was starting to panic, this >is the first day in a live prodcution enviroment. Im running spamassassin >2.0 with this also. Are you using spamassasin? >i restarted with QUEUE to see if it works better than batch Try 1) Using "batch" but setting "deliver in background = yes". 2) Try switching off SpamAssassin, I'm not sure how much extra load it adds. 3) Try leaving on SpamAssassin, but setting its "skip_rbl_checks" to true/yes in /.spamassassin/user_prefs (in SA 2.0). I haven't tried running SpamAssassin on a server with a volume as high as 75k per day, it might be adding too much load. Try each of the above 3 suggestions in turn, keeping an eye on the load and queue length with each change. I would be interested to hear your results. You shouldn't need "-q1m" together with "batch", something like "-q15m" should do fine. "batch" mode makes sendmail do 1 delivery attempt immediately on each message anyway, and adding queue runs every 1 minute will only push the load up without actually achieving very much. I would only try frequent queue runs with "delivery mode = queue", not with "batch". Don't bother with "individual", it's mainly there for backwards compatibility (it's the first mode I implemented and I didn't see any point removing it for the sake of it). Also read the Installation FAQ for a note or two on high-volume servers. >----- Original Message ----- >From: "Miguel Koren O'Brien de Lacy" >To: >Sent: Thursday, January 24, 2002 3:13 PM >Subject: Re: Delivery Method. > > > > Kelly; > > > > This was a concern of mine when I first instaled Mail Scanner (about 3 > > months ago) and I set it up like this (not a 'high' volume site though): > > > > - delivery method = queue > > > > - starting Mail Scanner: > > > > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly > > -OQueueDirectory=/var/spool/mqueue.in > > /usr/sbin/sendmail -q1m > > > > This has worked very well for me and I never see anything queued up nor >any > > appreciable delay (not anything that anyone compains about). > > > > But I am interested in other people's opinion if this is the way to go for > > high throughput. > > > > Miguel > > > > Kelly Hamlin wrote: > > > > > Just curious what you guys with higher volumn mail servers use for that > > > option. I currently have it set to batch, and my mqueue.in folder is > > > starting to backup a bit. > > > We do around 75k mail a day on this server, thanks. > > > Ive also set sendmail -q1m > > > > > > ////// > > > ( o o ) > > > +--.oooO--(_)--Oooo.-----------------+ > > > | [Kelly Hamlin] > > > | kellyh@cyberstreet.com > > > | http://www.bomb.net > > > | .oooO > > > | ( ) Oooo. > > > +--- \ (----( )----------------------------+ > > > \_) ) / > > > (_/ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Thu Jan 24 21:30:57 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:18 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: Message-ID: I've noticed a variety of bugs being reported with the new "stable" 2.0 version of spamassassin. I think I saw one about missing headers just being fixed today. Many folks are asking if there will be a new "stable" version released or how will the fixes be incorporated. I think I'll wait a few more days before upgrading. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Thu Jan 24 21:34:35 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying In-Reply-To: <1011890913.4517.9.camel@powell> Message-ID: I had a series of messages that razor was unavailable and there were timeouts. Perhaps that is affecting you too??? Gerry On Thu, 24 Jan 2002, Darrin Powell wrote: > Mailscanner slowed down again today > > /var/spool/mqueue.in had 60 messages and below is what was running. > > Is this normal? > From gerry at DORFAM.CA Thu Jan 24 21:36:38 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:18 2006 Subject: mailscanner dying In-Reply-To: <5.1.0.14.2.20020124170449.03a2cdf0@wheresmymailserver.com> Message-ID: I find the easiest way to see if mailscanner is running is to use top. mailscanner always shows as soon as a message is received. Gerry On Thu, 24 Jan 2002, Julian Field wrote: > You should have a perl process running MailScanner as well, though you > might have to "ps -fe | grep perl" to find it as sometimes the path can be > too long for "ps -fe" to show the actual word "mailscanner". From fizz at BOMB.NET Thu Jan 24 21:57:56 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Delivery Method. References: <000b01c1a510$8babdac0$48cf75cc@fizz> <3C506AE6.AB9B623A@konsultex.com.br> <5.1.0.14.2.20020124211254.02e26788@hawk.ecs.soton.ac.uk> Message-ID: <004801c1a522$2e530b70$48cf75cc@fizz> Success! Setting it to queue seems to work great, i have it set to -q1m for sendmail. Ive rewrote sendmail.logs.pl a bit you guys might be interested in. run ./stats.pl right from console for nice stats on whats goin on with your mail gateway http://sairys.bomb.net/sendmail-stats.tar.gz My incoming queue is now less then 50 or so at all times, with SA 2.0 fully enabled and RBL checks. ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, January 24, 2002 4:19 PM Subject: Re: Delivery Method. > Kelly, > > At 20:25 24/01/2002, you wrote: > >I had about 900 messages in my mqueue.in dir, i was starting to panic, this > >is the first day in a live prodcution enviroment. Im running spamassassin > >2.0 with this also. Are you using spamassasin? > >i restarted with QUEUE to see if it works better than batch > > Try > 1) Using "batch" but setting "deliver in background = yes". > 2) Try switching off SpamAssassin, I'm not sure how much extra load it adds. > 3) Try leaving on SpamAssassin, but setting its "skip_rbl_checks" to > true/yes in /.spamassassin/user_prefs (in SA 2.0). > > I haven't tried running SpamAssassin on a server with a volume as high as > 75k per day, it might be adding too much load. Try each of the above 3 > suggestions in turn, keeping an eye on the load and queue length with each > change. > > I would be interested to hear your results. > > You shouldn't need "-q1m" together with "batch", something like "-q15m" > should do fine. "batch" mode makes sendmail do 1 delivery attempt > immediately on each message anyway, and adding queue runs every 1 minute > will only push the load up without actually achieving very much. I would > only try frequent queue runs with "delivery mode = queue", not with > "batch". Don't bother with "individual", it's mainly there for backwards > compatibility (it's the first mode I implemented and I didn't see any point > removing it for the sake of it). > > Also read the Installation FAQ for a note or two on high-volume servers. > > >----- Original Message ----- > >From: "Miguel Koren O'Brien de Lacy" > >To: > >Sent: Thursday, January 24, 2002 3:13 PM > >Subject: Re: Delivery Method. > > > > > > > Kelly; > > > > > > This was a concern of mine when I first instaled Mail Scanner (about 3 > > > months ago) and I set it up like this (not a 'high' volume site though): > > > > > > - delivery method = queue > > > > > > - starting Mail Scanner: > > > > > > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly > > > -OQueueDirectory=/var/spool/mqueue.in > > > /usr/sbin/sendmail -q1m > > > > > > This has worked very well for me and I never see anything queued up nor > >any > > > appreciable delay (not anything that anyone compains about). > > > > > > But I am interested in other people's opinion if this is the way to go for > > > high throughput. > > > > > > Miguel > > > > > > Kelly Hamlin wrote: > > > > > > > Just curious what you guys with higher volumn mail servers use for that > > > > option. I currently have it set to batch, and my mqueue.in folder is > > > > starting to backup a bit. > > > > We do around 75k mail a day on this server, thanks. > > > > Ive also set sendmail -q1m > > > > > > > > ////// > > > > ( o o ) > > > > +--.oooO--(_)--Oooo.-----------------+ > > > > | [Kelly Hamlin] > > > > | kellyh@cyberstreet.com > > > > | http://www.bomb.net > > > > | .oooO > > > > | ( ) Oooo. > > > > +--- \ (----( )----------------------------+ > > > > \_) ) / > > > > (_/ > > > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From fizz at BOMB.NET Thu Jan 24 23:15:19 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Another thing you might like.. Message-ID: <001601c1a52c$fe01f610$ac722241@fizz> download that file i put at http://sairys.bomb.net/sendmail-stats.tar.gz and strip the ascii stuff from all the print statements at the bottom. create a file called stat.email.template put the following in it To: your@email.address.com From: root@your.mailserver.com Subject: Nightly Stats then touch stat.email then make a file called sendstat (chmod 755) #!/bin/sh rm stat.email cat /root/stat.email.template > stat.email /root/stats.pl >> stat.email sendmail -t < stat.email then setup a cronjob for this to happen every night. What this does is send you detailed stats about whats going on with your mail server at the time u specified for cronjob to start. Includes total emails, viruses,spam as well as how much mail is in incoming queue and outgoing queue and how many sendmail processes for outgoing and incoming are currently running. PS. You might wanna consider running a forum, im a developer on OpenBB (http://www.openbb.net) and can help with anything you might need. OBB needs MySQL and PHP. Its fast and powerful and a great way for us mailscanner junkies to communicate. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020124/b431a027/attachment.html From mdchaney at MICHAELCHANEY.COM Fri Jan 25 00:34:05 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: ; from gerry@DORFAM.CA on Thu, Jan 24, 2002 at 04:30:57PM -0500 References: Message-ID: <20020124183405.B12743@michaelchaney.com> On Thu, Jan 24, 2002 at 04:30:57PM -0500, Gerry Doris wrote: > I've noticed a variety of bugs being reported with the new "stable" 2.0 > version of spamassassin. I think I saw one about missing headers just > being fixed today. Well, that's irrelevant to mailscanner, since it doesn't actually pass the message through spamassassin. Given that we know that SA1.5 doesn't work 100% with mailscanner, I'd say you're definitely no better off to stay there :-/ Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From fizz at BOMB.NET Fri Jan 25 01:07:29 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) Message-ID: <001001c1a53c$a9c95790$ac722241@fizz> For those interested http://sairys.bomb.net/sendmail-webstats.tar.gz put in your cgi-bin dir and browse to it. produces stats to the web, must have apache (or some httpd daemon running) To see a sample, http://sairys.bomb.net/sample.gif -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020124/f2ba95d9/attachment.html From gerry at DORFAM.CA Fri Jan 25 04:11:58 2002 From: gerry at DORFAM.CA (gerry) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! References: <20020124183405.B12743@michaelchaney.com> Message-ID: <00bd01c1a556$7087c100$670a000a@dorfam.ca> Alright, I admit it...I'm totally confused. I thought that versions of spamassassin prior to 1.5 had problems with mailscanner but 1.5 worked properly. Is this not correct? Also, if mailscanner.conf is set to use spamassassin doesn't the message go through spamassassin? If it doesn't, what happens??? Gerry ----- Original Message ----- From: "Michael Chaney" To: Sent: Thursday, January 24, 2002 7:34 PM Subject: Re: SpamAssassin 2.0 - beware of old spamassassin.cf file! > On Thu, Jan 24, 2002 at 04:30:57PM -0500, Gerry Doris wrote: > > I've noticed a variety of bugs being reported with the new "stable" 2.0 > > version of spamassassin. I think I saw one about missing headers just > > being fixed today. > > Well, that's irrelevant to mailscanner, since it doesn't actually pass > the message through spamassassin. Given that we know that SA1.5 doesn't > work 100% with mailscanner, I'd say you're definitely no better off to > stay there :-/ > > Michael > -- > Michael Darrin Chaney > mdchaney@michaelchaney.com > http://www.michaelchaney.com/ From mdchaney at MICHAELCHANEY.COM Fri Jan 25 08:09:24 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <00bd01c1a556$7087c100$670a000a@dorfam.ca>; from gerry@DORFAM.CA on Thu, Jan 24, 2002 at 11:11:58PM -0500 References: <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> Message-ID: <20020125020923.A14647@michaelchaney.com> On Thu, Jan 24, 2002 at 11:11:58PM -0500, gerry wrote: > Alright, I admit it...I'm totally confused. > > I thought that versions of spamassassin prior to 1.5 had problems with > mailscanner but 1.5 worked properly. Is this not correct? > > Also, if mailscanner.conf is set to use spamassassin doesn't the message go > through spamassassin? If it doesn't, what happens??? Please read the list archives on this subject. I get about a 70% hit rate on spams when running through mailscanner, much higher when running spamassassin on the command line. Some messages aren't being recognized when run through mailscanner. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From jkf at ecs.soton.ac.uk Fri Jan 25 08:44:28 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: Delivery Method. In-Reply-To: <004801c1a522$2e530b70$48cf75cc@fizz> References: <000b01c1a510$8babdac0$48cf75cc@fizz> <3C506AE6.AB9B623A@konsultex.com.br> <5.1.0.14.2.20020124211254.02e26788@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020125084326.039888b0@imap.ecs.soton.ac.uk> At 21:57 24/01/2002, you wrote: >Success! Setting it to queue seems to work great, i have it set to -q1m for >sendmail. Ive rewrote sendmail.logs.pl a bit you guys might be interested >in. >run ./stats.pl right from console for nice stats on whats goin on with your >mail gateway >http://sairys.bomb.net/sendmail-stats.tar.gz > >My incoming queue is now less then 50 or so at all times, with SA 2.0 fully >enabled and RBL checks. What hardware are you running on? I would be interested in documenting your setup a bit as it's a good-throughput high-volume site. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Jan 25 08:48:47 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <20020125020923.A14647@michaelchaney.com> References: <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> Message-ID: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> At 08:09 25/01/2002, you wrote: >Please read the list archives on this subject. I get about a 70% hit >rate on spams when running through mailscanner, much higher when running >spamassassin on the command line. Some messages aren't being recognized >when run through mailscanner. Please note this is due to SpamAssassin bugs, not MailScanner bugs :-) I call their API just the way they told me to... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at DORFAM.CA Fri Jan 25 13:17:23 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:19 2006 Subject: [SAtalk] 2.01 released (fwd) Message-ID: For those not on the spamassassin list...they updated 2.00 already! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer ---------- Forwarded message ---------- Date: Fri, 25 Jan 2002 15:47:02 +1100 From: Justin Mason To: SpamAssassin-talk@lists.sourceforge.net Subject: [SAtalk] 2.01 released OK, compromise ;) Here's 2.01, a bugfix release for 2.0, since whitelist_to etc. were not working. http://SpamAssassin.org/downloads.html changes: - whitelist_to did not work with multiple To or CC addresses. fixed. - ^M's in headers are now ignored, for compatibility with MUAs and filtering packages - spamd was not cleaning defunct processes on some platforms - no longer requires Net::DNS in Makefile.PL - CTYPE_JUST_HTML score toned down to avoid false positives - all-caps SUBJECT/Subject header now handled correctly - forgot to mention for 2.0: there's a 'Mail Filtered With SpamAssassin' button PNG now, as well ;) Local delivery is still the default, instead of "-P", as I don't want to make that change in a bugfix release. Sorry Duncan. In the meantime, stick with that modification in the Debian package, I think... Also, I haven't applied Andrew K's patch for spamc to handle EXT and HOST; I'd prefer to do that in the 2.1 devel tree. --j. -- 'Justin Mason' => { url => 'http://jmason.org/', blog => 'http://taint.org/' } _______________________________________________ Spamassassin-talk mailing list Spamassassin-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/spamassassin-talk From fizz at BOMB.NET Fri Jan 25 13:54:20 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Question.. Message-ID: <000701c1a5a7$c9de38f0$48cf75cc@fizz> sendmail.logs.pl when you do mail it searches the mail log for nrcpts= but as of last night its only showing 23 now, if i grep say mailer which is another part in the config, it finds 15000, any idea what could have changed, only thing i did last night was change some spamassassin stuff and upgraded to 2.0.1 thismorning. Basically it should be finding over 15000 total emails, but its only showing like 25. im totally confused. ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From dpowell at LSSI.NET Fri Jan 25 14:23:20 2002 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:14:19 2006 Subject: mailscanner dying In-Reply-To: References: Message-ID: <1011968600.7479.16.camel@powell> Cool, thanks for your help On Thu, 2002-01-24 at 16:36, Gerry Doris wrote: > I find the easiest way to see if mailscanner is running is to use top. > mailscanner always shows as soon as a message is received. > > Gerry > > On Thu, 24 Jan 2002, Julian Field wrote: > > > You should have a perl process running MailScanner as well, though you > > might have to "ps -fe | grep perl" to find it as sometimes the path can be > > too long for "ps -fe" to show the actual word "mailscanner". -- Darrin Powell System Administrator LSSi, Corp. (919) 466-6803 From fizz at BOMB.NET Fri Jan 25 15:03:18 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: mailscanner dying References: <1011968600.7479.16.camel@powell> Message-ID: <000c01c1a5b1$6c0277a0$48cf75cc@fizz> or use cron and execute check_mailscanner, run it every 20 minutes, if mailscanner is NOT running, it will start it, if it is, it doesnt do anything. ----- Original Message ----- From: "Darrin Powell" To: Sent: Friday, January 25, 2002 9:23 AM Subject: Re: mailscanner dying > Cool, thanks for your help > > > > On Thu, 2002-01-24 at 16:36, Gerry Doris wrote: > > I find the easiest way to see if mailscanner is running is to use top. > > mailscanner always shows as soon as a message is received. > > > > Gerry > > > > On Thu, 24 Jan 2002, Julian Field wrote: > > > > > You should have a perl process running MailScanner as well, though you > > > might have to "ps -fe | grep perl" to find it as sometimes the path can be > > > too long for "ps -fe" to show the actual word "mailscanner". > -- > Darrin Powell > System Administrator > LSSi, Corp. > (919) 466-6803 > From jkf at ecs.soton.ac.uk Fri Jan 25 15:08:08 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: mailscanner dying In-Reply-To: <000c01c1a5b1$6c0277a0$48cf75cc@fizz> References: <1011968600.7479.16.camel@powell> Message-ID: <5.1.0.14.2.20020125150738.0547d1c8@imap.ecs.soton.ac.uk> At 15:03 25/01/2002, you wrote: >or use cron and execute check_mailscanner, run it every 20 minutes, if >mailscanner is NOT running, it will start it, if it is, it doesnt do >anything. This is roughly what the RPM installation does by default (except it does it hourly as that's easier in RedHat). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From matt at kaminer.com Fri Jan 25 15:43:16 2002 From: matt at kaminer.com (Matt Kaminer) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> Message-ID: <47392.65.205.80.66.1011973396.squirrel@webmail.mmc.net> Loyal users of Mailscanner: Which works better with Mailscanner, RBL or SpamAssassin? Im still trying to decide which one to use with Mailscanner. One con for RBL is that you have to pay for it now :-( ORBS aint cutting it. It only catches about 60-70 percent of the SPAM. -Matt Julian Field said: > At 08:09 25/01/2002, you wrote: >>Please read the list archives on this subject. I get about a 70% hit >>rate on spams when running through mailscanner, much higher when >>running spamassassin on the command line. Some messages aren't being >>recognized when run through mailscanner. > > Please note this is due to SpamAssassin bugs, not MailScanner bugs :-) > I call their API just the way they told me to... > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From fizz at BOMB.NET Fri Jan 25 17:13:50 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Question.. References: <000701c1a5a7$c9de38f0$48cf75cc@fizz> Message-ID: <000901c1a5c3$a83f21c0$48cf75cc@fizz> root@sairys:~# cd /var/log/ root@sairys:/var/log# grep nrcpts mail.old -c 14222 root@sairys:/var/log# grep sendmail mail.old -c 45765 root@sairys:/var/log# cd mail root@sairys:/var/log/mail# grep sendmail maillog -c 23252 root@sairys:/var/log/mail# grep nrcpts maillog -c 1254 mail.old is yesterdays log, and maillog is todays. any reason why it would only show 30 messages when i do sendmail.logs.pl mail its shows 9000+ spam and 230 viruses so those are working fine. thanks. ----- Original Message ----- From: "Kelly Hamlin" To: Sent: Friday, January 25, 2002 8:54 AM Subject: Question.. > sendmail.logs.pl > when you do mail it searches the mail log for nrcpts= but as of last night > its only showing 23 now, if i grep say mailer which is another part in the > config, it finds 15000, any idea what could have changed, only thing i did > last night was change some spamassassin stuff and upgraded to 2.0.1 > thismorning. Basically it should be finding over 15000 total emails, but its > only showing like 25. im totally confused. > > ////// > ( o o ) > +--.oooO--(_)--Oooo.-----------------+ > | [Kelly Hamlin] > | kellyh@cyberstreet.com > | http://www.bomb.net > | .oooO > | ( ) Oooo. > +--- \ (----( )----------------------------+ > \_) ) / > (_/ > From fizz at BOMB.NET Fri Jan 25 17:49:23 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Question.. References: <000701c1a5a7$c9de38f0$48cf75cc@fizz> <000901c1a5c3$a83f21c0$48cf75cc@fizz> Message-ID: <000d01c1a5c8$a0079be0$48cf75cc@fizz> ok, strange, i rebooted the machine and now its working as its supposed to... shrug.. thanks ----- Original Message ----- From: "Kelly Hamlin" To: Sent: Friday, January 25, 2002 12:13 PM Subject: Re: Question.. > root@sairys:~# cd /var/log/ > root@sairys:/var/log# grep nrcpts mail.old -c > 14222 > root@sairys:/var/log# grep sendmail mail.old -c > 45765 > root@sairys:/var/log# cd mail > root@sairys:/var/log/mail# grep sendmail maillog -c > 23252 > root@sairys:/var/log/mail# grep nrcpts maillog -c > 1254 > > mail.old is yesterdays log, and maillog is todays. > any reason why it would only show 30 messages when i do sendmail.logs.pl > mail > its shows 9000+ spam and 230 viruses so those are working fine. > thanks. > ----- Original Message ----- > From: "Kelly Hamlin" > To: > Sent: Friday, January 25, 2002 8:54 AM > Subject: Question.. > > > > sendmail.logs.pl > > when you do mail it searches the mail log for nrcpts= but as of last night > > its only showing 23 now, if i grep say mailer which is another part in the > > config, it finds 15000, any idea what could have changed, only thing i did > > last night was change some spamassassin stuff and upgraded to 2.0.1 > > thismorning. Basically it should be finding over 15000 total emails, but > its > > only showing like 25. im totally confused. > > > > ////// > > ( o o ) > > +--.oooO--(_)--Oooo.-----------------+ > > | [Kelly Hamlin] > > | kellyh@cyberstreet.com > > | http://www.bomb.net > > | .oooO > > | ( ) Oooo. > > +--- \ (----( )----------------------------+ > > \_) ) / > > (_/ > > > From LISTSERV at JISCMAIL.AC.UK Fri Jan 25 19:33:38 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: gf@MICROSERVE.DE requested to join Message-ID: <200201251933.TAA16909@magpie.ecs.soton.ac.uk> Fri, 25 Jan 2002 19:33:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Gerhard Faehrmann You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER gf@MICROSERVE.DE Gerhard Faehrmann PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER gf@MICROSERVE.DE Gerhard Faehrmann // EOJ From gf at MICROSERVE.DE Fri Jan 25 20:37:48 2002 From: gf at MICROSERVE.DE (Gerhard Faehrmann) Date: Thu Jan 12 21:14:19 2006 Subject: Trouble with base64 Message-ID: Hi there, for some reason, my MailScanner installation does not seem to decode base64 encoded messages. Or, at least it appears this way. When using a different encoding, it will catch the virus, when using base64 it will not. I've tried different versions of the MIME tools (currently using version MIME-tools-5.411) and the base64 package (currently using MIME-Base64-2.12-6) on a Linux Redhat 7.2 system. Any hints? Thanks, Gerhard From mdchaney at MICHAELCHANEY.COM Fri Jan 25 21:03:53 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Fri, Jan 25, 2002 at 08:48:47AM +0000 References: <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020125020923.A14647@michaelchaney.com> <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> Message-ID: <20020125150353.A17532@michaelchaney.com> On Fri, Jan 25, 2002 at 08:48:47AM +0000, Julian Field wrote: > At 08:09 25/01/2002, you wrote: > >Please read the list archives on this subject. I get about a 70% hit > >rate on spams when running through mailscanner, much higher when running > >spamassassin on the command line. Some messages aren't being recognized > >when run through mailscanner. > > Please note this is due to SpamAssassin bugs, not MailScanner bugs :-) > I call their API just the way they told me to... Without a doubt (God knows I've spent enough time looking over your code to know that :) If SpamAssassin 2 doesn't work well, I'm going to rewrite large parts of it myself and just use their patterns. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From sevans at FOUNDATION.SDSU.EDU Fri Jan 25 21:31:31 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A777C@foundation.foundation.sdsu.edu> So all I have to do is put it in my cgi-bin? That's it? If so all I get is a blank page. Steve -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Thursday, January 24, 2002 5:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail WebStats (sort of a mod) For those interested http://sairys.bomb.net/sendmail-webstats.tar.gz put in your cgi-bin dir and browse to it. produces stats to the web, must have apache (or some httpd daemon running) To see a sample, http://sairys.bomb.net/sample.gif -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020125/40888144/attachment.html From fizz at BOMB.NET Fri Jan 25 22:00:26 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <20C245C5F9A41949A359CCDBF4B3ADED2A777C@foundation.foundation.sdsu.edu> Message-ID: <001701c1a5eb$b22ff6f0$48cf75cc@fizz> oops, u may have to edit it to point to your maillogs, sorry, knew i forgot something :) ----- Original Message ----- From: Steve Evans To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, January 25, 2002 4:31 PM Subject: Re: Sendmail WebStats (sort of a mod) So all I have to do is put it in my cgi-bin? That's it? If so all I get is a blank page. Steve -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Thursday, January 24, 2002 5:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail WebStats (sort of a mod) For those interested http://sairys.bomb.net/sendmail-webstats.tar.gz put in your cgi-bin dir and browse to it. produces stats to the web, must have apache (or some httpd daemon running) To see a sample, http://sairys.bomb.net/sample.gif -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020125/34292a4e/attachment.html From felker at GMX.NET Fri Jan 25 22:21:29 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <001701c1a5eb$b22ff6f0$48cf75cc@fizz> Message-ID: <20600.1011997289@www26.gmx.net> > oops, u may have to edit it to point to your maillogs, sorry, knew i > forgot something :) It must be something else: I also get a white page, but the maillog dir and other settings are OK. Proof: 'perl stats.pl > test.html' from the commandline generates a perfect overview in test.html. Isn't it a CGI-BIN/rights setting that must be set or done? Sander > > ----- Original Message ----- > From: Steve Evans > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Friday, January 25, 2002 4:31 PM > Subject: Re: Sendmail WebStats (sort of a mod) > > > So all I have to do is put it in my cgi-bin? That's it? If so all I > get is a blank page. > > Steve > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > Sent: Thursday, January 24, 2002 5:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sendmail WebStats (sort of a mod) > > > For those interested > http://sairys.bomb.net/sendmail-webstats.tar.gz > > put in your cgi-bin dir and browse to it. > > produces stats to the web, must have apache (or some httpd daemon > running) > > To see a sample, http://sairys.bomb.net/sample.gif > > -- Sent through GMX FreeMail - http://www.gmx.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020125/b30c6004/attachment.html From fizz at BOMB.NET Fri Jan 25 22:53:28 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <001701c1a5eb$b22ff6f0$48cf75cc@fizz> <20600.1011997289@www26.gmx.net> Message-ID: <001201c1a5f3$1ad7c9b0$ac722241@fizz> Actually since this does some massive cpu usage for about 20 seconds, i found a better alternative :) like u mentioned below, just have cron do /cgi-bin/stats.pl > /http/stats.html or the equivelent every 5 or 10 minutes. That way there is no huge load on server every time you refresh. Hell you could prolly do every 1 minute and be fine, something like */1 * * * * /path-toscript/stats.pl > /path-to-webpages/pagename.html ----- Original Message ----- From: Sander Jonkers To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, January 25, 2002 5:21 PM Subject: Re: Sendmail WebStats (sort of a mod) > oops, u may have to edit it to point to your maillogs, sorry, knew i > forgot something :) It must be something else: I also get a white page, but the maillog dir and other settings are OK. Proof: 'perl stats.pl > test.html' from the commandline generates a perfect overview in test.html. Isn't it a CGI-BIN/rights setting that must be set or done? Sander > > ----- Original Message ----- > From: Steve Evans > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Friday, January 25, 2002 4:31 PM > Subject: Re: Sendmail WebStats (sort of a mod) > > > So all I have to do is put it in my cgi-bin? That's it? If so all I > get is a blank page. > > Steve > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > Sent: Thursday, January 24, 2002 5:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sendmail WebStats (sort of a mod) > > > For those interested > http://sairys.bomb.net/sendmail-webstats.tar.gz > > put in your cgi-bin dir and browse to it. > > produces stats to the web, must have apache (or some httpd daemon > running) > > To see a sample, http://sairys.bomb.net/sample.gif > > -- Sent through GMX FreeMail - http://www.gmx.net ------------------------------------------------------------------------------ oops, u may have to edit it to point to your maillogs, sorry, knew i forgot something :) ----- Original Message ----- From: Steve Evans To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, January 25, 2002 4:31 PM Subject: Re: Sendmail WebStats (sort of a mod) So all I have to do is put it in my cgi-bin? That's it? If so all I get is a blank page. Steve -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Thursday, January 24, 2002 5:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail WebStats (sort of a mod) For those interested http://sairys.bomb.net/sendmail-webstats.tar.gz put in your cgi-bin dir and browse to it. produces stats to the web, must have apache (or some httpd daemon running) To see a sample, http://sairys.bomb.net/sample.gif -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020125/c6c60502/attachment.html From felker at GMX.NET Fri Jan 25 23:25:55 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <001201c1a5f3$1ad7c9b0$ac722241@fizz> Message-ID: <29018.1012001155@www26.gmx.net> OK, done that, page is generated. Apparantly the script searches for 'mailscan' in the files in the directory /var/log/mail/. Despite my eicar detected mails, mailscanner does not log to my /var/log/mail/*. I first have to take of that. [root@sanderold mail]# ls /var/log/mail/* /var/log/mail/errors /var/log/mail/info /var/log/mail/warnings /var/log/mail/errors.1.gz /var/log/mail/info.1.gz /var/log/mail/warnings.1.gz [root@sanderold mail]# grep -i mailscan /var/log/mail/* [root@sanderold mail]# > Actually since this does some massive cpu usage for about 20 seconds, i > found a better alternative :) > like u mentioned below, just have cron do /cgi-bin/stats.pl > > /http/stats.html or the equivelent every 5 or 10 minutes. That way there is no huge > load on server every time you refresh. > Hell you could prolly do every 1 minute and be fine, something like > */1 * * * * /path-toscript/stats.pl > /path-to-webpages/pagename.html > > ----- Original Message ----- > From: Sander Jonkers > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Friday, January 25, 2002 5:21 PM > Subject: Re: Sendmail WebStats (sort of a mod) > > > > oops, u may have to edit it to point to your maillogs, sorry, knew i > > forgot something :) > > It must be something else: I also get a white page, but the maillog dir > and > other settings are OK. Proof: 'perl stats.pl > test.html' from the > commandline generates a perfect overview in test.html. > > Isn't it a CGI-BIN/rights setting that must be set or done? > > Sander > > > > > > ----- Original Message ----- > > From: Steve Evans > > To: MAILSCANNER@JISCMAIL.AC.UK > > Sent: Friday, January 25, 2002 4:31 PM > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so all > I > > get is a blank page. > > > > Steve > > -----Original Message----- > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > Sent: Thursday, January 24, 2002 5:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Sendmail WebStats (sort of a mod) > > > > > > For those interested > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > put in your cgi-bin dir and browse to it. > > > > produces stats to the web, must have apache (or some httpd daemon > > running) > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > -- > Sent through GMX FreeMail - http://www.gmx.net > > > ------------------------------------------------------------------------------ > > > oops, u may have to edit it to point to your maillogs, sorry, knew i > forgot something :) > > ----- Original Message ----- > From: Steve Evans > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Friday, January 25, 2002 4:31 PM > Subject: Re: Sendmail WebStats (sort of a mod) > > > So all I have to do is put it in my cgi-bin? That's it? If so all I > get is a blank page. > > Steve > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > Sent: Thursday, January 24, 2002 5:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sendmail WebStats (sort of a mod) > > > For those interested > http://sairys.bomb.net/sendmail-webstats.tar.gz > > put in your cgi-bin dir and browse to it. > > produces stats to the web, must have apache (or some httpd daemon > running) > > To see a sample, http://sairys.bomb.net/sample.gif > > -- Sent through GMX FreeMail - http://www.gmx.net From LISTSERV at JISCMAIL.AC.UK Sat Jan 26 05:49:26 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: stefanv@NX.CO.ZA requested to join Message-ID: <200201260549.FAA12235@magpie.ecs.soton.ac.uk> Sat, 26 Jan 2002 05:49:26 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Stefan Viljoen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER stefanv@NX.CO.ZA Stefan Viljoen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER stefanv@NX.CO.ZA Stefan Viljoen // EOJ From jkf at ecs.soton.ac.uk Sat Jan 26 13:30:22 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <20020125150353.A17532@michaelchaney.com> References: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020125020923.A14647@michaelchaney.com> <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020126132844.0421c488@hawk.ecs.soton.ac.uk> At 21:03 25/01/2002, you wrote: >On Fri, Jan 25, 2002 at 08:48:47AM +0000, Julian Field wrote: > > Please note this is due to SpamAssassin bugs, not MailScanner bugs :-) > > I call their API just the way they told me to... > >Without a doubt (God knows I've spent enough time looking over your code >to know that :) Cool, someone who actually looks at the code! I hope you don't think it's too awful... most of the users seem happy with it :) > If SpamAssassin 2 doesn't work well, I'm going to >rewrite large parts of it myself and just use their patterns. I'm running SpamAssassin 2.01 on our servers and it seems to be behaving fine, certainly as well as 1.5 did. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Sat Jan 26 19:16:06 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Idea?! Message-ID: <004201c1a69d$e7a7e1a0$ac722241@fizz> I couldnt find it in the code, so im askin in the list. Instead of making it say {SPAM?} for messages that have had viruses removed, why not put {Virus Removed} or something of that nature? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020126/d896606d/attachment.html From mdchaney at MICHAELCHANEY.COM Sat Jan 26 19:32:58 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <5.1.0.14.2.20020126132844.0421c488@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Sat, Jan 26, 2002 at 01:30:22PM +0000 References: <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020125020923.A14647@michaelchaney.com> <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> <20020125150353.A17532@michaelchaney.com> <5.1.0.14.2.20020126132844.0421c488@hawk.ecs.soton.ac.uk> Message-ID: <20020126133258.A21552@michaelchaney.com> On Sat, Jan 26, 2002 at 01:30:22PM +0000, Julian Field wrote: > At 21:03 25/01/2002, you wrote: > >On Fri, Jan 25, 2002 at 08:48:47AM +0000, Julian Field wrote: > > > Please note this is due to SpamAssassin bugs, not MailScanner bugs :-) > > > I call their API just the way they told me to... > > > >Without a doubt (God knows I've spent enough time looking over your code > >to know that :) > > Cool, someone who actually looks at the code! > I hope you don't think it's too awful... most of the users seem happy with > it :) I'm not sure how you're doing DNS lookups, haven't looked at it yet, but I have some code that should kick those into high gear. I'll send it along when I dig it up. > > If SpamAssassin 2 doesn't work well, I'm going to > >rewrite large parts of it myself and just use their patterns. > > I'm running SpamAssassin 2.01 on our servers and it seems to be behaving > fine, certainly as well as 1.5 did. I put SA 2.01 on my test mail server last night, and ran 999 known spams through it, and it hit on 858. I'm going to split them out and run them through the command line version and see what I get. Even so, 86% isn't bad, and another file of 350 known spams hit higher (91%). I was thinking that it would make sense to use Vipul's Razor in mailscanner, and then not run the message through SA if it hits there. The razor is much quicker than SA, and hits on generally 50% of all spam that I get (my file with 354 spams had only 130 that it didn't recognize), which means that we could speed this up greatly by only calling SA for half the spam. Another idea, which would work in conjunction with the above high-volume DNS lookup code, would be to create a process that scanned the mail queue before mailscanner got the messages and did the high-volume DNS lookup on every single host name in every single message. (I do 100 or more in parallel, so it wouldn't take long). That way, when mailscanner or SA went to do its lookups, they would already be sitting in the nameserver's cache, and the lookup would be instantaneous. The biggest trick would be to do the convolution for the RBL lookups correctly, but I don't think it would be terrible. Anyway, some thoughts. I'm not against coding, so I might play around with some of it when I get a chance in a few weeks. Good news, the code was right where I thought it was, have it under the GPL. This isn't the most beautiful Perl that I've ever written. Oddly, this was the first Perl program for which I was paid, written about a week after I learned Perl. Caveat emptor, but it works great. #!/usr/bin/perl # By: Michael Darrin Chaney (mdchaney@michaelchaney.com) # Michael Chaney Consulting Corp. # 7/22/1999 # Copyright (C) 1999, 2002 Michael Chaney Consulting Corporation # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA # # Synopsis: # Does a number of nslookups asynchronously. Performance can be tweaked # via the 4 variables below (timrout, waitlen, maxwaiting, maxlookups) to # perhaps make it faster. With the following values (5, 3, .75, and 60) # the program is able to average a little over 1000 lookups each minute, it's # unlikely that more are needed. I'm not sure what a good value for # maxlookups is, but it seems to run fine with 60 on a T-1. Faster net # connection means you should move that value up. Just don't kill your # nameserver. You also might want to move the timeout up a bit, perhaps # 15 or more seconds. # # This program expects to receive a list of hosts via stdin. use Net::DNS; use IO::Select; my $debugme=0; my $timeout = 5; my $waitlen = 3; # should be shorter than the timeout period my $maxwaiting = .75; my $maxlookups = 60; my $waitntry=0; my $sel = new IO::Select; my $res = new Net::DNS::Resolver; $res->tcp_timeout($timeout); print "Initial select count: ", $sel->count(), "\n" if ($debugme); until (eof STDIN && $waitntry==2) { # If over half of the lookups are "active", then I'm going to wait # and dump the ones which aren't ready. Or, if we're at the end of # input but some slots are active, wait. if (($sel->count() > ($maxlookups*$maxwaiting)) || ($sel->count()>0 && eof(STDIN))){ if ($waitntry == 0) { # wait for a few seconds and try again print $sel->count(), " of ", $maxlookups, " slots used, " if ($debugme); if (eof(STDIN)) { print "last bunch, waiting 10 seconds...\n" if ($debugme); sleep 10; # Give the last bunch a few more seconds } else { print "waiting 2 seconds...\n" if ($debugme); sleep $waitlen; # This should be short! } $waitntry=1; } else { # well, we waited and ended up here again, we'll dump them # and move on. It would be better to actually keep track of # how long each request has taken, and only dump the oldest # ones. Alternately, if the handles are added to the list # at the beginning or end (very likely, check the IO::Select # source), then a certain slice of the oldest ones could be # dumped. $sel->remove($sel->handles); if ($debugme) { if (eof(STDIN)) { print "End of file, dumping inactive lookups\n" if ($debugme); $waitntry=2; last; } else { print "Too many slots used, dumping inactive lookups\n" if ($debugme); $waitntry=0; } } } } else { if ($sel->count()==0 && eof(STDIN)) { $waitntry=2; last; } else { $waitntry=0; } } unless ($waitntry) { # This will add some host lookups to bring the current count up to # $maxlookups. Think of this as planting some seeds. while (!eof(STDIN) && $sel->count() < $maxlookups) { my $line=; chomp $line; print "Adding host $line\n" if ($debugme); $sel->add($res->bgsend($line)); } } # Now, time to harvest the ripe ones. if (@ready = $sel->can_read($timeout)) { foreach $sock (@ready) { $packet = $res->bgread($sock); # $packet->print; if ($packet && $packet->answer) { foreach $rr ($packet->answer) { if ($rr->type eq "A") { print $rr->name," " if ($debugme); print $rr->address,"\n"; } } } else { print "Empty return\n" if ($debug); } $sel->remove($sock); $sock = undef; } } # Dump selects that have errors. Note that the method "has_error" # is incorrectly listed as "has_exception" in some documentation. if (@ready = $sel->has_error(0)) { print "Removing problem selects\n" if ($debugme); foreach $sock (@ready) { # $packet = $res->bgread($sock); # $packet->print; $sel->remove($sock); $sock = undef; } } } Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From LISTSERV at JISCMAIL.AC.UK Sat Jan 26 18:23:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: itcraze@YAHOO.COM requested to join Message-ID: <200201261823.SAA05847@magpie.ecs.soton.ac.uk> Sat, 26 Jan 2002 18:23:08 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Terry Chua You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER itcraze@YAHOO.COM Terry Chua PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER itcraze@YAHOO.COM Terry Chua // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Jan 26 19:53:40 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: rishi@THEARGONCOMPANY.COM requested to join Message-ID: <200201261953.TAA09044@magpie.ecs.soton.ac.uk> Sat, 26 Jan 2002 19:53:40 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Rishi Gangoly You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rishi@THEARGONCOMPANY.COM Rishi Gangoly PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rishi@THEARGONCOMPANY.COM Rishi Gangoly // EOJ From fizz at BOMB.NET Sun Jan 27 02:55:45 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <001201c1a5f3$1ad7c9b0$ac722241@fizz> <29018.1012001155@www26.gmx.net> Message-ID: <000d01c1a6de$1e3a43d0$ac722241@fizz> you running Syslogd with -r? Also syslogd 1.3-3 will NOT work with mailscanner. you must use version 1.4-4 if your using slackware or redhat. to get the version do syslogd -v hope this helps ----- Original Message ----- From: "Sander Jonkers" To: Sent: Friday, January 25, 2002 6:25 PM Subject: Re: Sendmail WebStats (sort of a mod) > OK, done that, page is generated. Apparantly the script searches for > 'mailscan' in the files in the directory /var/log/mail/. Despite my eicar detected > mails, mailscanner does not log to my /var/log/mail/*. I first have to take of > that. > > > [root@sanderold mail]# ls /var/log/mail/* > /var/log/mail/errors /var/log/mail/info /var/log/mail/warnings > /var/log/mail/errors.1.gz /var/log/mail/info.1.gz > /var/log/mail/warnings.1.gz > [root@sanderold mail]# grep -i mailscan /var/log/mail/* > [root@sanderold mail]# > > > > > Actually since this does some massive cpu usage for about 20 seconds, i > > found a better alternative :) > > like u mentioned below, just have cron do /cgi-bin/stats.pl > > > /http/stats.html or the equivelent every 5 or 10 minutes. That way there > is no huge > > load on server every time you refresh. > > Hell you could prolly do every 1 minute and be fine, something like > > */1 * * * * /path-toscript/stats.pl > /path-to-webpages/pagename.html > > > > ----- Original Message ----- > > From: Sander Jonkers > > To: MAILSCANNER@JISCMAIL.AC.UK > > Sent: Friday, January 25, 2002 5:21 PM > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > oops, u may have to edit it to point to your maillogs, sorry, knew i > > > forgot something :) > > > > It must be something else: I also get a white page, but the maillog dir > > and > > other settings are OK. Proof: 'perl stats.pl > test.html' from the > > commandline generates a perfect overview in test.html. > > > > Isn't it a CGI-BIN/rights setting that must be set or done? > > > > Sander > > > > > > > > > > ----- Original Message ----- > > > From: Steve Evans > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Sent: Friday, January 25, 2002 4:31 PM > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so all > > I > > > get is a blank page. > > > > > > Steve > > > -----Original Message----- > > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > > Sent: Thursday, January 24, 2002 5:07 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Sendmail WebStats (sort of a mod) > > > > > > > > > For those interested > > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > > > put in your cgi-bin dir and browse to it. > > > > > > produces stats to the web, must have apache (or some httpd daemon > > > running) > > > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > > > > > -- > > Sent through GMX FreeMail - http://www.gmx.net > > > > > > > -------------------------------------------------------------------------- ---- > > > > > > oops, u may have to edit it to point to your maillogs, sorry, knew i > > forgot something :) > > > > ----- Original Message ----- > > From: Steve Evans > > To: MAILSCANNER@JISCMAIL.AC.UK > > Sent: Friday, January 25, 2002 4:31 PM > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so all I > > get is a blank page. > > > > Steve > > -----Original Message----- > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > Sent: Thursday, January 24, 2002 5:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Sendmail WebStats (sort of a mod) > > > > > > For those interested > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > put in your cgi-bin dir and browse to it. > > > > produces stats to the web, must have apache (or some httpd daemon > > running) > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > -- > Sent through GMX FreeMail - http://www.gmx.net From nwp at LEMON-COMPUTING.COM Sun Jan 27 11:08:13 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <20020126133258.A21552@michaelchaney.com>; from mdchaney@MICHAELCHANEY.COM on Sat, Jan 26, 2002 at 01:32:58PM -0600 References: <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020125020923.A14647@michaelchaney.com> <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> <20020125150353.A17532@michaelchaney.com> <5.1.0.14.2.20020126132844.0421c488@hawk.ecs.soton.ac.uk> <20020126133258.A21552@michaelchaney.com> Message-ID: <20020127110813.B7526@lemon-computing.com> On Sat, Jan 26, 2002 at 01:32:58PM -0600, Michael Chaney wrote: > I was thinking that it would make sense to use Vipul's Razor in > mailscanner, and then not run the message through SA if it hits there. > The razor is much quicker than SA, and hits on generally 50% of all > spam that I get (my file with 354 spams had only 130 that it didn't > recognize), which means that we could speed this up greatly by only > calling SA for half the spam. Problem being that apparently Vipul's Razor regularly flags, for example, Debian Security Alerts as spam... ...so it's probably better off staying within the spamassassin scoring framework. -- Nick Phillips -- nwp@lemon-computing.com Your lucky number has been disconnected. From felker at GMX.NET Sun Jan 27 11:28:58 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <000d01c1a6de$1e3a43d0$ac722241@fizz> Message-ID: <8177.1012130938@www35.gmx.net> > you running Syslogd with -r? Yes, I am now, and the mailscanner logging is there, and stats.pl reports the number of detected viruses. Nice. However, stats.pl also always reports that there is 1 message in the inqueue and 1 in the outqueue, which is not correct: /var/spool/mque* is empty So queston: does stats.pl look at these directories, or does it 'calculate' the messages in the queue based on the mail logging? Sander /var/spool/mqueue: total 0 /var/spool/mqueue.in: total 0 "Incoming Queue Contains Email that hasnt been scanned for viruses and as spam. 1 " > Also syslogd 1.3-3 will NOT work with mailscanner. you must use version > 1.4-4 if your using slackware or redhat. to get the version do syslogd -v > hope this helps > > ----- Original Message ----- > From: "Sander Jonkers" > To: > Sent: Friday, January 25, 2002 6:25 PM > Subject: Re: Sendmail WebStats (sort of a mod) > > > > OK, done that, page is generated. Apparantly the script searches for > > 'mailscan' in the files in the directory /var/log/mail/. Despite my > eicar > detected > > mails, mailscanner does not log to my /var/log/mail/*. I first have to > take of > > that. > > > > > > [root@sanderold mail]# ls /var/log/mail/* > > /var/log/mail/errors /var/log/mail/info > /var/log/mail/warnings > > /var/log/mail/errors.1.gz /var/log/mail/info.1.gz > > /var/log/mail/warnings.1.gz > > [root@sanderold mail]# grep -i mailscan /var/log/mail/* > > [root@sanderold mail]# > > > > > > > > > Actually since this does some massive cpu usage for about 20 seconds, > i > > > found a better alternative :) > > > like u mentioned below, just have cron do /cgi-bin/stats.pl > > > > /http/stats.html or the equivelent every 5 or 10 minutes. That way > there > > is no huge > > > load on server every time you refresh. > > > Hell you could prolly do every 1 minute and be fine, something like > > > */1 * * * * /path-toscript/stats.pl > /path-to-webpages/pagename.html > > > > > > ----- Original Message ----- > > > From: Sander Jonkers > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Sent: Friday, January 25, 2002 5:21 PM > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > > oops, u may have to edit it to point to your maillogs, sorry, knew > i > > > > forgot something :) > > > > > > It must be something else: I also get a white page, but the maillog > dir > > > and > > > other settings are OK. Proof: 'perl stats.pl > test.html' from the > > > commandline generates a perfect overview in test.html. > > > > > > Isn't it a CGI-BIN/rights setting that must be set or done? > > > > > > Sander > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: Steve Evans > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Sent: Friday, January 25, 2002 4:31 PM > > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so > all > > > I > > > > get is a blank page. > > > > > > > > Steve > > > > -----Original Message----- > > > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > > > Sent: Thursday, January 24, 2002 5:07 PM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > For those interested > > > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > > > > > put in your cgi-bin dir and browse to it. > > > > > > > > produces stats to the web, must have apache (or some httpd > daemon > > > > running) > > > > > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > > > > > > > > > -- > > > Sent through GMX FreeMail - http://www.gmx.net > > > > > > > > > > > > -------------------------------------------------------------------------- > ---- > > > > > > > > > oops, u may have to edit it to point to your maillogs, sorry, knew i > > > forgot something :) > > > > > > ----- Original Message ----- > > > From: Steve Evans > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Sent: Friday, January 25, 2002 4:31 PM > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so > all > I > > > get is a blank page. > > > > > > Steve > > > -----Original Message----- > > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > > Sent: Thursday, January 24, 2002 5:07 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Sendmail WebStats (sort of a mod) > > > > > > > > > For those interested > > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > > > put in your cgi-bin dir and browse to it. > > > > > > produces stats to the web, must have apache (or some httpd > daemon > > > running) > > > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > > > > > -- > > Sent through GMX FreeMail - http://www.gmx.net > -- Sent through GMX FreeMail - http://www.gmx.net From nwp at LEMON-COMPUTING.COM Sun Jan 27 11:48:39 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) In-Reply-To: <000d01c1a6de$1e3a43d0$ac722241@fizz>; from fizz@BOMB.NET on Sat, Jan 26, 2002 at 09:55:45PM -0500 References: <001201c1a5f3$1ad7c9b0$ac722241@fizz> <29018.1012001155@www26.gmx.net> <000d01c1a6de$1e3a43d0$ac722241@fizz> Message-ID: <20020127114839.C7526@lemon-computing.com> On Sat, Jan 26, 2002 at 09:55:45PM -0500, Kelly Hamlin wrote: > you running Syslogd with -r? > Also syslogd 1.3-3 will NOT work with mailscanner. you must use version > 1.4-4 if your using slackware or redhat. to get the version do syslogd -v Why's that? Which release(s) of those distributions did/does each of those versions come with? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You are not dead yet. But watch for further reports. From felker at GMX.NET Sun Jan 27 13:15:32 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:19 2006 Subject: Sendmail WebStats (sort of a mod) References: <8177.1012130938@www35.gmx.net> Message-ID: <8678.1012137332@www7.gmx.net> > However, stats.pl also always reports that there is 1 message in the > inqueue > and 1 in the outqueue, which is not correct: /var/spool/mque* is empty > > So queston: does stats.pl look at these directories, or does it > 'calculate' > the messages in the queue based on the mail logging? I looked myself, and stats.pl does this: system("ls /var/spool/mqueue.in/ -l | grep \"\" -c"); system("ls /var/spool/mqueue/ -l | grep \"\" -c"); This way, the grep-count command also counts the line 'total' from the top of the ls -l as an file, whichis not correct. In an empty directory, this causes a result of 1 (which I get). I changed the grep to count the lines containing anything but 'total': system("ls /var/spool/mqueue.in/ -l | grep -c -vi total "); system("ls /var/spool/mqueue/ -l | grep -c -vi total "); and the stats.pl results look OK now. Sander > > Sander > > > > > /var/spool/mqueue: > total 0 > > /var/spool/mqueue.in: > total 0 > > > "Incoming Queue > Contains Email that hasnt been scanned for viruses and as spam. 1 " > > > > > Also syslogd 1.3-3 will NOT work with mailscanner. you must use version > > 1.4-4 if your using slackware or redhat. to get the version do syslogd > -v > > hope this helps > > > > ----- Original Message ----- > > From: "Sander Jonkers" > > To: > > Sent: Friday, January 25, 2002 6:25 PM > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > OK, done that, page is generated. Apparantly the script searches for > > > 'mailscan' in the files in the directory /var/log/mail/. Despite my > > eicar > > detected > > > mails, mailscanner does not log to my /var/log/mail/*. I first have to > > take of > > > that. > > > > > > > > > [root@sanderold mail]# ls /var/log/mail/* > > > /var/log/mail/errors /var/log/mail/info > > /var/log/mail/warnings > > > /var/log/mail/errors.1.gz /var/log/mail/info.1.gz > > > /var/log/mail/warnings.1.gz > > > [root@sanderold mail]# grep -i mailscan /var/log/mail/* > > > [root@sanderold mail]# > > > > > > > > > > > > > Actually since this does some massive cpu usage for about 20 > seconds, > > i > > > > found a better alternative :) > > > > like u mentioned below, just have cron do /cgi-bin/stats.pl > > > > > /http/stats.html or the equivelent every 5 or 10 minutes. That way > > there > > > is no huge > > > > load on server every time you refresh. > > > > Hell you could prolly do every 1 minute and be fine, something like > > > > */1 * * * * /path-toscript/stats.pl > > /path-to-webpages/pagename.html > > > > > > > > ----- Original Message ----- > > > > From: Sander Jonkers > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Sent: Friday, January 25, 2002 5:21 PM > > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > > oops, u may have to edit it to point to your maillogs, sorry, > knew > > i > > > > > forgot something :) > > > > > > > > It must be something else: I also get a white page, but the > maillog > > dir > > > > and > > > > other settings are OK. Proof: 'perl stats.pl > test.html' from the > > > > commandline generates a perfect overview in test.html. > > > > > > > > Isn't it a CGI-BIN/rights setting that must be set or done? > > > > > > > > Sander > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: Steve Evans > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Sent: Friday, January 25, 2002 4:31 PM > > > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > > > > So all I have to do is put it in my cgi-bin? That's it? If > so > > all > > > > I > > > > > get is a blank page. > > > > > > > > > > Steve > > > > > -----Original Message----- > > > > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > > > > Sent: Thursday, January 24, 2002 5:07 PM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > > > > For those interested > > > > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > > > > > > > put in your cgi-bin dir and browse to it. > > > > > > > > > > produces stats to the web, must have apache (or some httpd > > daemon > > > > > running) > > > > > > > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > > > > > > > > > > > > > -- > > > > Sent through GMX FreeMail - http://www.gmx.net > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > ---- > > > > > > > > > > > > oops, u may have to edit it to point to your maillogs, sorry, knew > i > > > > forgot something :) > > > > > > > > ----- Original Message ----- > > > > From: Steve Evans > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Sent: Friday, January 25, 2002 4:31 PM > > > > Subject: Re: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > So all I have to do is put it in my cgi-bin? That's it? If so > > all > > I > > > > get is a blank page. > > > > > > > > Steve > > > > -----Original Message----- > > > > From: Kelly Hamlin [mailto:fizz@BOMB.NET] > > > > Sent: Thursday, January 24, 2002 5:07 PM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Sendmail WebStats (sort of a mod) > > > > > > > > > > > > For those interested > > > > http://sairys.bomb.net/sendmail-webstats.tar.gz > > > > > > > > put in your cgi-bin dir and browse to it. > > > > > > > > produces stats to the web, must have apache (or some httpd > > daemon > > > > running) > > > > > > > > To see a sample, http://sairys.bomb.net/sample.gif > > > > > > > > > > > > > > -- > > > Sent through GMX FreeMail - http://www.gmx.net > > > > -- > Sent through GMX FreeMail - http://www.gmx.net > -- Sent through GMX FreeMail - http://www.gmx.net From LISTSERV at JISCMAIL.AC.UK Sat Jan 26 21:37:32 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: philip.ibis@BLACKBOXGAMES.COM requested to join Message-ID: <200201262137.VAA12975@magpie.ecs.soton.ac.uk> Sat, 26 Jan 2002 21:37:32 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Philip Ibis You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER philip.ibis@BLACKBOXGAMES.COM Philip Ibis PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER philip.ibis@BLACKBOXGAMES.COM Philip Ibis // EOJ From mdchaney at MICHAELCHANEY.COM Sun Jan 27 16:05:27 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:19 2006 Subject: SpamAssassin 2.0 - beware of old spamassassin.cf file! In-Reply-To: <20020127110813.B7526@lemon-computing.com>; from nwp@LEMON-COMPUTING.COM on Sun, Jan 27, 2002 at 11:08:13AM +0000 References: <20020124183405.B12743@michaelchaney.com> <00bd01c1a556$7087c100$670a000a@dorfam.ca> <20020125020923.A14647@michaelchaney.com> <5.1.0.14.2.20020125084810.03b02148@imap.ecs.soton.ac.uk> <20020125150353.A17532@michaelchaney.com> <5.1.0.14.2.20020126132844.0421c488@hawk.ecs.soton.ac.uk> <20020126133258.A21552@michaelchaney.com> <20020127110813.B7526@lemon-computing.com> Message-ID: <20020127100527.A32236@michaelchaney.com> On Sun, Jan 27, 2002 at 11:08:13AM +0000, Nick Phillips wrote: > On Sat, Jan 26, 2002 at 01:32:58PM -0600, Michael Chaney wrote: > > > I was thinking that it would make sense to use Vipul's Razor in > > mailscanner, and then not run the message through SA if it hits there. > > The razor is much quicker than SA, and hits on generally 50% of all > > spam that I get (my file with 354 spams had only 130 that it didn't > > recognize), which means that we could speed this up greatly by only > > calling SA for half the spam. > > Problem being that apparently Vipul's Razor regularly flags, for example, > Debian Security Alerts as spam... > > ...so it's probably better off staying within the spamassassin scoring > framework. For now, yes. They are working out the issues that will stop idiots from reporting Debian Security Alerts, Bugtraq, etc. as spam. As it is now, somebody's just doing a low-grade DoS attack on it. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From fizz at BOMB.NET Sun Jan 27 18:36:30 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:19 2006 Subject: I know this has been mentioned, BUT.. Message-ID: <000c01c1a761$8a3a08d0$ac722241@fizz> I was unable to find it. How can i make it show the amount of hits in the header if it wasnt found to be spam? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020127/14d78d00/attachment.html From LISTSERV at JISCMAIL.AC.UK Sun Jan 27 20:15:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: gene@ERACHAMPION.COM requested to join Message-ID: <200201272015.UAA18869@magpie.ecs.soton.ac.uk> Sun, 27 Jan 2002 20:15:58 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Gene Ruebsamen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER gene@ERACHAMPION.COM Gene Ruebsamen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER gene@ERACHAMPION.COM Gene Ruebsamen // EOJ From gene at ERACHAMPION.COM Sun Jan 27 22:07:38 2002 From: gene at ERACHAMPION.COM (Gene Ruebsamen) Date: Thu Jan 12 21:14:19 2006 Subject: spamassassin (spamd) Message-ID: <1012169258.20680.2.camel@localhost.localdomain> Hello, Just installed MailScanner over the weekend and I love it! I've been using SpamAssassin for the past few weeks; however, I have been using the daemonized version of SpamAssassin (spamd), and calling spamc to test the messages. It's quite a bit faster than calling the SpamAssassin perl script every time to check e-mails. Now that MailScanner has SA support, is there a way to get MailScanner to use spamc instead of the spamassassin perl script? Right now, I've disabled SA support in MailScanner and am using spamc separately with procmail; however, I'd like to enable SA support in MailScanner. Any ideas? Thanks, Gene Ruebsamen From hyooga at WT.NET Mon Jan 28 03:26:58 2002 From: hyooga at WT.NET (Paul) Date: Thu Jan 12 21:14:19 2006 Subject: Running SA individually is better? In-Reply-To: <1012169258.20680.2.camel@localhost.localdomain> Message-ID: Hi, I have been using MailScanner 3.03 with SA 1.5. I am just running SA1.5 with Spamd without using MailScanner to call it. I have also noticed a 30%-40% performance increase by running SA individually. When i was running MailScanner with SA1.5 I have turned off RBL check. I sometimes notice a hugh delay. Now i am having about 3-10 sec delay which is very acceptable. This is one of the very high traffic mail server that i am testing on :) With the other slow traffic, the combination with Mailscanner and SA works find. I am also using sendmail -q1m with "queue" method to dispatch the mail and running outgoing mail in background process. Any suggests? How about upgrading to SA2.0? I am also running on Perl 5.0053 version. I tested on 5.6.0 and 5.6.1 and they are slower than 5.0053. Am i doing something wrong? Thanks Paul On Sun, 27 Jan 2002, Gene Ruebsamen wrote: > Hello, > > Just installed MailScanner over the weekend and I love it! I've been > using SpamAssassin for the past few weeks; however, I have been using > the daemonized version of SpamAssassin (spamd), and calling spamc to > test the messages. > > It's quite a bit faster than calling the SpamAssassin perl script every > time to check e-mails. Now that MailScanner has SA support, is there a > way to get MailScanner to use spamc instead of the spamassassin perl > script? Right now, I've disabled SA support in MailScanner and am using > spamc separately with procmail; however, I'd like to enable SA support > in MailScanner. Any ideas? > > Thanks, > > Gene Ruebsamen > -- > This message has been scanned for viruses and > dangerous content, and is believed to be clean. > -- This message has been scanned for viruses and dangerous content and is found to be clean. From felker at GMX.NET Mon Jan 28 04:47:26 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:19 2006 Subject: uuencoded att's not scanned by Mailscanner? References: Message-ID: <546.1012193246@www54.gmx.net> Hi, Are uuencoded attachments not scanned by Mailscanner? When I send a uuencoded eicar.com, the eicar.com attachment arrives at the destination, without being blocked by mailscanner. Sending is done with: uuencode eicar.com eicar.com | mail harrydebeuker@gmx.net The mail is received and correctly decoded to eicar.com by Outlook Express. Below is an example of the message format (not eicar.com but hi.txt to avoid alarm bells) Any ideas? Sander Received: (from test@localhost) by grachtzicht.cjb.net (8.11.6/8.11.6) id g0S4Ps217303 for harrydebeuker@gmx.net; Mon, 28 Jan 2002 05:25:54 +0100 Date: Mon, 28 Jan 2002 05:25:54 +0100 From: test Message-Id: <200201280425.g0S4Ps217303@grachtzicht.cjb.net> To: harrydebeuker@gmx.net begin 644 hi.txt $2&DA"@`` ` end -- Sent through GMX FreeMail - http://www.gmx.net From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 01:04:40 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:19 2006 Subject: MAILSCANNER: richard.scott@TN.INTELLITRANS.COM requested to join Message-ID: <200201280104.BAA27712@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 01:04:40 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Richard Scott You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER richard.scott@TN.INTELLITRANS.COM Richard Scott PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER richard.scott@TN.INTELLITRANS.COM Richard Scott // EOJ From jkf at ecs.soton.ac.uk Mon Jan 28 10:38:23 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: spamassassin (spamd) In-Reply-To: <1012169258.20680.2.camel@localhost.localdomain> Message-ID: <5.1.0.14.2.20020128103700.03584bb0@hawk.ecs.soton.ac.uk> At 22:07 27/01/2002, you wrote: >It's quite a bit faster than calling the SpamAssassin perl script every >time to check e-mails. Now that MailScanner has SA support, is there a >way to get MailScanner to use spamc instead of the spamassassin perl >script? Right now, I've disabled SA support in MailScanner and am using >spamc separately with procmail; however, I'd like to enable SA support >in MailScanner. Any ideas? MailScanner doesn't call the "spamassassin" perl script, or indeed the spamc/spamd stuff. It uses the Perl API directly into SpamAssassin, and so doesn't have to invoke anything, which is faster than either of the methods you list above. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 10:45:44 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: uuencoded att's not scanned by Mailscanner? In-Reply-To: <546.1012193246@www54.gmx.net> References: Message-ID: <5.1.0.14.2.20020128104446.035b2c78@hawk.ecs.soton.ac.uk> At 04:47 28/01/2002, you wrote: >Are uuencoded attachments not scanned by Mailscanner? When I send a >uuencoded eicar.com, the eicar.com attachment arrives at the destination, >without >being blocked by mailscanner. Proper attachments that are uuencoded should be scanned by MailScanner. However what you created wasn't a proper attachment, it was just inline in the message without any proper MIME headers or anything. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From S.L.Sargent at QMUL.AC.UK Mon Jan 28 12:18:40 2002 From: S.L.Sargent at QMUL.AC.UK (Steve Sargent) Date: Thu Jan 12 21:14:19 2006 Subject: Fwd: Output from "cron" command Message-ID: I set the auto update script running in cron over the weekend and it produced this output. Is it a know bug? --- begin forwarded text X-Sieve: cmu-sieve 2.0 To: exim@mail1-test.qmw.ac.uk Subject: Output from "cron" command From: exim@mail1-test.qmul.ac.uk Date: Sat, 26 Jan 2002 03:00:55 +0000 X-MailScanner: Found to be clean Your "cron" job on chi /opt/mcafee/autoupdate produced the following output: Undefined subroutine &Sys::Syslog::syslog called at /opt/mcafee/autoupdate line 126. --- end forwarded text -- |--------------------------------------------------------------------------| | Steve Sargent, Vox +44 020 7775 3220, Fax +44 020 8980 2001 | | QMUL Computing Services, Mile End Road, London E1 4NS, UK | | Email : S.L.Sargent@qmul.ac.uk | | WWW page: http://www.qmul.ac.uk/~cgaa160/index.html | | | | | PIPER _|_ | | PA28R ____/___\____ | | ___________[=o=]___________ | | ARROW e/ o \e | |--------------------------------------------------------------------------| From jkf at ecs.soton.ac.uk Mon Jan 28 12:39:34 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: EMERGENCY: MyParty Message-ID: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> The MyParty virus is not being caught by MailScanner. I am in the process of issuing a fix for this, which will be version 3.04-1. Everyone should upgrade to this version. Those not wanting to upgrade, but merely wanting a fix for their current code should see the website News and a simple fix is a 1-line change. Sorry about this folks, they caught me out on an optimisation :-( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 13:02:27 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:19 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> At 12:39 28/01/2002, you wrote: >The MyParty virus is not being caught by MailScanner. > >I am in the process of issuing a fix for this, which will be version >3.04-1. Everyone should upgrade to this version. Those not wanting to >upgrade, but merely wanting a fix for their current code should see the >website News and a simple fix is a 1-line change. > >Sorry about this folks, they caught me out on an optimisation :-( I have now released 3.04-1. There is one new configuration variable "Scan All Messages" which forces it to even scan plain-text messages which were previously thought to be perfectly harmless (and have proved to be until now). The default is "yes" so don't worry if you forget to update your mailscanner.conf. This will unfortunately cause an increase in the system load on your MailScanner servers, as now every plain-text message will be scanned as well as every MIME message. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From P.A.Osborne at UKC.AC.UK Mon Jan 28 12:51:55 2002 From: P.A.Osborne at UKC.AC.UK (P.A.Osborne) Date: Thu Jan 12 21:14:19 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Mon, Jan 28, 2002 at 12:39:34PM +0000 References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <20020128125155.A5706@apple.ukc.ac.uk> On Mon, Jan 28, 2002 at 12:39:34PM +0000, Julian Field wrote: > The MyParty virus is not being caught by MailScanner. > > I am in the process of issuing a fix for this, which will be version > 3.04-1. Everyone should upgrade to this version. Those not wanting to > upgrade, but merely wanting a fix for their current code should see the > website News and a simple fix is a 1-line change. > > Sorry about this folks, they caught me out on an optimisation :-( These things happen. Anyhow quick question: is an upgrade on a sub version as simple as just dropping a new binary in place and restarting mailscanner? --Paul --trying to prevent periods of harsh language.... :-) -- Paul Osborne Computing Officer University of Kent at Canterbury Computing Service From jeroen at WIJDOGEN.DHS.ORG Mon Jan 28 12:50:27 2002 From: jeroen at WIJDOGEN.DHS.ORG (Jeroen Wijdogen) Date: Thu Jan 12 21:14:19 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <003e01c1a7fa$5ce293e0$0101a8c0@a2000.nl> Hello, while i was reading the mail of today i saw your important message. When i'm going to the download page i get this message: 404 File not Found The file /mailscanner/files/MailScanner-3.04-1.tar does not appear to exist. If you expected this URL to work, please contact the ECS Webmaster You may want to try: http://www.sng.ecs.soton.ac.uk/ http://www.ecs.soton.ac.uk/ http://www.soton.ac.uk/ A waited for a few moments bit still got the error Regards JeroenW ----- Original Message ----- From: "Julian Field" To: Sent: Monday, January 28, 2002 1:39 PM Subject: EMERGENCY: MyParty > The MyParty virus is not being caught by MailScanner. > > I am in the process of issuing a fix for this, which will be version > 3.04-1. Everyone should upgrade to this version. Those not wanting to > upgrade, but merely wanting a fix for their current code should see the > website News and a simple fix is a 1-line change. > > Sorry about this folks, they caught me out on an optimisation :-( > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jkf at ecs.soton.ac.uk Mon Jan 28 13:09:25 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <003e01c1a7fa$5ce293e0$0101a8c0@a2000.nl> References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128130911.07965d70@hawk.ecs.soton.ac.uk> At 12:50 28/01/2002, you wrote: >Hello, > >while i was reading the mail of today i saw your important message. When i'm >going to the download page i get this message: > >404 File not Found >The file /mailscanner/files/MailScanner-3.04-1.tar does not appear to exist. > >If you expected this URL to work, please contact the ECS Webmaster > >You may want to try: >http://www.sng.ecs.soton.ac.uk/ >http://www.ecs.soton.ac.uk/ >http://www.soton.ac.uk/ > >A waited for a few moments bit still got the error You beat me to it. Try again now and it will be there. >Regards JeroenW > > > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Monday, January 28, 2002 1:39 PM >Subject: EMERGENCY: MyParty > > > > The MyParty virus is not being caught by MailScanner. > > > > I am in the process of issuing a fix for this, which will be version > > 3.04-1. Everyone should upgrade to this version. Those not wanting to > > upgrade, but merely wanting a fix for their current code should see the > > website News and a simple fix is a 1-line change. > > > > Sorry about this folks, they caught me out on an optimisation :-( > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 13:10:44 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <20020128125155.A5706@apple.ukc.ac.uk> References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> At 12:51 28/01/2002, you wrote: >On Mon, Jan 28, 2002 at 12:39:34PM +0000, Julian Field wrote: > > The MyParty virus is not being caught by MailScanner. > > > > I am in the process of issuing a fix for this, which will be version > > 3.04-1. Everyone should upgrade to this version. Those not wanting to > > upgrade, but merely wanting a fix for their current code should see the > > website News and a simple fix is a 1-line change. > > > > Sorry about this folks, they caught me out on an optimisation :-( > >These things happen. Thanks for your understanding :-) >Anyhow quick question: > >is an upgrade on a sub version as simple as just dropping a new >binary in place and restarting mailscanner? You would need to replace bin/*pl and bin/mailscanner for starters. Then diff your mailscanner.conf files to find any new keywords (or look in docs/conf.shtml as the most recent keywords are at the top of the list). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From hans at VALLDEN.COM Mon Jan 28 13:23:41 2002 From: hans at VALLDEN.COM (Hans Vallden) Date: Thu Jan 12 21:14:20 2006 Subject: Virus software licencing In-Reply-To: <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> Message-ID: Greetings earthlings! I'm sure this question has been asked before, but could someone enlighten me anyhow. Suppose one is using one of the various virus software compatible (eg. Sophos) with Mailscanner to check for viruses in eg. 100 users' email. Does one have to get 1 or 100 licenses for the virus software? -- -- Hans Vallden hans@vallden.com From fizz at BOMB.NET Mon Jan 28 13:27:19 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:20 2006 Subject: Virus software licencing References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> Message-ID: <00b401c1a7ff$8289c2d0$48cf75cc@fizz> depends on the software, sophos for exmaple is per user base, you would need a 100user liscence. ----- Original Message ----- From: "Hans Vallden" To: Sent: Monday, January 28, 2002 8:23 AM Subject: Virus software licencing > Greetings earthlings! > > I'm sure this question has been asked before, but could someone > enlighten me anyhow. Suppose one is using one of the various virus > software compatible (eg. Sophos) with Mailscanner to check for > viruses in eg. 100 users' email. Does one have to get 1 or 100 > licenses for the virus software? > -- > > -- > Hans Vallden > hans@vallden.com > From john.clancy at BUSINESSANDFINANCE.IE Mon Jan 28 13:23:28 2002 From: john.clancy at BUSINESSANDFINANCE.IE (John Clancy) Date: Thu Jan 12 21:14:20 2006 Subject: Virus software licencing References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> Message-ID: <000c01c1a7fe$f95df260$666078c1@businessandfinance.ie> Hi All, I can't comment on any of the other virus scanners but here's a quote from a quotation for Sophos SAVI :- A SAVI licence allows the use of the SAVI on Windows NT and UNIX mail servers in conjunction with a third party scanner (e.g. MIMEsweeper). SAVI is licensed according to the number of machine benefiting from the virus protection provided by SAVI on the mail server. John Clancy > Greetings earthlings! > > I'm sure this question has been asked before, but could someone > enlighten me anyhow. Suppose one is using one of the various virus > software compatible (eg. Sophos) with Mailscanner to check for > viruses in eg. 100 users' email. Does one have to get 1 or 100 > licenses for the virus software? > -- > > -- > Hans Vallden > hans@vallden.com From felker at GMX.NET Mon Jan 28 13:40:19 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:20 2006 Subject: uuencoded att's not scanned by Mailscanner? References: <5.1.0.14.2.20020128104446.035b2c78@hawk.ecs.soton.ac.uk> Message-ID: <18444.1012225219@www57.gmx.net> > At 04:47 28/01/2002, you wrote: > >Are uuencoded attachments not scanned by Mailscanner? When I send a > >uuencoded eicar.com, the eicar.com attachment arrives at the destination, > >without > >being blocked by mailscanner. > > Proper attachments that are uuencoded should be scanned by MailScanner. > However what you created wasn't a proper attachment, it was just inline in > the message without any proper MIME headers or anything. OK, but the eicar.com arrives as an correct attachment in Outlook Express and Outlook. Maybe Microsoft is wrong about that, but it causes a dangerous situation. It could be nice to be pragmatic and also decode 'ugly' uuencoded files (like Outlook Express). Furthermore I'll do some tests with pure uuencoded (non-MIME) attachments to see if that works as expected. Thanks for your reply. Sander -- Sent through GMX FreeMail - http://www.gmx.net From P.A.Osborne at UKC.AC.UK Mon Jan 28 13:45:33 2002 From: P.A.Osborne at UKC.AC.UK (P.A.Osborne) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Mon, Jan 28, 2002 at 01:10:44PM +0000 References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <20020128125155.A5706@apple.ukc.ac.uk> <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> Message-ID: <20020128134533.B5706@apple.ukc.ac.uk> On Mon, Jan 28, 2002 at 01:10:44PM +0000, Julian Field wrote: > You would need to replace bin/*pl and bin/mailscanner for starters. Then > diff your mailscanner.conf files to find any new keywords (or look in > docs/conf.shtml as the most recent keywords are at the top of the list). OK thanks for that. Paul > Southampton SO17 1BJ -- Paul Osborne Computing Officer University of Kent at Canterbury Computing Service From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 13:38:50 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: dustin.baer@IHS.COM requested to join Message-ID: <200201281338.NAA29242@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 13:38:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dustin Baer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dustin.baer@IHS.COM Dustin Baer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dustin.baer@IHS.COM Dustin Baer // EOJ From jkf at ecs.soton.ac.uk Mon Jan 28 14:07:21 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: uuencoded att's not scanned by Mailscanner? In-Reply-To: <18444.1012225219@www57.gmx.net> References: <5.1.0.14.2.20020128104446.035b2c78@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128140645.039f6ad8@imap.ecs.soton.ac.uk> At 13:40 28/01/2002, you wrote: > > At 04:47 28/01/2002, you wrote: > > >Are uuencoded attachments not scanned by Mailscanner? When I send a > > >uuencoded eicar.com, the eicar.com attachment arrives at the destination, > > >without > > >being blocked by mailscanner. > > > > Proper attachments that are uuencoded should be scanned by MailScanner. > > However what you created wasn't a proper attachment, it was just inline in > > the message without any proper MIME headers or anything. > >OK, but the eicar.com arrives as an correct attachment in Outlook Express >and Outlook. Maybe Microsoft is wrong about that, but it causes a dangerous >situation. It could be nice to be pragmatic and also decode 'ugly' uuencoded >files (like Outlook Express). > >Furthermore I'll do some tests with pure uuencoded (non-MIME) attachments to >see if that works as expected. Use version 3.04, you'll find this behaviour has changed (you didn't write MyParty did you? (Joke!!!) :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Mon Jan 28 14:11:32 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> <20020128125155.A5706@apple.ukc.ac.uk> <5.1.0.14.2.20020128130928.079650b8@hawk.ecs.soton.ac.uk> <20020128134533.B5706@apple.ukc.ac.uk> Message-ID: <000701c1a805$aff5a9e0$48cf75cc@fizz> forunatly i didnt have MyParty hit my servers at all as of now. So i was able to upgrade, without infection to users :) Thanks for the heads up guys! ----- Original Message ----- From: "P.A.Osborne" To: Sent: Monday, January 28, 2002 8:45 AM Subject: Re: EMERGENCY: MyParty > On Mon, Jan 28, 2002 at 01:10:44PM +0000, Julian Field wrote: > > You would need to replace bin/*pl and bin/mailscanner for starters. Then > > diff your mailscanner.conf files to find any new keywords (or look in > > docs/conf.shtml as the most recent keywords are at the top of the list). > > OK thanks for that. > > Paul > > > Southampton SO17 1BJ > > -- > Paul Osborne > Computing Officer > University of Kent at Canterbury Computing Service > From pipera at HRZ.UNI-MARBURG.DE Mon Jan 28 14:14:31 2002 From: pipera at HRZ.UNI-MARBURG.DE (Piper Andreas) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: Your message of "Mon, 28 Jan 2002 13:02:27 GMT." <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> Message-ID: <200201281414.g0SEEVZV010181@pcrz109.HRZ.Uni-Marburg.DE> Hello Julian, > At 12:39 28/01/2002, you wrote: > >The MyParty virus is not being caught by MailScanner. > > > I have now released 3.04-1. the file 'Solaris/Other Linux/other Unix version 3.04-1' (MailScanner-3.04-1.tar) cant be untar'ed. The error message is: tar: 203 garbage bytes ignored at end of archive tar: Unexpected EOF in archive tar: Error is not recoverable: exiting now Could you please renew this file on your server? Thanks, Andreas Piper ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE From jkf at ecs.soton.ac.uk Mon Jan 28 14:27:59 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <200201281414.g0SEEVZV010181@pcrz109.HRZ.Uni-Marburg.DE> References: Message-ID: <5.1.0.14.2.20020128142726.03aedce0@imap.ecs.soton.ac.uk> At 14:14 28/01/2002, you wrote: >Hello Julian, > > > At 12:39 28/01/2002, you wrote: > > >The MyParty virus is not being caught by MailScanner. > > > > > I have now released 3.04-1. > >the file 'Solaris/Other Linux/other Unix version 3.04-1' >(MailScanner-3.04-1.tar) >cant be untar'ed. The error message is: > >tar: 203 garbage bytes ignored at end of archive >tar: Unexpected EOF in archive >tar: Error is not recoverable: exiting now > >Could you please renew this file on your server? Done. Winzip quite happily read the original one, so it must be a problem with only some versions of tar. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From yhodso01 at BCUC.AC.UK Mon Jan 28 15:03:33 2002 From: yhodso01 at BCUC.AC.UK (Yvonne.Hodson) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty Message-ID: <200201281503.PAA02076@deborah.buckscol.ac.uk> Julian, Please can you clarify the fix for those who do not wish to upgrade. The website news says Return true or false. sub DefinitelyClean { my($RHeaders) = @_; my(@Headers, $Header, $IsClean); :wq From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jan 28 13:52:35 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty Message-ID: Julian I applied the fix to sendmail.pl (3.03-1) but on my systems I get the following message when restarting MailScanner: Not a SCALAR reference at /opt/mailscanner/bin/sendmail.pl line 67. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > Sent: 28 January 2002 12:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: EMERGENCY: MyParty > > > The MyParty virus is not being caught by MailScanner. > > I am in the process of issuing a fix for this, which will be > version 3.04-1. Everyone should upgrade to this version. > Those not wanting to upgrade, but merely wanting a fix for > their current code should see the website News and a simple > fix is a 1-line change. > > Sorry about this folks, they caught me out on an optimisation :-( > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 15:07:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: ant@DVERE.NET requested to join Message-ID: <200201281507.PAA06963@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 15:07:30 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ant La Porte You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ant@DVERE.NET Ant La Porte PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ant@DVERE.NET Ant La Porte // EOJ From yhodso01 at BCUC.AC.UK Mon Jan 28 15:16:57 2002 From: yhodso01 at BCUC.AC.UK (Yvonne.Hodson) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty Message-ID: <200201281516.PAA03833@deborah.buckscol.ac.uk> Sorry, Previous message got garbled. Please can you confirm the "return 0;" should go immediately after sub DefinitelyClean { presumably to always bypass header checking for text. Thanks, Yvonne Hodson BCUC From jkf at ecs.soton.ac.uk Mon Jan 28 15:18:35 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <200201281503.PAA02076@deborah.buckscol.ac.uk> Message-ID: <5.1.0.14.2.20020128151721.03b7ba08@imap.ecs.soton.ac.uk> At 15:03 28/01/2002, you wrote: >Julian, >Please can you clarify the fix for those who do not wish to upgrade. >The website news says >sub DefinitelyClean { > my($RHeaders) = @_; > my(@Headers, $Header, $IsClean); Then add a line saying "return 0;". It doesn't really matter if it is straight after the "sub DefinitelyClean {" line or after the 3 lines you have shown there. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 15:19:58 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: Message-ID: <5.1.0.14.2.20020128151838.03c064b0@imap.ecs.soton.ac.uk> At 13:52 28/01/2002, you wrote: >I applied the fix to sendmail.pl (3.03-1) but on my systems I get the >following message when restarting MailScanner: > > Not a SCALAR reference at /opt/mailscanner/bin/sendmail.pl line 67. My sendmail.pl line 67 is in the middle of a long comment... Please can you show us a bit of the surrounding code? The function definition you want is around line 689 of sendmail.pl, not line 67. >Quentin >--- >PHONE: +44 191 222 8209 Computing Service, University of Newcastle >FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > -----Original Message----- > > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > > Sent: 28 January 2002 12:40 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: EMERGENCY: MyParty > > > > > > The MyParty virus is not being caught by MailScanner. > > > > I am in the process of issuing a fix for this, which will be > > version 3.04-1. Everyone should upgrade to this version. > > Those not wanting to upgrade, but merely wanting a fix for > > their current code should see the website News and a simple > > fix is a 1-line change. > > > > Sorry about this folks, they caught me out on an optimisation :-( > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Mon Jan 28 15:17:41 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:20 2006 Subject: MyParty / MailScanner Message-ID: <000901c1a80e$edf3c930$48cf75cc@fizz> Ok, there has to be a diffrent way. My mail server can not keep up with the load now. I do about 45000 messages a day, im currently running queue, should i try run in background like was previously suggested? i never had over 100 messages in my mqueue.in now i have over 1000. Thanks ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From jkf at ecs.soton.ac.uk Mon Jan 28 15:35:16 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: MyParty / MailScanner In-Reply-To: <000901c1a80e$edf3c930$48cf75cc@fizz> Message-ID: <5.1.0.14.2.20020128153208.067e1728@imap.ecs.soton.ac.uk> At 15:17 28/01/2002, you wrote: >Ok, there has to be a diffrent way. My mail server can not keep up with the >load now. I do about 45000 messages a day, im currently running queue, >should i try run in background like was previously suggested? i never had >over 100 messages in my mqueue.in now i have over 1000. "Deliver in Background = yes" makes no sense with "queue" delivery mode, as there's nothing to run in the background in that case. So that change alone won't help you. Try "Delivery Method = batch" and "Deliver in Background = yes". Your other alternative is to implement a subject-line trap in your MTA to block this particular virus, switch "Scan All Messages" to no and think about the setup some more. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 15:31:53 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <200201281516.PAA03833@deborah.buckscol.ac.uk> Message-ID: <5.1.0.14.2.20020128153145.067da070@imap.ecs.soton.ac.uk> At 15:16 28/01/2002, you wrote: >Sorry, >Previous message got garbled. >Please can you confirm the "return 0;" should go immediately after >sub DefinitelyClean { Correct. >presumably to always bypass header checking for text. Indeed. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jan 28 15:22:34 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty Message-ID: Julian We have been relying on MailScanner to remove the ".COM" attachment carried by MyPary and thus render it ineffective. Will 3.04-1 protect against MyParty by itself or does it need an up-to-date anti-virus database and tools as well? Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From jkf at ecs.soton.ac.uk Mon Jan 28 16:18:43 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty In-Reply-To: Message-ID: <5.1.0.14.2.20020128161805.06792ea0@imap.ecs.soton.ac.uk> At 15:22 28/01/2002, you wrote: >Will 3.04-1 protect against MyParty by itself or does it need an >up-to-date anti-virus database and tools as well? It will still need an up-to-date anti-virus database. If you can't get that, I would advise you switch vendors the next chance you get :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Mon Jan 28 16:58:23 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty References: <5.1.0.14.2.20020128161805.06792ea0@imap.ecs.soton.ac.uk> Message-ID: <000f01c1a81c$ff228e90$48cf75cc@fizz> sophos had an updated ide early thismorning, about 1 hour after first sight of virus. :) ----- Original Message ----- From: "Julian Field" To: Sent: Monday, January 28, 2002 11:18 AM Subject: Re: 3.04-1 & MyParty > At 15:22 28/01/2002, you wrote: > >Will 3.04-1 protect against MyParty by itself or does it need an > >up-to-date anti-virus database and tools as well? > > It will still need an up-to-date anti-virus database. If you can't get > that, I would advise you switch vendors the next chance you get :-) > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From m.sapsed at bangor.ac.uk Mon Jan 28 17:19:24 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> Message-ID: <3C55881C.78F4BB43@bangor.ac.uk> Julian Field wrote: > There is one new configuration variable "Scan All Messages" which forces it > to even scan plain-text messages which were previously thought to be > perfectly harmless (and have proved to be until now). The default is "yes" > so don't worry if you forget to update your mailscanner.conf. > > This will unfortunately cause an increase in the system load on your > MailScanner servers, as now every plain-text message will be scanned as > well as every MIME message. I don't understand! (Nothing new there!) The Sophos information on MyParty suggests that the executable is just another executable attachment. Have I missed something? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From m.sapsed at BANGOR.AC.UK Mon Jan 28 17:19:24 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> Message-ID: <3C55881C.78F4BB43@bangor.ac.uk> Julian Field wrote: > There is one new configuration variable "Scan All Messages" which forces it > to even scan plain-text messages which were previously thought to be > perfectly harmless (and have proved to be until now). The default is "yes" > so don't worry if you forget to update your mailscanner.conf. > > This will unfortunately cause an increase in the system load on your > MailScanner servers, as now every plain-text message will be scanned as > well as every MIME message. I don't understand! (Nothing new there!) The Sophos information on MyParty suggests that the executable is just another executable attachment. Have I missed something? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jan 28 17:14:06 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128151838.03c064b0@imap.ecs.soton.ac.uk> Message-ID: On Mon, 28 Jan 2002, Julian Field wrote: > At 13:52 28/01/2002, you wrote: > >I applied the fix to sendmail.pl (3.03-1) but on my systems I get the > >following message when restarting MailScanner: > > > > Not a SCALAR reference at /opt/mailscanner/bin/sendmail.pl line 67. > > My sendmail.pl line 67 is in the middle of a long comment... Please can you > show us a bit of the surrounding code? The function definition you want is > around line 689 of sendmail.pl, not line 67. > [snip] Julian I have dealt with this by upgrading to 3.04-1. But to answer your request here is the context in sendmail.pl around line 67: ---- cut here 54 sub FindMessagesToProcess { 55 my($InQueueDir, $OutDir, $RClean, $RDirty, $MessagesInfo, 56 $RDirtyMsgs, $RDirtyBytes) = @_; 57 local(*QUEUE); 58 my($file, $id, $RHeaders, $MsgInfo); 59 my($CleanMsgs, $DirtyMsgs, $CleanBytes, $DirtyBytes); 60 my($HitLimit1, $HitLimit2, $HitLimit3, $HitLimit4); 61 my(%ModDate, @SortedFiles); 62 # necessary because otherwise we need to pass a reference to 63 # *QFFILE before it exists... apparently this is OK in perl 5.6, 64 # but not in 5.005... 65 my $QfFile = new FileHandle; 66 ** 67 $$RDirtyMsgs = 0; 68 $$RDirtyBytes = 0; 69 @$RClean = (); 70 @$RDirty = (); 71 %$MessagesInfo = {}; 72 73 opendir QUEUE, $InQueueDir or return undef; 74 75 # Read in all the modification dates of the qf files, and use them in date order ---- cut here Quentin Campbell (postmaster) -- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------- "Any opinions expressed above are mine. The University can get its own." From jkf at ecs.soton.ac.uk Mon Jan 28 18:23:47 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: References: <5.1.0.14.2.20020128151838.03c064b0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128181945.03d07090@hawk.ecs.soton.ac.uk> At 17:14 28/01/2002, you wrote: >I have dealt with this by upgrading to 3.04-1. But to answer your request >here is the context in sendmail.pl around line 67: This must be an oddity in your version of Perl, as the 1-line fix appears to work for most people. The more I use perl, the more I realise that different versions do have some very strange behaviour in certain situations... Upgrading is safer all round anyway, it fixes a couple of other bugs too that have been highlighted on this list over the past couple of weeks (pretty minor ones that most people won't notice, and certainly none of which have any impact on its virus-detecting abilities). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 18:18:57 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <3C55881C.78F4BB43@bangor.ac.uk> References: <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> At 17:19 28/01/2002, you wrote: >Julian Field wrote: > > There is one new configuration variable "Scan All Messages" which forces it > > to even scan plain-text messages which were previously thought to be > > perfectly harmless (and have proved to be until now). The default is "yes" > > so don't worry if you forget to update your mailscanner.conf. > > > > This will unfortunately cause an increase in the system load on your > > MailScanner servers, as now every plain-text message will be scanned as > > well as every MIME message. > >I don't understand! (Nothing new there!) The Sophos information on MyParty >suggests that the executable is just another executable attachment. Have I >missed something? It's not a proper attachment, it's just uuencoded data stuffed in-line in the main body of the (plain text) message. There are no MIME headers at all, or anything. It's just in-line data, which apparently some email clients appear to identify, decode, and present like an attachment. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gene at ERACHAMPION.COM Mon Jan 28 18:46:04 2002 From: gene at ERACHAMPION.COM (Gene Ruebsamen) Date: Thu Jan 12 21:14:20 2006 Subject: MailScanner Perl Problems (help!) In-Reply-To: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> Message-ID: Hello, I just recently installed mailscanner, and love it! I installed via the RPM's, and I am currently running Redhat 7.2 which has Perl 5.6.0 installed by default. I am also using SpamAssassin, and installed that via tarballs. When installed some perl modules via CPAN, my PERL was upgraded to Perl 5.6.1. Spam Assassin and Mail Scanner both work great separately; however, when I enable SpamAssassin support within Mail Scanner, I get the following error: Can't locate Mail/SpamAssassin.pm in @INC (@INC contains: /usr/local/MailScanner/bin /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/local/MailScanner/bin/sendmail.pl line 46. Compilation failed in require at /usr/local/MailScanner/bin/mailscanner line 77. I did a search for SpamAssassin.pm, and found that it was located in the following directory: /usr/local/lib/perl5/site_perl/5.6.1/Mail/ It seems the default path that MailScanner looks for is the Perl 5.6.0 path.. How can I fix this problem, as I would like to use MailScanner to invoke SpamAssassin rather than running them separately? Thanks!! Gene Ruebsamen From felker at GMX.NET Mon Jan 28 18:58:42 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:20 2006 Subject: uuencoded att's not scanned by Mailscanner? References: <5.1.0.14.2.20020128140645.039f6ad8@imap.ecs.soton.ac.uk> Message-ID: <20813.1012244322@www44.gmx.net> > Use version 3.04, you'll find this behaviour has changed (you didn't write Wow! The uuencoded eicar.com is detected and deleted! Thank you. > MyParty did you? (Joke!!!) :-) Why? Is MyParty using stone age old (uuencode) techniques? ;-) Sander -- Sent through GMX FreeMail - http://www.gmx.net From felker at GMX.NET Mon Jan 28 19:20:03 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> Message-ID: <23956.1012245603@www44.gmx.net> > It's not a proper attachment, it's just uuencoded data stuffed in-line in > the main body of the (plain text) message. There are no MIME headers at > all, or anything. It's just in-line data, which apparently some email > clients appear to identify, decode, and present like an attachment. Wow, what a coincident with my remark yesterday. Clever virus writer. ;-) To avoid misunderstandings: I discovered this maillscanner behaviour (=not scanning uuencoded files) because I always send attachments from my unix comand line the lazy way: uuencode eicar.com eicar.com | mail someone@somewhere.com FIY: I have done this since 1990 or so, and it always worked. And I'm quite sure the format it results in, is correct (although not very much in use anymore). Sander -- Sent through GMX FreeMail - http://www.gmx.net From evertjan at VANRAMSELAAR.NET Mon Jan 28 19:30:03 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes Message-ID: <000701c1a832$2f299510$65020a0a@galaxy> Hi list, When I set "Sign Clean Messages = yes" no X-MailScanner header is added to scanned messages. It also looks like the Return-Path header disappears with that setting. When setting "Sign Clean Messages = no" the X-MailScanner and Return-Path headers are in place. Is this something in my setup? Or did I hit a bug in this great program? -- Evert Jan van Ramselaar Van Ramselaar Info Tech From felker at GMX.NET Mon Jan 28 19:25:05 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty References: <5.1.0.14.2.20020128161805.06792ea0@imap.ecs.soton.ac.uk> Message-ID: <32481.1012245905@www44.gmx.net> > At 15:22 28/01/2002, you wrote: > >Will 3.04-1 protect against MyParty by itself or does it need an > >up-to-date anti-virus database and tools as well? > > It will still need an up-to-date anti-virus database. If you can't get > that, I would advise you switch vendors the next chance you get :-) Hmm, the updated f-prot does not know MyParty: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i myparty Other Parties are present: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i party No_Party.519 WParty.557.A WParty.557.B WParty.558 IRC/Party.A VBS/Party.A@mm Proof that f-prot has been updated: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | head -5 SIGN.DEF created 28. January 2002 SIGN2.DEF created 28. January 2002 MACRO.DEF created 16. January 2002 2-up.6000 2Sexy.384 [root@sanderold root]# So, switch 'vendor'? Sander -- Sent through GMX FreeMail - http://www.gmx.net From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 19:24:49 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: jase@SENSIS.COM requested to join Message-ID: <200201281924.TAA01640@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 19:24:49 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jason Desai You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jase@SENSIS.COM Jason Desai PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jase@SENSIS.COM Jason Desai // EOJ From mdchaney at MICHAELCHANEY.COM Mon Jan 28 19:55:06 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Mon, Jan 28, 2002 at 06:18:57PM +0000 References: <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> <3C55881C.78F4BB43@bangor.ac.uk> <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> Message-ID: <20020128135506.A8555@michaelchaney.com> On Mon, Jan 28, 2002 at 06:18:57PM +0000, Julian Field wrote: > It's not a proper attachment, it's just uuencoded data stuffed in-line in > the main body of the (plain text) message. There are no MIME headers at > all, or anything. It's just in-line data, which apparently some email > clients appear to identify, decode, and present like an attachment. Which makes perfect sense. I've been downloading uuencoded goodies for years from usenet, and posted a few myself (back in the pre-spam, pre-www days). MIME wasn't around back then. It seems to me that it would make sense to pass the message body into "DefinitelyClean" and simply check for a uuencoded file, which would be a simple regex and would surely be quicker than scanning all files. The logic would be: if mime header return 0; if uuencoded file in body return 0; return 1; That shouldn't require too much more horsepower. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From felker at GMX.NET Mon Jan 28 20:07:55 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty References: <32481.1012245905@www44.gmx.net> Message-ID: <313.1012248475@www44.gmx.net> Hmm, hopefully I was wrong: the f-prot website http://www.f-prot.com/f-prot/virusinfo/mypartya.html says: "W32/Myparty.A@mm is detected by F-Prot Antivirus? using the virus signature files since January 28th or newer." Strange I can't find it in the virlist. Sander > > At 15:22 28/01/2002, you wrote: > > >Will 3.04-1 protect against MyParty by itself or does it need an > > >up-to-date anti-virus database and tools as well? > > > > It will still need an up-to-date anti-virus database. If you can't get > > that, I would advise you switch vendors the next chance you get :-) > > Hmm, the updated f-prot does not know MyParty: > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i myparty > > Other Parties are present: > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i party > No_Party.519 > WParty.557.A > WParty.557.B > WParty.558 > IRC/Party.A > VBS/Party.A@mm > > Proof that f-prot has been updated: > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | head -5 > SIGN.DEF created 28. January 2002 > SIGN2.DEF created 28. January 2002 > MACRO.DEF created 16. January 2002 > 2-up.6000 > 2Sexy.384 > [root@sanderold root]# > > So, switch 'vendor'? > > Sander > > > > -- > Sent through GMX FreeMail - http://www.gmx.net > -- Sent through GMX FreeMail - http://www.gmx.net From jkf at ecs.soton.ac.uk Mon Jan 28 19:57:27 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: uuencoded att's not scanned by Mailscanner? In-Reply-To: <20813.1012244322@www44.gmx.net> References: <5.1.0.14.2.20020128140645.039f6ad8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128195716.04496f20@hawk.ecs.soton.ac.uk> At 18:58 28/01/2002, you wrote: > > MyParty did you? (Joke!!!) :-) > >Why? Is MyParty using stone age old (uuencode) techniques? ;-) Exactly that... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 20:15:50 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: miket@DIG-NET.NET requested to join Message-ID: <200201282016.UAA05607@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 20:15:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mike Terebessy You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER miket@DIG-NET.NET Mike Terebessy PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER miket@DIG-NET.NET Mike Terebessy // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Jan 28 20:29:23 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: kap@UAKRON.EDU requested to join Message-ID: <200201282029.UAA06537@magpie.ecs.soton.ac.uk> Mon, 28 Jan 2002 20:29:23 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Keith Piepho The following membership options have been requested: HTML DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER kap@UAKRON.EDU Keith Piepho PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER kap@UAKRON.EDU Keith Piepho SET MAILSCANNER HTML DIGEST FOR kap@UAKRON.EDU // EOJ From jkf at ecs.soton.ac.uk Mon Jan 28 20:15:35 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <000701c1a832$2f299510$65020a0a@galaxy> Message-ID: <5.1.0.14.2.20020128201253.02fe2e28@hawk.ecs.soton.ac.uk> At 19:30 28/01/2002, you wrote: >When I set "Sign Clean Messages = yes" no X-MailScanner header is added to >scanned messages. >It also looks like the Return-Path header disappears with that setting. >When setting "Sign Clean Messages = no" the X-MailScanner and Return-Path >headers are in place. >Is this something in my setup? Or did I hit a bug in this great program? You found a teensy bug. "Sign Clean Messages" disables the "X-MailScanner" header on clean messages. If you want to fix this now, and can't wait for the next version, here's a patch: *** sendmail.pl.3.04-1 Mon Jan 28 20:08:15 2002 --- sendmail.pl Mon Jan 28 20:08:50 2002 *************** *** 506,512 **** # Construct all the new headers $newheaders = MTA::ConstructHeaders($entities->{$id}->stringify_header); ! $newheaders = AddInfectedHeader($newheaders) if $Clean ne 'clean'; if (defined($IsSpam->{$id})) { $newheaders = MTA::AddHeader($newheaders, $Config::SpamHeader, $IsSpam->{$id}); --- 506,513 ---- # Construct all the new headers $newheaders = MTA::ConstructHeaders($entities->{$id}->stringify_header); ! $newheaders = AddCleanHeader($newheaders) if $Clean eq 'clean'; ! $newheaders = AddInfectedHeader($newheaders) if $Clean eq 'dirty'; if (defined($IsSpam->{$id})) { $newheaders = MTA::AddHeader($newheaders, $Config::SpamHeader, $IsSpam->{$id}); -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Jan 28 20:20:25 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <20020128135506.A8555@michaelchaney.com> References: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> <3C55881C.78F4BB43@bangor.ac.uk> <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020128201603.02e30578@hawk.ecs.soton.ac.uk> At 19:55 28/01/2002, you wrote: >On Mon, Jan 28, 2002 at 06:18:57PM +0000, Julian Field wrote: > > It's not a proper attachment, it's just uuencoded data stuffed in-line in > > the main body of the (plain text) message. There are no MIME headers at > > all, or anything. It's just in-line data, which apparently some email > > clients appear to identify, decode, and present like an attachment. > >Which makes perfect sense. I've been downloading uuencoded goodies for >years from usenet, and posted a few myself (back in the pre-spam, >pre-www days). MIME wasn't around back then. > >It seems to me that it would make sense to pass the message body into >"DefinitelyClean" and simply check for a uuencoded file, which would be >a simple regex and would surely be quicker than scanning all files. The >logic would be: > >if mime header return 0; >if uuencoded file in body return 0; >return 1; > >That shouldn't require too much more horsepower. Can we guarantee that this only works with uuencoded files, and doesn't work with other encodings in some mail clients as well? As the US Army say (apparently), "assumption is the mother of all f***-ups". I've been bitten by this once now, I don't want to get bitten again. So for the moment it stays as it is now. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mdchaney at MICHAELCHANEY.COM Mon Jan 28 20:47:16 2002 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:14:20 2006 Subject: EMERGENCY: MyParty In-Reply-To: <5.1.0.14.2.20020128201603.02e30578@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Mon, Jan 28, 2002 at 08:20:25PM +0000 References: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> <3C55881C.78F4BB43@bangor.ac.uk> <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> <20020128135506.A8555@michaelchaney.com> <5.1.0.14.2.20020128201603.02e30578@hawk.ecs.soton.ac.uk> Message-ID: <20020128144716.A8789@michaelchaney.com> On Mon, Jan 28, 2002 at 08:20:25PM +0000, Julian Field wrote: > At 19:55 28/01/2002, you wrote: > >On Mon, Jan 28, 2002 at 06:18:57PM +0000, Julian Field wrote: > > > It's not a proper attachment, it's just uuencoded data stuffed in-line in > > > the main body of the (plain text) message. There are no MIME headers at > > > all, or anything. It's just in-line data, which apparently some email > > > clients appear to identify, decode, and present like an attachment. > > > >Which makes perfect sense. I've been downloading uuencoded goodies for > >years from usenet, and posted a few myself (back in the pre-spam, > >pre-www days). MIME wasn't around back then. > > > >It seems to me that it would make sense to pass the message body into > >"DefinitelyClean" and simply check for a uuencoded file, which would be > >a simple regex and would surely be quicker than scanning all files. The > >logic would be: > > > >if mime header return 0; > >if uuencoded file in body return 0; > >return 1; > > > >That shouldn't require too much more horsepower. > > Can we guarantee that this only works with uuencoded files, and doesn't > work with other encodings in some mail clients as well? I'm very familiar with various ways to package files. uuencoding has been around forever, and MIME is a recent innovation. Since MIME is completely general purpose, there is, at this time, no need for any other format. You'll know if/when the unlikely event occurs that another format is used, and can plan for it. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From evertjan at VANRAMSELAAR.NET Mon Jan 28 20:45:21 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <5.1.0.14.2.20020128201253.02fe2e28@hawk.ecs.soton.ac.uk> Message-ID: <000d01c1a83c$b43e9930$65020a0a@galaxy> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Monday, January 28, 2002 9:16 PM > > You found a teensy bug. "Sign Clean Messages" disables the "X-MailScanner" > header on clean messages. > If you want to fix this now, and can't wait for the next version, here's a > patch: Tnx, I applied the patch and this does indeed solve the missing X-MailScanner header. :D However, it still seems "Sign Clean Messages = yes" also removes the Return-Path header. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php for more information. From doko at CS.TU-BERLIN.DE Mon Jan 28 21:36:32 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:20 2006 Subject: spamassassin output Message-ID: <15445.50272.166307.168805@gargle.gargle.HOWL> in 3.04.1, spamassassin writes to stdout/stderr(?), not to syslog: Created user preferences file: /var/spool/mail/.spamassassin/user_prefs From miket at DIG-NET.NET Mon Jan 28 21:56:21 2002 From: miket at DIG-NET.NET (michael terebessy) Date: Thu Jan 12 21:14:20 2006 Subject: sophos Message-ID: <6203973433F44D48B1BEE4DCD30421D9084BDC@two.digsd.com> Do I need to buy a support contract to use the linux sophos version includes in the tar.gz version? Thanks From doko at CS.TU-BERLIN.DE Mon Jan 28 22:09:41 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:20 2006 Subject: f-prot output to stdout/stderr and auto update Message-ID: <15445.52261.523629.941398@gargle.gargle.HOWL> - f-prot writes output to stdout/stderr. I assume, the wrapper should redirect this. - does mailscanner provide a locking mechanism independent of the virus scanner? And last, but not least, is there a bug tracking system for mailscanner? From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 06:28:57 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: raxie@BULACAN.PH requested to join Message-ID: <200201290628.GAA09378@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 06:28:57 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ruel Bristol You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER raxie@BULACAN.PH Ruel Bristol PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER raxie@BULACAN.PH Ruel Bristol // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 06:37:45 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: raxie@BULACAN.PH requested to join Message-ID: <200201290637.GAA09911@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 06:37:45 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ruel Bristol You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER raxie@BULACAN.PH Ruel Bristol PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER raxie@BULACAN.PH Ruel Bristol // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 08:25:00 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:20 2006 Subject: MAILSCANNER: virusalert@SMM.LT requested to join Message-ID: <200201290825.IAA14626@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 08:25:00 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jaroslav Vostrikov You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER virusalert@SMM.LT Jaroslav Vostrikov PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER virusalert@SMM.LT Jaroslav Vostrikov // EOJ From doko at CS.TU-BERLIN.DE Mon Jan 28 22:07:24 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:20 2006 Subject: Debian packages Message-ID: <15445.52124.302647.74814@gargle.gargle.HOWL> At http://cs.tu-berlin.de/~doko/mailscanner you'll find a Debian package for mailscanner. I deleted the symlinks in the source, because the world is not only Solaris/RedHat and removed tnef, because it's included in Debian. Feedback and contribution of a debconf installer would be welcome. The default configuration is to check for spam and use no virus checker. I assume that is the only usable free configuration. Matthias Btw Nick, now, it's working with exim and f-prot ... From jkf at ecs.soton.ac.uk Tue Jan 29 08:35:18 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: sophos In-Reply-To: <6203973433F44D48B1BEE4DCD30421D9084BDC@two.digsd.com> Message-ID: <5.1.0.14.2.20020129083459.038fd428@imap.ecs.soton.ac.uk> At 21:56 28/01/2002, you wrote: >Do I need to buy a support contract to use the linux sophos version >includes in the tar.gz version? There is no copy of Sophos shipped with MailScanner. You need to buy a SAVI licence from Sophos to get this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 29 08:34:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <000d01c1a83c$b43e9930$65020a0a@galaxy> References: <5.1.0.14.2.20020128201253.02fe2e28@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> At 20:45 28/01/2002, you wrote: >Tnx, I applied the patch and this does indeed solve the missing >X-MailScanner header. :D >However, it still seems "Sign Clean Messages = yes" also removes the >Return-Path header. That one I really don't understand, as nothing plays with the Return-Path header... :( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Jan 29 08:36:54 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: f-prot output to stdout/stderr and auto update In-Reply-To: <15445.52261.523629.941398@gargle.gargle.HOWL> Message-ID: <5.1.0.14.2.20020129083534.03a2ca18@imap.ecs.soton.ac.uk> At 22:09 28/01/2002, you wrote: >- f-prot writes output to stdout/stderr. I assume, the wrapper should > redirect this. It could, it hardly matters though as the stderr output just gets ignored. >- does mailscanner provide a locking mechanism independent of the > virus scanner? There is a lock file called something like "F-ProtBusy.lock" in /tmp which is used to lock out the virus scanner while autoupdates happen. >And last, but not least, is there a bug tracking system for >mailscanner? My inbox :-) And anyway, what bugs? ;-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From doko at CS.TU-BERLIN.DE Tue Jan 29 02:03:20 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:20 2006 Subject: mailscanner-3.04.1 adds ^M at end of line Message-ID: <15446.744.751461.582455@gargle.gargle.HOWL> Noticed this with 3.04: - the mails are ok in the incoming queue - lines copied by mailscanner have an ^M appended - lines inserted by mailscanner are ok this leads to corrupted attachments. From brose at MED.WAYNE.EDU Tue Jan 29 06:49:07 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:20 2006 Subject: Sendmail WebStats (sort of a mod) Message-ID: On my box, the numbers for the files inthe incoming and outgoing queues generated by the system () calls aren't placed in the table. They get printed at the top of the page and then under it is the table. Any ideas why this might be happening? -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Thursday, January 24, 2002 8:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail WebStats (sort of a mod) For those interested http://sairys.bomb.net/sendmail-webstats.tar.gz put in your cgi-bin dir and browse to it. produces stats to the web, must have apache (or some httpd daemon running) To see a sample, http://sairys.bomb.net/sample.gif -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020129/b9e905f6/attachment.html From splee at PLEXIO.COM Tue Jan 29 08:50:16 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:20 2006 Subject: 3.04-1 & MyParty In-Reply-To: <313.1012248475@www44.gmx.net> References: <32481.1012245905@www44.gmx.net> <313.1012248475@www44.gmx.net> Message-ID: <1012294218.26294.16.camel@ralph.plexio.private> Myparty was not detected on my system: Exim 3.34, MailScanner 3.03-1 with the "return 0;" mod in the DefinitelyClean sub of sendmail.pl and F-Prot with the Jan 28 DEF updates. Has anyone caught this virus using a similar setup as above? Might Mailscanner 3.04-1 give better results? Thanks, Stephen On Mon, 2002-01-28 at 12:07, Sander Jonkers wrote: > Hmm, hopefully I was wrong: the f-prot website > http://www.f-prot.com/f-prot/virusinfo/mypartya.html says: > > "W32/Myparty.A@mm is detected by F-Prot Antivirus? using the virus signature > files since January 28th or newer." > > Strange I can't find it in the virlist. > > Sander > > > > > At 15:22 28/01/2002, you wrote: > > > >Will 3.04-1 protect against MyParty by itself or does it need an > > > >up-to-date anti-virus database and tools as well? > > > > > > It will still need an up-to-date anti-virus database. If you can't get > > > that, I would advise you switch vendors the next chance you get :-) > > > > Hmm, the updated f-prot does not know MyParty: > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i myparty > > > > Other Parties are present: > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i party > > No_Party.519 > > WParty.557.A > > WParty.557.B > > WParty.558 > > IRC/Party.A > > VBS/Party.A@mm > > > > Proof that f-prot has been updated: > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | head -5 > > SIGN.DEF created 28. January 2002 > > SIGN2.DEF created 28. January 2002 > > MACRO.DEF created 16. January 2002 > > 2-up.6000 > > 2Sexy.384 > > [root@sanderold root]# > > > > So, switch 'vendor'? > > > > Sander From jkf at ecs.soton.ac.uk Tue Jan 29 08:58:47 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: mailscanner-3.04.1 adds ^M at end of line In-Reply-To: <15446.744.751461.582455@gargle.gargle.HOWL> Message-ID: <5.1.0.14.2.20020129085834.052203c8@imap.ecs.soton.ac.uk> At 02:03 29/01/2002, you wrote: >Noticed this with 3.04: > - the mails are ok in the incoming queue > - lines copied by mailscanner have an ^M appended > - lines inserted by mailscanner are ok > >this leads to corrupted attachments. Has anyone else seen this? I certainly haven't... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Tue Jan 29 09:05:28 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> Message-ID: <43003.80.79.97.7.1012295128.squirrel@mail.vr-it.com> Julian Field said: >>However, it still seems "Sign Clean Messages = yes" also removes the >>Return-Path header. > That one I really don't understand, as nothing plays with the > Return-Path header... :( I'm just guessing, but as the Return-Path header is always the first, can't itjust be that somewhere the first of all headers is accidently deleted in some routine? Has anyone been able to reproduce this by setting "Sign Clean Messages = yes"? When I set it to "no", the Return-Path header shows up again, so I guessthis must be related... -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From jkf at ecs.soton.ac.uk Tue Jan 29 09:23:14 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <43003.80.79.97.7.1012295128.squirrel@mail.vr-it.com> References: <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> At 09:05 29/01/2002, you wrote: >Julian Field said: > >>However, it still seems "Sign Clean Messages = yes" also removes the > >>Return-Path header. > > That one I really don't understand, as nothing plays with the > > Return-Path header... :( > >I'm just guessing, but as the Return-Path header is always the first, >can't itjust be that somewhere the first of all headers is accidently >deleted in some >routine? None of the messages in my mailbox have a Return-Path header, and switching Sign Clean Messages on and off makes no difference. I'm running sendmail 8.9.3 and my setup doesn't appear to use Return-Path at all. It could be a MIME-Tools problem. Does it make any difference whether the message is MIME or plain text? I can't see any signs of any headers disappearing when this option is switched on and off at all. >Has anyone been able to reproduce this by setting "Sign Clean Messages = >yes"? When I set it to "no", the Return-Path header shows up again, so I >guessthis must be related... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From evertjan at VANRAMSELAAR.NET Tue Jan 29 09:36:12 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> Message-ID: <7410.80.79.97.7.1012296972.squirrel@mail.vr-it.com> Julian Field said: >> >>However, it still seems "Sign Clean Messages = yes" also removes the >> >>Return-Path header. > It could be a MIME-Tools problem. Does it make any difference whether > the message is MIME or plain text? I can't see any signs of any headers > disappearing when this option is switched on and off at all. This happens on both MIME and plain text messages that are being scanned and found to be clean. Messages that are not being scanned (plain text messages in earlier versions of MailScanner) are not affected, iow all headersin place and the 'signature' added to the message. FYI, I am running Sendmail 8.11.0, but I am sure I also had the Return-Path header on all messages when I was still using 8.9.3.... I'm not that familiar with the proper RFCs, so I am not sure if the header is mandatory or optional. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From marko at HUMAN.PEFRI.HR Tue Jan 29 11:40:51 2002 From: marko at HUMAN.PEFRI.HR (Marko Malikovic) Date: Thu Jan 12 21:14:20 2006 Subject: Debian packages In-Reply-To: <15445.52124.302647.74814@gargle.gargle.HOWL> References: <15445.52124.302647.74814@gargle.gargle.HOWL> Message-ID: <3666.161.53.147.41.1012297251.squirrel@www.human.pefri.hr> Hi! http://cs.tu-berlin.de/~doko/mailscanner does not exist. http://cs.tu- berlin.de is linked to http://iv.tu-berlin.de/ Please where is mailscanner? Thank your very much, Marko. > At http://cs.tu-berlin.de/~doko/mailscanner you'll find a Debian > package for mailscanner. I deleted the symlinks in the source, because > the world is not only Solaris/RedHat and removed tnef, because it's > included in Debian. Feedback and contribution of a debconf installer > would be welcome. > > The default configuration is to check for spam and use no virus > checker. I assume that is the only usable free configuration. > > Matthias > > Btw Nick, now, it's working with exim and f-prot ... -- Marko Malikovic Strucni suradnik za kompjuterske aplikacije na Odsjeku za psihologiju CARNet sistem administrator Filozofski fakultet u Rijeci Trg Ivana Klobucarica 1 Tel: ++385/51/315-232, 315-233 From nwp at LEMON-COMPUTING.COM Tue Jan 29 09:50:39 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:20 2006 Subject: Fwd: Output from "cron" command In-Reply-To: ; from S.L.Sargent@QMUL.AC.UK on Mon, Jan 28, 2002 at 12:18:40PM +0000 References: Message-ID: <20020129095039.L7526@lemon-computing.com> On Mon, Jan 28, 2002 at 12:18:40PM +0000, Steve Sargent wrote: > I set the auto update script running in cron over the weekend and it > produced this output. Is it a know bug? Looks like it's missing a "use Sys::Syslog;" at the top. -- Nick Phillips -- nwp@lemon-computing.com Your fly might be open (but don't check it just now). From jkf at ecs.soton.ac.uk Tue Jan 29 09:50:02 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:20 2006 Subject: Sign Clean Messages = yes In-Reply-To: <7410.80.79.97.7.1012296972.squirrel@mail.vr-it.com> References: <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020129094444.039567e0@imap.ecs.soton.ac.uk> At 09:36 29/01/2002, you wrote: >I'm not that familiar with the proper RFCs, so I am not sure if the header is >mandatory or optional. According to the Bat book: The header should be added by the final delivery agent, i.e. the sendmail process that puts the message into the user's mailbox file, and is a copy of the "from" part of the message envelope. Any previous content in the header should not be relied upon. So it should be added by the final delivery stage (there's a delivery agent "P" flag to control it) which is after MailScanner has finished handling the message anyway. So your Return-Path headers are being added at the wrong stage in the delivery process, which makes this a sendmail problem. But the behaviour you are seeing is performed by MIME-Tools, so I suggest you try a more recent version of that package to see if the behaviour has changed at all. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Tue Jan 29 10:33:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:20 2006 Subject: Sendmail WebStats (sort of a mod) In-Reply-To: ; from brose@MED.WAYNE.EDU on Tue, Jan 29, 2002 at 01:49:07AM -0500 References: Message-ID: <20020129103340.O7526@lemon-computing.com> On Tue, Jan 29, 2002 at 01:49:07AM -0500, Rose, Bobby wrote: > On my box, the numbers for the files inthe incoming and outgoing queues > generated by the system () calls aren't placed in the table. They get > printed at the top of the page and then under it is the table. Any > ideas why this might be happening? Set $|=1 at the start of the script. The output from Perl itself is probably getting buffered, while that from the called programs will get flushed when they exit. -- Nick Phillips -- nwp@lemon-computing.com You will wish you hadn't. From nwp at LEMON-COMPUTING.COM Tue Jan 29 10:44:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:20 2006 Subject: f-prot output to stdout/stderr and auto update In-Reply-To: <5.1.0.14.2.20020129083534.03a2ca18@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Jan 29, 2002 at 08:36:54AM +0000 References: <15445.52261.523629.941398@gargle.gargle.HOWL> <5.1.0.14.2.20020129083534.03a2ca18@imap.ecs.soton.ac.uk> Message-ID: <20020129104440.P7526@lemon-computing.com> On Tue, Jan 29, 2002 at 08:36:54AM +0000, Julian Field wrote: > At 22:09 28/01/2002, you wrote: > >- f-prot writes output to stdout/stderr. I assume, the wrapper should > > redirect this. > > It could, it hardly matters though as the stderr output just gets ignored. It might be nice to shove it into a log, but for the most part it'd probably get too big too quickly. Most of the time it could be explicitly redirected to /dev/null, but it's handy to (be able to) see the output when you start it from a terminal. > >- does mailscanner provide a locking mechanism independent of the > > virus scanner? > > There is a lock file called something like "F-ProtBusy.lock" in /tmp which > is used to lock out the virus scanner while autoupdates happen. Or in whatever directory you've configured it to use... > >And last, but not least, is there a bug tracking system for > >mailscanner? > > My inbox :-) And anyway, what bugs? ;-) Don't tempt fate... please? -- Nick Phillips -- nwp@lemon-computing.com Excellent day for putting Slinkies on an escalator. From nwp at LEMON-COMPUTING.COM Tue Jan 29 10:29:59 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: EMERGENCY: MyParty In-Reply-To: <20020128144716.A8789@michaelchaney.com>; from mdchaney@MICHAELCHANEY.COM on Mon, Jan 28, 2002 at 02:47:16PM -0600 References: <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20020128130026.0793de88@hawk.ecs.soton.ac.uk> <3C55881C.78F4BB43@bangor.ac.uk> <5.1.0.14.2.20020128181751.02fe2658@hawk.ecs.soton.ac.uk> <20020128135506.A8555@michaelchaney.com> <5.1.0.14.2.20020128201603.02e30578@hawk.ecs.soton.ac.uk> <20020128144716.A8789@michaelchaney.com> Message-ID: <20020129102959.M7526@lemon-computing.com> On Mon, Jan 28, 2002 at 02:47:16PM -0600, Michael Chaney wrote: > > >It seems to me that it would make sense to pass the message body into > > >"DefinitelyClean" and simply check for a uuencoded file, which would be > > >a simple regex and would surely be quicker than scanning all files. The > > >logic would be: > > > > > >if mime header return 0; > > >if uuencoded file in body return 0; > > >return 1; > > Can we guarantee that this only works with uuencoded files, and doesn't > > work with other encodings in some mail clients as well? > > I'm very familiar with various ways to package files. uuencoding has > been around forever, and MIME is a recent innovation. Since MIME is > completely general purpose, there is, at this time, no need for any > other format. You'll know if/when the unlikely event occurs that > another format is used, and can plan for it. OK, well scanning everything is *definitely* safest. A quick scan for uuencoded data is all very well, but uuencoded data is not the only thing that you might find that an email client could conceivably identify and decode: any Mac users will be familiar with BinHex, for example, which is kind of a Mac equivalent to uuencoding. I would expect a Mac-based mail client to find and decode that. Fortunately it's also easy to identify. Straight Base64 would almost certainly also be picked up by mail clients. I'm sure there are more. I guess the real question is "what do the AV scanners understand?" 'cos if they don't understand it then it doesn't matter whether we pass it off to them or not... OK, how many types of archive for passing binary data in email can you think of? Answers on a postcard.... -- Nick Phillips -- nwp@lemon-computing.com Do not overtax your powers. From felker at GMX.NET Tue Jan 29 10:20:49 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 & MyParty References: <1012294218.26294.16.camel@ralph.plexio.private> Message-ID: <30162.1012299649@www57.gmx.net> > Myparty was not detected on my system: Exim 3.34, MailScanner 3.03-1 > with the "return 0;" mod in the DefinitelyClean sub of sendmail.pl and > F-Prot with the Jan 28 DEF updates. Has anyone caught this virus using a > similar setup as above? Might Mailscanner 3.04-1 give better results? So this 'not-detection of MyParty' confirms my first mail saying that MyParty was not in 'f-prot --virlist'. Do you mean you have got a MyParty virus yourself? If so, please mail me a copy at felker at gmx.net so that I can check my mailscanner 3.04-1 with the updated f-prot (no worries: no windows over there). Sander > > Thanks, > Stephen > > > > On Mon, 2002-01-28 at 12:07, Sander Jonkers wrote: > > Hmm, hopefully I was wrong: the f-prot website > > http://www.f-prot.com/f-prot/virusinfo/mypartya.html says: > > > > "W32/Myparty.A@mm is detected by F-Prot Antivirus? using the virus > signature > > files since January 28th or newer." > > > > Strange I can't find it in the virlist. > > > > Sander > > > > > > > > At 15:22 28/01/2002, you wrote: > > > > >Will 3.04-1 protect against MyParty by itself or does it need an > > > > >up-to-date anti-virus database and tools as well? > > > > > > > > It will still need an up-to-date anti-virus database. If you can't > get > > > > that, I would advise you switch vendors the next chance you get :-) > > > > > > Hmm, the updated f-prot does not know MyParty: > > > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i > myparty > > > > > > Other Parties are present: > > > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i > party > > > No_Party.519 > > > WParty.557.A > > > WParty.557.B > > > WParty.558 > > > IRC/Party.A > > > VBS/Party.A@mm > > > > > > Proof that f-prot has been updated: > > > > > > [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | head -5 > > > SIGN.DEF created 28. January 2002 > > > SIGN2.DEF created 28. January 2002 > > > MACRO.DEF created 16. January 2002 > > > 2-up.6000 > > > 2Sexy.384 > > > [root@sanderold root]# > > > > > > So, switch 'vendor'? > > > > > > Sander > -- Sent through GMX FreeMail - http://www.gmx.net From nwp at LEMON-COMPUTING.COM Tue Jan 29 11:16:02 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: mailscanner-3.04.1 adds ^M at end of line In-Reply-To: <5.1.0.14.2.20020129085834.052203c8@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Jan 29, 2002 at 08:58:47AM +0000 References: <15446.744.751461.582455@gargle.gargle.HOWL> <5.1.0.14.2.20020129085834.052203c8@imap.ecs.soton.ac.uk> Message-ID: <20020129111602.Q7526@lemon-computing.com> On Tue, Jan 29, 2002 at 08:58:47AM +0000, Julian Field wrote: > At 02:03 29/01/2002, you wrote: > >Noticed this with 3.04: > > - the mails are ok in the incoming queue > > - lines copied by mailscanner have an ^M appended > > - lines inserted by mailscanner are ok > > > >this leads to corrupted attachments. > > Has anyone else seen this? I certainly haven't... I haven't upgraded yet; will be doing so shortly, but the only way I can see for this to happen is if $\ has somehow got set to "\r". The only places that "\r" is mentioned in the code are where we're stripping it from things. Maybe it's a non-fatal example of the kind of memory corruption that causes the segfaults? Matthias, which version of perl are you using? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will become rich and famous unless you don't. From nwp at LEMON-COMPUTING.COM Tue Jan 29 11:18:22 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: Sign Clean Messages = yes In-Reply-To: <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Jan 29, 2002 at 09:23:14AM +0000 References: <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020129083338.038a8a38@imap.ecs.soton.ac.uk> <43003.80.79.97.7.1012295128.squirrel@mail.vr-it.com> <5.1.0.14.2.20020129091836.039a0c90@imap.ecs.soton.ac.uk> Message-ID: <20020129111822.R7526@lemon-computing.com> On Tue, Jan 29, 2002 at 09:23:14AM +0000, Julian Field wrote: > None of the messages in my mailbox have a Return-Path header, and switching > Sign Clean Messages on and off makes no difference. I'm running sendmail > 8.9.3 and my setup doesn't appear to use Return-Path at all. Maybe it's deleting a "From" line that sendmail just adds back again? -- Nick Phillips -- nwp@lemon-computing.com You have the body of a 19 year old. Please return it before it gets wrinkled. From nwp at LEMON-COMPUTING.COM Tue Jan 29 11:27:12 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: Debian packages In-Reply-To: <15445.52124.302647.74814@gargle.gargle.HOWL>; from doko@CS.TU-BERLIN.DE on Mon, Jan 28, 2002 at 11:07:24PM +0100 References: <15445.52124.302647.74814@gargle.gargle.HOWL> Message-ID: <20020129112712.T7526@lemon-computing.com> On Mon, Jan 28, 2002 at 11:07:24PM +0100, Matthias Klose wrote: > At http://cs.tu-berlin.de/~doko/mailscanner you'll find a Debian > package for mailscanner. I deleted the symlinks in the source, because > the world is not only Solaris/RedHat and removed tnef, because it's > included in Debian. Feedback and contribution of a debconf installer > would be welcome. Cool... I'll have a look as soon as I can. > The default configuration is to check for spam and use no virus > checker. I assume that is the only usable free configuration. Apparently there is a working free AV system (uses Kaffe, so how stable or easy-to-set-up it is I wouldn't like to guess). I haven't tried it. I vaguely seem to remember someone saying they were going to package it. > Btw Nick, now, it's working with exim and f-prot ... What was(were) the problem(s)? Be good to know so that we can get to the answer quicker next time someone has the same trouble. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will soon forget this. From doko at CS.TU-BERLIN.DE Tue Jan 29 11:24:06 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:21 2006 Subject: mailscanner-3.04.1 adds ^M at end of line In-Reply-To: <20020129111602.Q7526@lemon-computing.com> References: <15446.744.751461.582455@gargle.gargle.HOWL> <5.1.0.14.2.20020129085834.052203c8@imap.ecs.soton.ac.uk> <20020129111602.Q7526@lemon-computing.com> Message-ID: <15446.34390.686804.376283@gargle.gargle.HOWL> Nick Phillips writes: > On Tue, Jan 29, 2002 at 08:58:47AM +0000, Julian Field wrote: > > At 02:03 29/01/2002, you wrote: > > >Noticed this with 3.04: > > > - the mails are ok in the incoming queue > > > - lines copied by mailscanner have an ^M appended > > > - lines inserted by mailscanner are ok > > > > > >this leads to corrupted attachments. > > > > Has anyone else seen this? I certainly haven't... > > I haven't upgraded yet; will be doing so shortly, but the only way I can see > for this to happen is if $\ has somehow got set to "\r". > > The only places that "\r" is mentioned in the code are where we're stripping > it from things. > > Maybe it's a non-fatal example of the kind of memory corruption that causes > the segfaults? I got a mail from Julian, that he could reproduce it. > Matthias, which version of perl are you using? Versions of packages mailscanner depends on: ii exim 3.34-1 Exim Mailer ii libio-stringy-perl 2.108-1 Perl5 modules for IO from scalars ii libmailtools-perl 1.42-2 Manipulate email in perl programs ii libmime-base64-perl 2.12-4 MIME/Base64 decoding for Perl ii libmime-perl 5.411-1 Perl5 modules for MIME-compliant m ii perl 5.6.1-7 Larry Wall's Practical Extraction ii tnef 1.1.1-0.1 Tool to unpack MIME application/ms From Paul.Haldane at NEWCASTLE.AC.UK Tue Jan 29 11:38:45 2002 From: Paul.Haldane at NEWCASTLE.AC.UK (Paul Haldane) Date: Thu Jan 12 21:14:21 2006 Subject: EMERGENCY: MyParty Message-ID: > At 17:14 28/01/2002, you wrote: > >I have dealt with this by upgrading to 3.04-1. But to answer your > >request here is the context in sendmail.pl around line 67: > > This must be an oddity in your version of Perl, as the 1-line > fix appears to work for most people. The more I use perl, the > more I realise that different versions do have some very > strange behaviour in certain situations... Problem was that we'd managed to end using a copy of the mailscanner script from v3 with a v2 sendmail.pl - number of args for FindMessagesToProcess changed so it's no wonder it was having problems :-> Paul From nwp at LEMON-COMPUTING.COM Tue Jan 29 12:12:27 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: mailscanner-3.04.1 adds ^M at end of line In-Reply-To: <15446.34390.686804.376283@gargle.gargle.HOWL>; from doko@CS.TU-BERLIN.DE on Tue, Jan 29, 2002 at 12:24:06PM +0100 References: <15446.744.751461.582455@gargle.gargle.HOWL> <5.1.0.14.2.20020129085834.052203c8@imap.ecs.soton.ac.uk> <20020129111602.Q7526@lemon-computing.com> <15446.34390.686804.376283@gargle.gargle.HOWL> Message-ID: <20020129121227.W7526@lemon-computing.com> On Tue, Jan 29, 2002 at 12:24:06PM +0100, Matthias Klose wrote: > > Maybe it's a non-fatal example of the kind of memory corruption that causes > > the segfaults? > > I got a mail from Julian, that he could reproduce it. Apparently not; he just got a message from you that had obviously been through it at your end. The messages I had from you just now had lots of extra ^Ms, too. But there's absolutely nowhere that we can see that this should happen. Could you try setting $\ = "" in the "WriteHeaderFile" function in sendmail.pl, like this: # Write a fake email header file for the given message id. sub WriteHeaderFile { my($OutDir, $id, $RHeaders) = @_; my $Header = new FileHandle; Lock::openlock($Header, ">$OutDir/$id.header", "w") or Log::DieLog("Cannot create + lock headers file $OutDir / $id.header, %s", $!); # if debugging not desired # print $Header @$RHeaders; # if debugging desired $\ = ""; foreach(@$RHeaders) { #Log::DebugLog("Output header ($_)\n"); print $Header $_; } print $Header "\n"; Lock::unlockclose($Header); } ...and see whether that helps. > Versions of packages mailscanner depends on: > ii exim 3.34-1 Exim Mailer > ii libio-stringy-perl 2.108-1 Perl5 modules for IO from scalars > ii libmailtools-perl 1.42-2 Manipulate email in perl programs > ii libmime-base64-perl 2.12-4 MIME/Base64 decoding for Perl > ii libmime-perl 5.411-1 Perl5 modules for MIME-compliant m > ii perl 5.6.1-7 Larry Wall's Practical Extraction > ii tnef 1.1.1-0.1 Tool to unpack MIME application/ms If it's the random memory corruption thing, then it'd work with 5.005 - is it possible to have both perls installed at once? I can't remember. I think we need to persuade a perl guru that they need to run mailscanner - perl 5.6 just fails too often. If they need something to expose all their bugs, this is it. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Beware of low-flying butterflies. From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 13:33:59 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:21 2006 Subject: MAILSCANNER: hostmaster@MEDIATIS.DE requested to join Message-ID: <200201291333.NAA09673@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 13:33:59 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mediatis Hostmaster You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER hostmaster@MEDIATIS.DE Mediatis Hostmaster PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER hostmaster@MEDIATIS.DE Mediatis Hostmaster // EOJ From paul-w at BLUEYONDER.CO.UK Tue Jan 29 14:36:58 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:21 2006 Subject: MailScanner, F-PROT and MyParty Message-ID: <003201c1a8d2$68b140d0$6a0110ac@sbsplc.com> I'm running the latest F-Prot and MailScanner, but it seems F-Prot doesn't detect MyParty, rather MailScanner does. Just got this. Anyone else getting similar? ----- Original Message ----- From: "MailScanner" Sent: Tuesday, January 29, 2002 2:10 PM Subject: Warning: E-mail viruses detected > The following e-mail messages were found to have viruses in them: > > Sender: > Recipient: > Subject: new photos from my party! > MessageID: OAA23769 > Report: /var/spool/MailScanner/incoming/OAA23769/www.myparty.yahoo.com is a security risk or a "backdoor" program > > -- > MailScanner > Email Virus Scanner > From nwp at LEMON-COMPUTING.COM Tue Jan 29 14:41:54 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: MailScanner, F-PROT and MyParty In-Reply-To: <003201c1a8d2$68b140d0$6a0110ac@sbsplc.com>; from paul-w@BLUEYONDER.CO.UK on Tue, Jan 29, 2002 at 02:36:58PM -0000 References: <003201c1a8d2$68b140d0$6a0110ac@sbsplc.com> Message-ID: <20020129144154.D7526@lemon-computing.com> On Tue, Jan 29, 2002 at 02:36:58PM -0000, Paul Welsh wrote: > I'm running the latest F-Prot and MailScanner, but it seems F-Prot doesn't > detect MyParty, rather MailScanner does. Just got this. Anyone else > getting similar? That looks like what I'd expect from f-prot... -- Nick Phillips -- nwp@lemon-computing.com Write yourself a threatening letter and pen a defiant reply. From jkf at ecs.soton.ac.uk Tue Jan 29 14:43:10 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:21 2006 Subject: MailScanner, F-PROT and MyParty In-Reply-To: <003201c1a8d2$68b140d0$6a0110ac@sbsplc.com> Message-ID: <5.1.0.14.2.20020129144202.0397f3a8@imap.ecs.soton.ac.uk> At 14:36 29/01/2002, you wrote: >I'm running the latest F-Prot and MailScanner, but it seems F-Prot doesn't >detect MyParty, rather MailScanner does. Just got this. Anyone else >getting similar? That message comes from F-Prot detecting it as a backdoor program rather than a virus. Whether MyParty is a virus or a backdoor is a matter of terminology and definitions. >----- Original Message ----- >From: "MailScanner" >Sent: Tuesday, January 29, 2002 2:10 PM >Subject: Warning: E-mail viruses detected > > > > The following e-mail messages were found to have viruses in them: > > > > Sender: > > Recipient: > > Subject: new photos from my party! > > MessageID: OAA23769 > > Report: /var/spool/MailScanner/incoming/OAA23769/www.myparty.yahoo.com >is a security risk or a "backdoor" program > > > > -- > > MailScanner > > Email Virus Scanner > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From miket at DIG-NET.NET Tue Jan 29 15:59:00 2002 From: miket at DIG-NET.NET (michael terebessy) Date: Thu Jan 12 21:14:21 2006 Subject: sophos Message-ID: <6203973433F44D48B1BEE4DCD30421D9B50D@two.digsd.com> Thank you. I appreciate your time -----Original Message----- From: Julian Field Sent: Tue 29/01/2002 0:35 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: sophos At 21:56 28/01/2002, you wrote: >Do I need to buy a support contract to use the linux sophos version >includes in the tar.gz version? There is no copy of Sophos shipped with MailScanner. You need to buy a SAVI licence from Sophos to get this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From sevans at FOUNDATION.SDSU.EDU Tue Jan 29 16:40:14 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A779B@foundation.foundation.sdsu.edu> I've had mailscanner stop processing mail a couple of times. The mail just keeps building up until I restart the computer. (resarting the service doesn't seem to do it usually). How could I write a script to check the number of files in mqueue.in and mqueue and execute a init6 if it gets over a certain number? Steve From evertjan at VANRAMSELAAR.NET Tue Jan 29 16:47:12 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:21 2006 Subject: Sign Clean Messages = yes In-Reply-To: <5.1.0.14.2.20020129094444.039567e0@imap.ecs.soton.ac.uk> Message-ID: <000001c1a8e4$99aa01b0$65020a0a@galaxy> > -----Original Message----- > From: MailScanner mailing list On Behalf Of Julian Field > Sent: Tuesday, January 29, 2002 10:50 AM > But the behaviour you are seeing is performed by MIME-Tools, so I suggest > you try a more recent version of that package to see if the behaviour has > changed at all. The latest stable version is 5.411 and that is the one I have used since installing MailScanner... -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From jkf at ecs.soton.ac.uk Tue Jan 29 16:55:50 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths In-Reply-To: <20C245C5F9A41949A359CCDBF4B3ADED2A779B@foundation.foundati on.sdsu.edu> Message-ID: <5.1.0.14.2.20020129165005.0390f698@imap.ecs.soton.ac.uk> At 16:40 29/01/2002, you wrote: >I've had mailscanner stop processing mail a couple of times. What version of MailScanner are you using? This was a known problem with some of the early releases of version 3. You really need to be running 3.04. >The mail just keeps building up until I restart the computer. (resarting >the service doesn't seem to do it usually). Running /usr/local/MailScanner/bin/check_mailscanner should restart MailScanner if it is not running. > How could I write a script to check the number of files in mqueue.in > and mqueue and execute a init6 if it gets over a certain number? How about something like #!/bin/sh # Define this to be your maximum allowed mail queue length MAXLEN=300 LSLEN=`cd /var/spool/mqueue.in && ls | wc -l` QUEUELEN=`expr $LSLEN / 2` if [ $QUEUELEN -gt $MAXLEN ]; then /sbin/reboot fi -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dustin.baer at IHS.COM Tue Jan 29 16:44:25 2002 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths References: <20C245C5F9A41949A359CCDBF4B3ADED2A779B@foundation.foundation.sdsu.edu> Message-ID: <3C56D169.305600FE@ihs.com> Steve Evans wrote: > > I've had mailscanner stop processing mail a couple of times. The mail just keeps building up until I restart the computer. (resarting the service doesn't seem to do it usually). How could I write a script to check the number of files in mqueue.in and mqueue and execute a init6 if it gets over a certain number? > > Steve Steve, Are you sure that mailscanner actually stopped processing mail? I had this problem a few weeks ago, and discovered that it was the SPAM checking to relays.ordb.org that was causing the problem. There was a buildup of over 600 messages in mqueue.in. Perhaps their site was down. After turning off SPAM checking, mqueue.in cleared out in a matter of seconds. Maybe try turning of SPAM checking in mailscanner.conf, before rebooting and see if that helps. Dustin Baer VERY Junior Unix Administrator Information Handling Services 15 Inverness Way East Englewood, CO 80112 From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 16:59:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:21 2006 Subject: MAILSCANNER: yelsir@MAGNATECHONLINE.COM requested to join Message-ID: <200201291659.QAA28610@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 16:59:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Yussef ElSirgany You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER yelsir@MAGNATECHONLINE.COM Yussef ElSirgany PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER yelsir@MAGNATECHONLINE.COM Yussef ElSirgany // EOJ From S.R.Patterson at SOTON.AC.UK Tue Jan 29 16:59:39 2002 From: S.R.Patterson at SOTON.AC.UK (Patterson, S R) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths Message-ID: -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: 29 January 2002 16:56 > How about something like > #!/bin/sh > # Define this to be your maximum allowed mail queue length > MAXLEN=300 > LSLEN=`cd /var/spool/mqueue.in && ls | wc -l` > QUEUELEN=`expr $LSLEN / 2` Better: QUEUELEN=`find /var/spool/mqueue.in -name q*|wc -l` > if [ $QUEUELEN -gt $MAXLEN ]; then > /sbin/reboot > fi Steve From sevans at FOUNDATION.SDSU.EDU Tue Jan 29 17:03:22 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A77A0@foundation.foundation.sdsu.edu> We're not using spam checking. Steve -----Original Message----- From: Dustin Baer [mailto:dustin.baer@IHS.COM] Sent: Tuesday, January 29, 2002 8:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Monitor Que Lengths Steve Evans wrote: > > I've had mailscanner stop processing mail a couple of times. The mail just keeps building up until I restart the computer. (resarting the service doesn't seem to do it usually). How could I write a script to check the number of files in mqueue.in and mqueue and execute a init6 if it gets over a certain number? > > Steve Steve, Are you sure that mailscanner actually stopped processing mail? I had this problem a few weeks ago, and discovered that it was the SPAM checking to relays.ordb.org that was causing the problem. There was a buildup of over 600 messages in mqueue.in. Perhaps their site was down. After turning off SPAM checking, mqueue.in cleared out in a matter of seconds. Maybe try turning of SPAM checking in mailscanner.conf, before rebooting and see if that helps. Dustin Baer VERY Junior Unix Administrator Information Handling Services 15 Inverness Way East Englewood, CO 80112 From sevans at FOUNDATION.SDSU.EDU Tue Jan 29 17:05:10 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:21 2006 Subject: Monitor Que Lengths Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A77A1@foundation.foundation.sdsu.edu> We're still on 2.6 or something like that. We starting using Mailscanner in December just before 3.x came out so we've never upgraded yet. We probably will next month after things calm down a bit. Thanks for the script idea. I should probably also have the script check mqueue also shouldn't I. Steve -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Tuesday, January 29, 2002 8:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Monitor Que Lengths At 16:40 29/01/2002, you wrote: >I've had mailscanner stop processing mail a couple of times. What version of MailScanner are you using? This was a known problem with some of the early releases of version 3. You really need to be running 3.04. >The mail just keeps building up until I restart the computer. (resarting >the service doesn't seem to do it usually). Running /usr/local/MailScanner/bin/check_mailscanner should restart MailScanner if it is not running. > How could I write a script to check the number of files in mqueue.in > and mqueue and execute a init6 if it gets over a certain number? How about something like #!/bin/sh # Define this to be your maximum allowed mail queue length MAXLEN=300 LSLEN=`cd /var/spool/mqueue.in && ls | wc -l` QUEUELEN=`expr $LSLEN / 2` if [ $QUEUELEN -gt $MAXLEN ]; then /sbin/reboot fi -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From felker at GMX.NET Tue Jan 29 19:18:43 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:21 2006 Subject: FYI: f-prot (28 jan) _does_ recognize MyParty References: <20C245C5F9A41949A359CCDBF4B3ADED2A77A1@foundation.foundation.sdsu.edu> Message-ID: <9760.1012331923@www44.gmx.net> Hi, To avoid misunderstandings due to my own report, I would like to say that f-prot _does_ detect MyParty, although it is not listed in the '-virlist': [sander@sanderold sander]$ /usr/local/f-prot/f-prot -virlist | grep -i MyParty [sander@sanderold sander]$ $ /usr/local/f-prot/f-prot www.myparty.yahoo.com Virus scanning report - 29. January 2002 19:57 F-PROT 3.11b SIGN.DEF created 28. January 2002 SIGN2.DEF created 28. January 2002 MACRO.DEF created 16. January 2002 Search: www.myparty.yahoo.com Action: Report only Files: Attempt to identify files Switches: /home/sander/www.myparty.yahoo.com is a security risk or a "backdoor" program Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:00 -- Sent through GMX FreeMail - http://www.gmx.net From evertjan at VANRAMSELAAR.NET Tue Jan 29 20:01:18 2002 From: evertjan at VANRAMSELAAR.NET (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:21 2006 Subject: Return-Path header Message-ID: <000b01c1a8ff$b7029090$65020a0a@galaxy> In addition to my other mails about the Return-Path header... It _seems_ to be there somewhere... sort of... From gene at ERACHAMPION.COM Tue Jan 29 20:15:22 2002 From: gene at ERACHAMPION.COM (Gene Ruebsamen) Date: Thu Jan 12 21:14:21 2006 Subject: MailScanner + SpamAssassin Integration Message-ID: Hello, I am using SpamAssassin in conjunction w/MailScanner. Currently, I am using them separately (ie. running the SpamAssassin Daemon, and calling spamc on each message via procmail). What I would like to do is use the built-in SpamAssassin support in MailScanner; however, whenever I enable this support, I get a Perl Error as follows: Can't locate Mail/SpamAssassin.pm in @INC (@INC contains: /usr/local/MailScanner/bin /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/local/MailScanner/bin/sendmail.pl line 46. Compilation failed in require at /usr/local/MailScanner/bin/mailscanner line 77. I did a search for SpamAssassin.pm, and found that it was located in the following directory: /usr/local/lib/perl5/site_perl/5.6.1/Mail/ It seems the default path that MailScanner looks for is the Perl 5.6.0 path.. I have a default RH7.2 install and installed MailScanner via the Redhat RPM's. While installing SpamAssassin, I was downloading modules from CPAN, it upgraded my perl to 5.6.1!! (grr!!). It seems to be a path problem, anyone know how to fix it? I can't seem to find any info in any of the Perl FAQs. Thanks!! Gene Ruebsamen Sales Associate ERA Champion Realty, Inc. www.erachampion.com (714) 534-4425 From rishi at THEARGONCOMPANY.COM Tue Jan 29 20:57:39 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:21 2006 Subject: EMERGENCY: MyParty References: <5.1.0.14.2.20020128123743.03563c20@hawk.ecs.soton.ac.uk> Message-ID: <066901c1a907$9668cb80$1b02a8c0@theargoncompany.com> I updated f-prot + 3.03-1. It seems to be detecting MyParty virus just fine. How come? Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, January 28, 2002 6:09 PM Subject: EMERGENCY: MyParty The MyParty virus is not being caught by MailScanner. I am in the process of issuing a fix for this, which will be version 3.04-1. Everyone should upgrade to this version. Those not wanting to upgrade, but merely wanting a fix for their current code should see the website News and a simple fix is a 1-line change. Sorry about this folks, they caught me out on an optimisation :-( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020130/9368ad7f/attachment.html From rishi at THEARGONCOMPANY.COM Tue Jan 29 21:11:05 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 & MyParty References: <5.1.0.14.2.20020128161805.06792ea0@imap.ecs.soton.ac.uk> <32481.1012245905@www44.gmx.net> Message-ID: <06b501c1a909$76f12700$1b02a8c0@theargoncompany.com> Hi Sander, I updated my f-prot [root@argon root]# f-prot -virlist | grep -i party Myparty.A@mm Myparty.B@mm No_Party.519 WParty.557.A WParty.557.B WParty.558 IRC/Party.A VBS/Party.A@mm Virus scanning report - 30. January 2002 2:48 F-PROT 3.11b SIGN.DEF created 29. January 2002 SIGN2.DEF created 29. January 2002 MACRO.DEF created 16. January 2002 Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com ----- Original Message ----- From: Sander Jonkers To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, January 29, 2002 12:55 AM Subject: Re: 3.04-1 & MyParty > At 15:22 28/01/2002, you wrote: > >Will 3.04-1 protect against MyParty by itself or does it need an > >up-to-date anti-virus database and tools as well? > > It will still need an up-to-date anti-virus database. If you can't get > that, I would advise you switch vendors the next chance you get :-) Hmm, the updated f-prot does not know MyParty: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i myparty Other Parties are present: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | grep -i party No_Party.519 WParty.557.A WParty.557.B WParty.558 IRC/Party.A VBS/Party.A@mm Proof that f-prot has been updated: [root@sanderold root]# /usr/local/f-prot/f-prot -virlist | head -5 SIGN.DEF created 28. January 2002 SIGN2.DEF created 28. January 2002 MACRO.DEF created 16. January 2002 2-up.6000 2Sexy.384 [root@sanderold root]# So, switch 'vendor'? Sander -- Sent through GMX FreeMail - http://www.gmx.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020130/1998123d/attachment.html From steven at JUBAL.COM Tue Jan 29 21:09:10 2002 From: steven at JUBAL.COM (Stephen Nelson) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 doesn't spam check Message-ID: Something seems a bit odd with my current setup... I upgraded to 3.04-1, and since then no spam messages are being marked. Running in debug mode gave no messages (and quit after a single message was processed, but that looks like a feature). There are no error messages in either the maillog or the messages file. Spamassassin seems to run fine from the command line. Since I'm not seeing other messages about this, I'm assuming I scrambled a config file. I'm running perl v5.6.1 and SpamAssassin 2.01 on a Red Hat Linux 7.2 system. What have I missed? My config file is as follows. The primary tweaks are that I deliver individually in the background (there is only one user, so that seems optimal) and that I give SpamAssassin a timeout of 720 (I'm on a dialup, so I want to give SpamAssassin time to establish a network link for RBL). Spam checking and spamassassin are both set to "yes". Any ideas? ---- CUT HERE --- # Configuration file for MailScanner E-Mail Virus Scanner # This file assumes everything is in the default locations provided # by the MailScanner and RedHat 6.2 and upwards. # User to run as (provided for Exim users) #Run As User = mail # Group to run as (provided for Exim users) #Run As Group = mail # In every batch of virus-scanning, limit the maximum # a) number of text-only messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of text-only messages to deliver # d) total size of potentially infected messages to unpack and scan Max Safe Messages Per Scan = 500 Max Unsafe Messages Per Scan = 100 Max Safe Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 # To avoid resource leaks, re-start periodically. Restart Every = 14400 # 4 hours # Name of this host, or just "the MailScanner" if you want to hide this info. # It can be placed in the Help Desk note contained in virus warnings sent to users. Host name = the MailScanner # Add this extra header to all mail as it is scanned. # (this must *include* terminating colon). Mail Header = X-MailScanner: # Set the mail header to these values for clean/infected messages. Clean Header = Found to be clean Infected Header = Found to be infected Disinfected Header = Disinfected # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected message attachments (if they are kept) Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id so you can easily stop the scanner Pid File = /usr/local/MailScanner/var/virus.pid # Set where to find the attachment filename ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their name, regardless of # whether they are infected or not. Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf # Set where to find the message text sent to users when one of their # attachments has been quarantined. Stored Virus Message Report = /usr/local/MailScanner/etc/stored.virus.message.txt Stored Bad Filename Message Report = /usr/local/MailScanner/etc/stored.filename.message.txt # Set where to find the message text sent to users when one of their # attachments has been deleted. Deleted Virus Message Report = /usr/local/MailScanner/etc/deleted.virus.message.txt Deleted Bad Filename Message Report = /usr/local/MailScanner/etc/deleted.filename.message.txt # Set where to find the message text sent to users explaining about the # attached disinfected documents. Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt # Set location of incoming mail queue # and location of outgoing mail queue. Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue # Set whether to use sendmail or exim (default is sendmail) MTA = sendmail # Set how to invoke MTA when sending created message # (e.g. to sender/recipient saying "found a virus in your message") Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It defaults to the value supplied for Sendmail. # It is the command used to attempt delivery of outgoing # (scanned/cleaned) messages. # This is not usually required for sendmail. #Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf # Do you want to scan email for viruses? # A few people have wanted to disable the entire virus scanning. Virus Scanning = yes # Which Virus Scanning package to use: # sophos from www.sophos.com, or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # kaspersky from www.kaspersky.com, or # inoculate from www.cai.com/products/inoculateit.htm, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002) Virus Scanner = f-prot # Where the Virus scanner is installed. This is the command needed to run it. # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of commands, **in the same order** as they are listed # in the "Virus Scanner" keyword just above. For example: # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f- protwrapper # Sweep = /usr/local/f-prot/f-prot # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). Virus Scanner Timeout = 300 # Expand TNEF attachments using an external program? # This should be "yes" except for Sophos (when it should be "no") # as Sophos has the facility built-in. Expand TNEF = yes # Where the MS-TNEF expander is installed. # The new --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files. TNEF Expander = /usr/local/MailScanner/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. # (in seconds) TNEF Timeout = 120 # What should the attachments be called that replace virus-infected files? Attachment Warning Filename = VirusWarning.txt # Should we scan all messages, including plain-text messages which are normally # harmless? This should be "yes" since the MyParty message appeared. Scan All Messages = yes # Once we have removed viruses from an email message and replaced them with # VirusWarning.txt attachments, should we deliver the clean result to the # original recipients (or just delete them if "no")? Deliver To Recipients = yes # Deliver messages with viruses removed to their original recipients # if they came from a local address, or just delete them so no-one knows # we have a virus outbreak on our site? Deliver From Local Domains = yes # Notify the senders of infected messages that they should check out # their systems? Notify Senders = yes # Set where to find the message text sent to the senders of infected # messages. #Sender Report = /usr/local/MailScanner/etc/sender.report.txt Sender Virus Report = /usr/local/MailScanner/etc/sender.virus.report.txt Sender Bad Filename Report = /usr/local/MailScanner/etc/sender.filename.report.txt Sender Error Report = /usr/local/MailScanner/etc/sender.error.report.txt # Notify the local postmaster when any infections are found? Notify Local Postmaster = yes # Include the full headers of each message in the postmaster notification? Postmaster Gets Full Headers = no # Set email address of who to notify about any infections found. # Should put your full domain name here too, # e.g. postmaster@your.domain.com Local Postmaster = postmaster # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep # Should I attempt to disinfect infected attachments and then deliver # the clean ones Deliver Disinfected Files = yes # Local domain name, or filename containing a list of local domain names # The file supports blank entries, '#' and ';' comment characters and # uses the first word off each line. This should be compatible with all # such lines in a sendmail or Exim configuration file. #Local Domains = /usr/local/MailScanner/etc/localdomains.conf Local Domains = speakeasy.org Local Domains = speakeasy.net # Mark infected messages in the message body. # There can now be more than 1 of these configuration lines here, so you can # break the warning message over multiple lines. Mark Infected Messages = yes Inline Text Warning = Warning: This message has had one or more attachments removed. Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment (s) for more information. Inline HTML Warning =

Warning: This message has had one or more attachments removed. Please read the "VirusWarning.txt" attachment(s) for more information.

# Sign clean messages in the message body. # There can be more than 1 of these configuration lines here, so you can # break the signature message over multiple lines. # Note that enabling this option will add to the overall system load as some # major optimisations will no longer be possible! Sign Clean Messages = no Inline Text Signature = -- Inline Text Signature = This message has been scanned for viruses and Inline Text Signature = dangerous content by MailScanner, and is Inline Text Signature = believed to be clean. Inline HTML Signature =
-- Inline HTML Signature =
This message has been scanned for viruses and Inline HTML Signature =
dangerous content by Inline HTML Signature = MailScanner, Inline HTML Signature = and is
believed to be clean. # # Spam Detection # # Should the anti-spam checks be done on all incoming messages? Spam Checks = yes # Set the name of the extra header to add to all messages found to be # likely spam. Spam Header = X-MailScanner-SpamCheck: # Do you want to put some text on the front of the subject line when # we think it is spam? Spam Modify Subject = yes # What text do we want to put on the front (gets followed by a " ") Spam Subject Text = {SPAM?} # Do we have the SpamAssassin package installed? # This is a very good, very clever heuristics-based spam checker. # For more info and installation instructions, see http://spamassassin.taint.org/ Use SpamAssassin = yes # Set the maximum size of message which we will check with SpamAssassin # Don't set this too large as your system load will get very high processing # huge messages. Max SpamAssassin Size = 100000 # Set the maximum time to allow SpamAssassin to process 1 message SpamAssassin Timeout = 720 # Set the list of database names and their corresponding DNS domains. # All of these databases work in a similar way, allowing the simple use # of multiple databases. # See www.ordb.org and www.mail-abuse.org for more information. # Spam List = # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. #Spam List = MAPS-RBL, blackholes.mail-abuse.org. #Spam List = MAPS-DUL, dialups.mail-abuse.org. #Spam List = MAPS-RSS, relays.mail-abuse.org. # This next line works for JANET UK Academic sites only #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net. # Define local networks from whom you should always accept mail, and # never mark it as spam. This is useful in case your own mail servers # are ever in the ORBS or MAPS lists. Accept Spam From = 152.78. Accept Spam From = 139.166. Accept Spam From = 192.168.0. # Define a list of email addresses and email domains from whom you should # always accept mail, and never mark it as spam. This is useful in case # someone you correspond with a lot has their mail servers in the ORBS or # MAPS lists. Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf # # Advanced Features # ================= # # Don't bother changing anything below this unless you really know what # you are doing. # # Set Debug to 1 to stop it running as a daemon # and produce more verbose output Debug = 0 # Attempt immediate delivery of messages, or just place them in the outgoing # queue for the MTA to deliver at a time of its own choosing? # If attempting immediate delivery, do them one at a time, # or do them in batches of 30 at a time? # Delivery Method = queue # Delivery Method = individual Delivery Method = individual # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For Exim, it defaults to "posix". # No other type is implemented. #Lock Type = flock # Where to put the virus scanning engine lock files. # These lock files are used between MailScanner and the virus signature # "autoupdate" scripts, to ensure that they aren't both working at the # same time (which could cause MailScanner to let a virus through). Lock File Dir = /tmp # What to do when you get several MailScanner headers in one message, # from multiple MailScanner servers. Values are # "append" : Append the new data to the existing header # "add" : Add a new header # "replace" : Replace the old data with the new data # Default is "append" Multiple Headers = append # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = no # When attempting delivery of outgoing messages, should we do it in the # background or wait for it to complete? The danger of doing it in the # background is that the machine load goes ever upwards while all the # slow sendmail processes run to completion. However, running it in the # foreground may cause the mail server to run too slowly. Deliver In Background = yes # Minimum acceptable code stability status -- if we come across code # that's not at least as stable as this, we barf. # This is currently only used to check that you don't end up using untested # virus scanner support code without realising it. # Levels used are: # none - there may not even be any code. # unsupported - code may be completely untested, a contributed dirty hack, # anything, really. # alpha - code is pretty well untested. Don't assume it will work. # beta - code is tested a bit. It should work. # supported - code *should* be reliable. # # Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to. # Don't set it to anything other than "supported" on a system that could # ever receive important mail. Minimum Code Status = beta From sevans at FOUNDATION.SDSU.EDU Tue Jan 29 22:34:56 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:21 2006 Subject: Que Length Check Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A77C0@foundation.foundation.sdsu.edu> I wrote a script that looks like the following according to Julian's instructions. When I run it tells me there are to many arguments. Any ideas? Steve #!/bin/sh #Define this to be your maximum allowed mail queue length MAXLEN=20 LSLEN='cd /var/spool/mqueue.in && ls | wc -l' QUEUELEN='find /var/spool/mqueue.in -name q* | wc -l' if [ $QUEUELEN -gt $MAXLEN ]; then touch /var/spool/mqueue.in-file fi From gene at ERACHAMPION.COM Tue Jan 29 22:45:50 2002 From: gene at ERACHAMPION.COM (Gene Ruebsamen) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 doesn't spam check In-Reply-To: Message-ID: Okay, I know you guys are probably sick of hearing this, but this problem seems to be the same problem I am haveing, and is possibly related to the PERL path problem. (see previous post). Am I correct in assuming that the RPM install of MailScanner on RH7.2 looks for Perl Version 5.6.0? I have the same configuration as Stephen, and I cannot get MailScanner to flag spam using SpamAssassin 2.01, and the reason is because MailScanner assumes a path to perl 5.6.0 instead of perl 5.6.1. Any ideas? Gene Ruebsamen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Stephen Nelson Sent: Tuesday, January 29, 2002 1:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: 3.04-1 doesn't spam check Something seems a bit odd with my current setup... I upgraded to 3.04-1, and since then no spam messages are being marked. Running in debug mode gave no messages (and quit after a single message was processed, but that looks like a feature). There are no error messages in either the maillog or the messages file. Spamassassin seems to run fine from the command line. Since I'm not seeing other messages about this, I'm assuming I scrambled a config file. I'm running perl v5.6.1 and SpamAssassin 2.01 on a Red Hat Linux 7.2 system. What have I missed? My config file is as follows. The primary tweaks are that I deliver individually in the background (there is only one user, so that seems optimal) and that I give SpamAssassin a timeout of 720 (I'm on a dialup, so I want to give SpamAssassin time to establish a network link for RBL). Spam checking and spamassassin are both set to "yes". Any ideas? ---- CUT HERE --- # Configuration file for MailScanner E-Mail Virus Scanner # This file assumes everything is in the default locations provided # by the MailScanner and RedHat 6.2 and upwards. # User to run as (provided for Exim users) #Run As User = mail # Group to run as (provided for Exim users) #Run As Group = mail # In every batch of virus-scanning, limit the maximum # a) number of text-only messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of text-only messages to deliver # d) total size of potentially infected messages to unpack and scan Max Safe Messages Per Scan = 500 Max Unsafe Messages Per Scan = 100 Max Safe Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 # To avoid resource leaks, re-start periodically. Restart Every = 14400 # 4 hours # Name of this host, or just "the MailScanner" if you want to hide this info. # It can be placed in the Help Desk note contained in virus warnings sent to users. Host name = the MailScanner # Add this extra header to all mail as it is scanned. # (this must *include* terminating colon). Mail Header = X-MailScanner: # Set the mail header to these values for clean/infected messages. Clean Header = Found to be clean Infected Header = Found to be infected Disinfected Header = Disinfected # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected message attachments (if they are kept) Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id so you can easily stop the scanner Pid File = /usr/local/MailScanner/var/virus.pid # Set where to find the attachment filename ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their name, regardless of # whether they are infected or not. Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf # Set where to find the message text sent to users when one of their # attachments has been quarantined. Stored Virus Message Report = /usr/local/MailScanner/etc/stored.virus.message.txt Stored Bad Filename Message Report = /usr/local/MailScanner/etc/stored.filename.message.txt # Set where to find the message text sent to users when one of their # attachments has been deleted. Deleted Virus Message Report = /usr/local/MailScanner/etc/deleted.virus.message.txt Deleted Bad Filename Message Report = /usr/local/MailScanner/etc/deleted.filename.message.txt # Set where to find the message text sent to users explaining about the # attached disinfected documents. Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt # Set location of incoming mail queue # and location of outgoing mail queue. Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue # Set whether to use sendmail or exim (default is sendmail) MTA = sendmail # Set how to invoke MTA when sending created message # (e.g. to sender/recipient saying "found a virus in your message") Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It defaults to the value supplied for Sendmail. # It is the command used to attempt delivery of outgoing # (scanned/cleaned) messages. # This is not usually required for sendmail. #Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf # Do you want to scan email for viruses? # A few people have wanted to disable the entire virus scanning. Virus Scanning = yes # Which Virus Scanning package to use: # sophos from www.sophos.com, or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # kaspersky from www.kaspersky.com, or # inoculate from www.cai.com/products/inoculateit.htm, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002) Virus Scanner = f-prot # Where the Virus scanner is installed. This is the command needed to run it. # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of commands, **in the same order** as they are listed # in the "Virus Scanner" keyword just above. For example: # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f- protwrapper # Sweep = /usr/local/f-prot/f-prot # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). Virus Scanner Timeout = 300 # Expand TNEF attachments using an external program? # This should be "yes" except for Sophos (when it should be "no") # as Sophos has the facility built-in. Expand TNEF = yes # Where the MS-TNEF expander is installed. # The new --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files. TNEF Expander = /usr/local/MailScanner/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. # (in seconds) TNEF Timeout = 120 # What should the attachments be called that replace virus-infected files? Attachment Warning Filename = VirusWarning.txt # Should we scan all messages, including plain-text messages which are normally # harmless? This should be "yes" since the MyParty message appeared. Scan All Messages = yes # Once we have removed viruses from an email message and replaced them with # VirusWarning.txt attachments, should we deliver the clean result to the # original recipients (or just delete them if "no")? Deliver To Recipients = yes # Deliver messages with viruses removed to their original recipients # if they came from a local address, or just delete them so no-one knows # we have a virus outbreak on our site? Deliver From Local Domains = yes # Notify the senders of infected messages that they should check out # their systems? Notify Senders = yes # Set where to find the message text sent to the senders of infected # messages. #Sender Report = /usr/local/MailScanner/etc/sender.report.txt Sender Virus Report = /usr/local/MailScanner/etc/sender.virus.report.txt Sender Bad Filename Report = /usr/local/MailScanner/etc/sender.filename.report.txt Sender Error Report = /usr/local/MailScanner/etc/sender.error.report.txt # Notify the local postmaster when any infections are found? Notify Local Postmaster = yes # Include the full headers of each message in the postmaster notification? Postmaster Gets Full Headers = no # Set email address of who to notify about any infections found. # Should put your full domain name here too, # e.g. postmaster@your.domain.com Local Postmaster = postmaster # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep # Should I attempt to disinfect infected attachments and then deliver # the clean ones Deliver Disinfected Files = yes # Local domain name, or filename containing a list of local domain names # The file supports blank entries, '#' and ';' comment characters and # uses the first word off each line. This should be compatible with all # such lines in a sendmail or Exim configuration file. #Local Domains = /usr/local/MailScanner/etc/localdomains.conf Local Domains = speakeasy.org Local Domains = speakeasy.net # Mark infected messages in the message body. # There can now be more than 1 of these configuration lines here, so you can # break the warning message over multiple lines. Mark Infected Messages = yes Inline Text Warning = Warning: This message has had one or more attachments removed. Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment (s) for more information. Inline HTML Warning =

Warning: This message has had one or more attachments removed. Please read the "VirusWarning.txt" attachment(s) for more information.

# Sign clean messages in the message body. # There can be more than 1 of these configuration lines here, so you can # break the signature message over multiple lines. # Note that enabling this option will add to the overall system load as some # major optimisations will no longer be possible! Sign Clean Messages = no Inline Text Signature = -- Inline Text Signature = This message has been scanned for viruses and Inline Text Signature = dangerous content by MailScanner, and is Inline Text Signature = believed to be clean. Inline HTML Signature =
-- Inline HTML Signature =
This message has been scanned for viruses and Inline HTML Signature =
dangerous content by Inline HTML Signature = MailScanner, Inline HTML Signature = and is
believed to be clean. # # Spam Detection # # Should the anti-spam checks be done on all incoming messages? Spam Checks = yes # Set the name of the extra header to add to all messages found to be # likely spam. Spam Header = X-MailScanner-SpamCheck: # Do you want to put some text on the front of the subject line when # we think it is spam? Spam Modify Subject = yes # What text do we want to put on the front (gets followed by a " ") Spam Subject Text = {SPAM?} # Do we have the SpamAssassin package installed? # This is a very good, very clever heuristics-based spam checker. # For more info and installation instructions, see http://spamassassin.taint.org/ Use SpamAssassin = yes # Set the maximum size of message which we will check with SpamAssassin # Don't set this too large as your system load will get very high processing # huge messages. Max SpamAssassin Size = 100000 # Set the maximum time to allow SpamAssassin to process 1 message SpamAssassin Timeout = 720 # Set the list of database names and their corresponding DNS domains. # All of these databases work in a similar way, allowing the simple use # of multiple databases. # See www.ordb.org and www.mail-abuse.org for more information. # Spam List = # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. #Spam List = MAPS-RBL, blackholes.mail-abuse.org. #Spam List = MAPS-DUL, dialups.mail-abuse.org. #Spam List = MAPS-RSS, relays.mail-abuse.org. # This next line works for JANET UK Academic sites only #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net. # Define local networks from whom you should always accept mail, and # never mark it as spam. This is useful in case your own mail servers # are ever in the ORBS or MAPS lists. Accept Spam From = 152.78. Accept Spam From = 139.166. Accept Spam From = 192.168.0. # Define a list of email addresses and email domains from whom you should # always accept mail, and never mark it as spam. This is useful in case # someone you correspond with a lot has their mail servers in the ORBS or # MAPS lists. Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf # # Advanced Features # ================= # # Don't bother changing anything below this unless you really know what # you are doing. # # Set Debug to 1 to stop it running as a daemon # and produce more verbose output Debug = 0 # Attempt immediate delivery of messages, or just place them in the outgoing # queue for the MTA to deliver at a time of its own choosing? # If attempting immediate delivery, do them one at a time, # or do them in batches of 30 at a time? # Delivery Method = queue # Delivery Method = individual Delivery Method = individual # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For Exim, it defaults to "posix". # No other type is implemented. #Lock Type = flock # Where to put the virus scanning engine lock files. # These lock files are used between MailScanner and the virus signature # "autoupdate" scripts, to ensure that they aren't both working at the # same time (which could cause MailScanner to let a virus through). Lock File Dir = /tmp # What to do when you get several MailScanner headers in one message, # from multiple MailScanner servers. Values are # "append" : Append the new data to the existing header # "add" : Add a new header # "replace" : Replace the old data with the new data # Default is "append" Multiple Headers = append # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = no # When attempting delivery of outgoing messages, should we do it in the # background or wait for it to complete? The danger of doing it in the # background is that the machine load goes ever upwards while all the # slow sendmail processes run to completion. However, running it in the # foreground may cause the mail server to run too slowly. Deliver In Background = yes # Minimum acceptable code stability status -- if we come across code # that's not at least as stable as this, we barf. # This is currently only used to check that you don't end up using untested # virus scanner support code without realising it. # Levels used are: # none - there may not even be any code. # unsupported - code may be completely untested, a contributed dirty hack, # anything, really. # alpha - code is pretty well untested. Don't assume it will work. # beta - code is tested a bit. It should work. # supported - code *should* be reliable. # # Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to. # Don't set it to anything other than "supported" on a system that could # ever receive important mail. Minimum Code Status = beta From gerry at DORFAM.CA Tue Jan 29 22:57:02 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 doesn't spam check In-Reply-To: Message-ID: Well, I don't know if this was the "correct" way to do it but... Julian suggested way back when I was having problems that perhaps it was the downlevel version of perl that I was using (I'm running RH 7.1). I updated using CPAN to 5.6.1. That wasn't the cause of the problem I was having but that's another story. I noticed that I now had two different perl installs; the old one to 5.6.0 and the new one at 5.6.1. I manually went in and deleted the 5.6.0 stuff. I then reinstalled mailscanner and spanassassin (not just restarted). Everything has worked fine since. Gerry On Tue, 29 Jan 2002, Gene Ruebsamen wrote: > Okay, I know you guys are probably sick of hearing this, but this problem > seems to be the same problem I am haveing, and is possibly related to the > PERL path problem. (see previous post). > > Am I correct in assuming that the RPM install of MailScanner on RH7.2 looks > for Perl Version 5.6.0? > > I have the same configuration as Stephen, and I cannot get MailScanner to > flag spam using SpamAssassin 2.01, and the reason is because MailScanner > assumes a path to perl 5.6.0 instead of perl 5.6.1. > > Any ideas? > > Gene Ruebsamen > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Stephen Nelson > Sent: Tuesday, January 29, 2002 1:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: 3.04-1 doesn't spam check > > > Something seems a bit odd with my current setup... I upgraded to 3.04-1, > and since then no spam messages are being marked. Running in debug mode > gave no messages (and quit after a single message was processed, but that > looks like a feature). There are no error messages in either the maillog or > the messages file. Spamassassin seems to run fine from the command line. > > Since I'm not seeing other messages about this, I'm assuming I scrambled a > config file. I'm running perl v5.6.1 and SpamAssassin 2.01 on a Red Hat > Linux 7.2 system. > > What have I missed? My config file is as follows. The primary tweaks are > that I deliver individually in the background (there is only one user, so > that seems optimal) and that I give SpamAssassin a timeout of 720 (I'm on a > dialup, so I want to give SpamAssassin time to establish a network link for > RBL). Spam checking and spamassassin are both set to "yes". > > Any ideas? > > ---- CUT HERE --- > # Configuration file for MailScanner E-Mail Virus Scanner > # This file assumes everything is in the default locations provided > # by the MailScanner and RedHat 6.2 and upwards. > > # User to run as (provided for Exim users) > #Run As User = mail > > # Group to run as (provided for Exim users) > #Run As Group = mail > > # In every batch of virus-scanning, limit the maximum > # a) number of text-only messages to deliver > # b) number of potentially infected messages to unpack and scan > # c) total size of text-only messages to deliver > # d) total size of potentially infected messages to unpack and scan > Max Safe Messages Per Scan = 500 > Max Unsafe Messages Per Scan = 100 > Max Safe Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > > # To avoid resource leaks, re-start periodically. > Restart Every = 14400 # 4 hours > > # Name of this host, or just "the MailScanner" if you want to hide this > info. > # It can be placed in the Help Desk note contained in virus warnings sent > to users. > Host name = the MailScanner > > # Add this extra header to all mail as it is scanned. > # (this must *include* terminating colon). > Mail Header = X-MailScanner: > > # Set the mail header to these values for clean/infected messages. > Clean Header = Found to be clean > Infected Header = Found to be infected > Disinfected Header = Disinfected > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > # Set where to store infected message attachments (if they are kept) > Quarantine Dir = /var/spool/MailScanner/quarantine > > # Set where to store the process id so you can easily stop the scanner > Pid File = /usr/local/MailScanner/var/virus.pid > > # Set where to find the attachment filename ruleset. > # The structure of this file is explained elsewhere, but it is used to > # accept or reject file attachments based on their name, regardless of > # whether they are infected or not. > Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf > > # Set where to find the message text sent to users when one of their > # attachments has been quarantined. > Stored Virus Message Report > = /usr/local/MailScanner/etc/stored.virus.message.txt > Stored Bad Filename Message Report > = /usr/local/MailScanner/etc/stored.filename.message.txt > > # Set where to find the message text sent to users when one of their > # attachments has been deleted. > Deleted Virus Message Report > = /usr/local/MailScanner/etc/deleted.virus.message.txt > Deleted Bad Filename Message Report > = /usr/local/MailScanner/etc/deleted.filename.message.txt > > # Set where to find the message text sent to users explaining about the > # attached disinfected documents. > Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt > > # Set location of incoming mail queue > # and location of outgoing mail queue. > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > > # Set whether to use sendmail or exim (default is sendmail) > MTA = sendmail > > # Set how to invoke MTA when sending created message > # (e.g. to sender/recipient saying "found a virus in your message") > Sendmail = /usr/sbin/sendmail > > # Sendmail2 is provided for Exim users. > # It defaults to the value supplied for Sendmail. > # It is the command used to attempt delivery of outgoing > # (scanned/cleaned) messages. > # This is not usually required for sendmail. > #Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf > > # Do you want to scan email for viruses? > # A few people have wanted to disable the entire virus scanning. > Virus Scanning = yes > > # Which Virus Scanning package to use: > # sophos from www.sophos.com, or > # mcafee from www.mcafee.com, or > # command from www.command.co.uk, or > # kaspersky from www.kaspersky.com, or > # inoculate from www.cai.com/products/inoculateit.htm, or > # f-secure from www.f-secure.com, or > # f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002) > Virus Scanner = f-prot > > # Where the Virus scanner is installed. This is the command needed to run > it. > # > # Note: If you want to use multiple virus scanners, then this should be a > # comma-separated list of commands, **in the same order** as they are listed > # in the "Virus Scanner" keyword just above. For example: > # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f- > protwrapper > # > Sweep = /usr/local/f-prot/f-prot > > # The maximum length of time the commercial virus scanner is allowed to run > # for 1 batch of messages (in seconds). > Virus Scanner Timeout = 300 > > # Expand TNEF attachments using an external program? > # This should be "yes" except for Sophos (when it should be "no") > # as Sophos has the facility built-in. > Expand TNEF = yes > > # Where the MS-TNEF expander is installed. > # The new --maxsize option limits the maximum size that any expanded > attachment > # may be. It helps protect against Denial Of Service attacks in TNEF files. > TNEF Expander = /usr/local/MailScanner/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to run for 1 > message. > # (in seconds) > TNEF Timeout = 120 > > # What should the attachments be called that replace virus-infected files? > Attachment Warning Filename = VirusWarning.txt > > # Should we scan all messages, including plain-text messages which are > normally > # harmless? This should be "yes" since the MyParty message appeared. > Scan All Messages = yes > > # Once we have removed viruses from an email message and replaced them with > # VirusWarning.txt attachments, should we deliver the clean result to the > # original recipients (or just delete them if "no")? > Deliver To Recipients = yes > > # Deliver messages with viruses removed to their original recipients > # if they came from a local address, or just delete them so no-one knows > # we have a virus outbreak on our site? > Deliver From Local Domains = yes > > # Notify the senders of infected messages that they should check out > # their systems? > Notify Senders = yes > > # Set where to find the message text sent to the senders of infected > # messages. > #Sender Report = /usr/local/MailScanner/etc/sender.report.txt > Sender Virus Report > = /usr/local/MailScanner/etc/sender.virus.report.txt > Sender Bad Filename Report > = /usr/local/MailScanner/etc/sender.filename.report.txt > Sender Error Report > = /usr/local/MailScanner/etc/sender.error.report.txt > > # Notify the local postmaster when any infections are found? > Notify Local Postmaster = yes > > # Include the full headers of each message in the postmaster notification? > Postmaster Gets Full Headers = no > > # Set email address of who to notify about any infections found. > # Should put your full domain name here too, > # e.g. postmaster@your.domain.com > Local Postmaster = postmaster > > # Set what to do with infected attachments or messages. > # keep ==> Store under the "Quarantine Dir" > # delete ==> Just delete them > #Action = delete > Action = keep > > # Should I attempt to disinfect infected attachments and then deliver > # the clean ones > Deliver Disinfected Files = yes > > # Local domain name, or filename containing a list of local domain names > # The file supports blank entries, '#' and ';' comment characters and > # uses the first word off each line. This should be compatible with all > # such lines in a sendmail or Exim configuration file. > #Local Domains = /usr/local/MailScanner/etc/localdomains.conf > Local Domains = speakeasy.org > Local Domains = speakeasy.net > > # Mark infected messages in the message body. > # There can now be more than 1 of these configuration lines here, so you can > # break the warning message over multiple lines. > Mark Infected Messages = yes > Inline Text Warning = Warning: This message has had one or more attachments > removed. > Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment > (s) for more information. > Inline HTML Warning =

Warning: > This message has had one or more attachments removed. Please read > the "VirusWarning.txt" attachment(s) for more information.

> > # Sign clean messages in the message body. > # There can be more than 1 of these configuration lines here, so you can > # break the signature message over multiple lines. > # Note that enabling this option will add to the overall system load as some > # major optimisations will no longer be possible! > Sign Clean Messages = no > Inline Text Signature = -- > Inline Text Signature = This message has been scanned for viruses and > Inline Text Signature = dangerous content by MailScanner, and is > Inline Text Signature = believed to be clean. > Inline HTML Signature =
-- > Inline HTML Signature =
This message has been scanned for viruses and > Inline HTML Signature =
dangerous content by > Inline HTML Signature = HREF="http://www.mailscanner.info/">MailScanner, > Inline HTML Signature = and is
believed to be clean. > > # > # Spam Detection > # > # Should the anti-spam checks be done on all incoming messages? > Spam Checks = yes > > # Set the name of the extra header to add to all messages found to be > # likely spam. > Spam Header = X-MailScanner-SpamCheck: > > # Do you want to put some text on the front of the subject line when > # we think it is spam? > Spam Modify Subject = yes > > # What text do we want to put on the front (gets followed by a " ") > Spam Subject Text = {SPAM?} > > # Do we have the SpamAssassin package installed? > # This is a very good, very clever heuristics-based spam checker. > # For more info and installation instructions, see > http://spamassassin.taint.org/ > Use SpamAssassin = yes > > # Set the maximum size of message which we will check with SpamAssassin > # Don't set this too large as your system load will get very high processing > # huge messages. > Max SpamAssassin Size = 100000 > > # Set the maximum time to allow SpamAssassin to process 1 message > SpamAssassin Timeout = 720 > > # Set the list of database names and their corresponding DNS domains. > # All of these databases work in a similar way, allowing the simple use > # of multiple databases. > # See www.ordb.org and www.mail-abuse.org for more information. > # Spam List = > # MAPS now charge for their services, so you'll have to buy a contract > before > # attempting to use the next 3 lines. > #Spam List = MAPS-RBL, blackholes.mail-abuse.org. > #Spam List = MAPS-DUL, dialups.mail-abuse.org. > #Spam List = MAPS-RSS, relays.mail-abuse.org. > # This next line works for JANET UK Academic sites only > #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net. > > # Define local networks from whom you should always accept mail, and > # never mark it as spam. This is useful in case your own mail servers > # are ever in the ORBS or MAPS lists. > Accept Spam From = 152.78. > Accept Spam From = 139.166. > Accept Spam From = 192.168.0. > > # Define a list of email addresses and email domains from whom you should > # always accept mail, and never mark it as spam. This is useful in case > # someone you correspond with a lot has their mail servers in the ORBS or > # MAPS lists. > Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf > > # > # Advanced Features > # ================= > # > # Don't bother changing anything below this unless you really know what > # you are doing. > # > > # Set Debug to 1 to stop it running as a daemon > # and produce more verbose output > Debug = 0 > > # Attempt immediate delivery of messages, or just place them in the outgoing > # queue for the MTA to deliver at a time of its own choosing? > # If attempting immediate delivery, do them one at a time, > # or do them in batches of 30 at a time? > # Delivery Method = queue > # Delivery Method = individual > Delivery Method = individual > > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "flock". > # For Exim, it defaults to "posix". > # No other type is implemented. > #Lock Type = flock > > # Where to put the virus scanning engine lock files. > # These lock files are used between MailScanner and the virus signature > # "autoupdate" scripts, to ensure that they aren't both working at the > # same time (which could cause MailScanner to let a virus through). > Lock File Dir = /tmp > > # What to do when you get several MailScanner headers in one message, > # from multiple MailScanner servers. Values are > # "append" : Append the new data to the existing header > # "add" : Add a new header > # "replace" : Replace the old data with the new data > # Default is "append" > Multiple Headers = append > > # Some versions of Microsoft Outlook generate unparsable Rich Text > # format attachments. Do we want to deliver these bad attachments anyway? > # Setting this to yes introduces the slight risk of a virus getting through, > # but if you have a lot of troubled Outlook users you might need to do this. > # We are working on a replacement for the TNEF decoder. > Deliver Unparsable TNEF = no > > # When attempting delivery of outgoing messages, should we do it in the > # background or wait for it to complete? The danger of doing it in the > # background is that the machine load goes ever upwards while all the > # slow sendmail processes run to completion. However, running it in the > # foreground may cause the mail server to run too slowly. > Deliver In Background = yes > > # Minimum acceptable code stability status -- if we come across code > # that's not at least as stable as this, we barf. > # This is currently only used to check that you don't end up using untested > # virus scanner support code without realising it. > # Levels used are: > # none - there may not even be any code. > # unsupported - code may be completely untested, a contributed dirty hack, > # anything, really. > # alpha - code is pretty well untested. Don't assume it will work. > # beta - code is tested a bit. It should work. > # supported - code *should* be reliable. > # > # Don't even *think* about setting this to anything other than "beta" or > # "supported" on a system that receives real mail until you have tested it > # yourself and are happy that it is all working as you expect it to. > # Don't set it to anything other than "supported" on a system that could > # ever receive important mail. > Minimum Code Status = beta > -- "The lyfe so short, the craft so long to learne" Chaucer From nwp at LEMON-COMPUTING.COM Tue Jan 29 23:25:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 doesn't spam check In-Reply-To: ; from gene@ERACHAMPION.COM on Tue, Jan 29, 2002 at 02:45:50PM -0800 References: Message-ID: <20020129232540.J7526@lemon-computing.com> On Tue, Jan 29, 2002 at 02:45:50PM -0800, Gene Ruebsamen wrote: > Okay, I know you guys are probably sick of hearing this, but this problem > seems to be the same problem I am haveing, and is possibly related to the > PERL path problem. (see previous post). > > Am I correct in assuming that the RPM install of MailScanner on RH7.2 looks > for Perl Version 5.6.0? > > I have the same configuration as Stephen, and I cannot get MailScanner to > flag spam using SpamAssassin 2.01, and the reason is because MailScanner > assumes a path to perl 5.6.0 instead of perl 5.6.1. Mailscanner uses the perl binary that is in the first line of the mailscanner script. Your perl setup does the rest; we don't touch @INC. If it doesn't find things, either they're not there or your perl setup is screwed. Or both. -- Nick Phillips -- nwp@lemon-computing.com Fine day for friends. So-so day for you. From doko at CS.TU-BERLIN.DE Tue Jan 29 23:32:06 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:21 2006 Subject: 3.04-1 doesn't spam check In-Reply-To: References: Message-ID: <15447.12534.327536.788259@gargle.gargle.HOWL> Same with the current Debian package (3.04.1-1) and the dependencies recently posted. Stephen Nelson writes: > Something seems a bit odd with my current setup... I upgraded to 3.04-1, > and since then no spam messages are being marked. Running in debug mode > gave no messages (and quit after a single message was processed, but that > looks like a feature). There are no error messages in either the maillog or > the messages file. Spamassassin seems to run fine from the command line. > > Since I'm not seeing other messages about this, I'm assuming I scrambled a > config file. I'm running perl v5.6.1 and SpamAssassin 2.01 on a Red Hat > Linux 7.2 system. > > What have I missed? My config file is as follows. The primary tweaks are > that I deliver individually in the background (there is only one user, so > that seems optimal) and that I give SpamAssassin a timeout of 720 (I'm on a > dialup, so I want to give SpamAssassin time to establish a network link for > RBL). Spam checking and spamassassin are both set to "yes". > > Any ideas? From alex at IALEX.NET Wed Jan 30 01:18:55 2002 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:14:21 2006 Subject: Myparty Strangeness References: <15447.12534.327536.788259@gargle.gargle.HOWL> Message-ID: <068d01c1a92c$1634f8b0$6400000a@clerks> I just now upgraded to 3.04-1 via rpm on my RH7.2 hoping to fix this odd behaviour. I made the change in sendmail.pl when i was running v2 and upgrading has not fixed it. When someone sends me myparty, it changes myparty.yahoo.com whichever to AB283.dat or something along those lines. It doesn't detect any type of virus either, but if i save AB283.dat then scan it, its myparty. I'm running RH7.2, upgraded via RPM, and use uvscan as a virus scanner. I have tried sending myself Loveletter and it detects it and acts appropriately. Alex From fizz at BOMB.NET Wed Jan 30 03:13:17 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:22 2006 Subject: Thank You! Message-ID: <001b01c1a93c$105ce5a0$ac722241@fizz> --Total Mail: 23409 --Total Spam: 10062 --Total Virii: 607 Virus-MyParty: 442 Virus-Badtrans: 38 Virus-Sircam: 36 Virus-GOP-A: 4 Virus-Hybris: 20 Virus-Magistr-B: 19 Thats what your software has blocked today! Thank you for your excellent work! Kelly -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020129/100c7284/attachment.html From raxie at BULACAN.PH Wed Jan 30 07:22:09 2002 From: raxie at BULACAN.PH (Ruel C. Bristol) Date: Thu Jan 12 21:14:22 2006 Subject: Outgoing & relayed email Message-ID: Hello, I recently installed mailscanner and it seem to be working fine on my mailserver. I'm running Redhat Linux 7.1, sendmail 8.11.6 and procmail. I just want to ask if its possible to scan outgoing and relayed email by mailscanner? -- ( o o ) ------oOOo---- (_)----oOOo------- Ruel C. Bristol "Raxie" Systems Administrator Bulacan Info Tech http://www.bulacan.ph raxie@bulacan.h -===============================- From m.sapsed at BANGOR.AC.UK Wed Jan 30 09:07:58 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness Message-ID: <3C57B7EE.92C38344@bangor.ac.uk> Hi all, I have mailscanner 3.04.1 and spamassassin 2.01. I had a message this morning which mailscanner marked as spam because spamassassin said 13 hits. I thought it was odd because the message wasn't spam and didn't really look spammish. I saved the message to a file and ran spamassassin -t on it. The score was: SPAM: Content analysis details: (0.8 hits, 5 required) SPAM: Hit! (0.8 points) BODY: Includes a URL link to send an email Can anyone suggest why spamassassin told mailscanner there were 13 hits when spamassassin -t doesn't even manage a whole one? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From S.R.Patterson at soton.ac.uk Wed Jan 30 10:02:53 2002 From: S.R.Patterson at soton.ac.uk (Patterson, S R) Date: Thu Jan 12 21:14:22 2006 Subject: Que Length Check Message-ID: Take out the "LSLEN" line now and put a \ in front of the * in the find line. What's happening is the * in the find line is being expanded out to every file in the directory, overrunning your command line. That's why the find was there instead of the ls to start with. -- Steven Patterson, MSci ----------------------------------------------+ | Electronic Information Systems Support and Development | | Computing Services, University of Southampton, UK. | +-------------------------------------------- Tel: +44 (0) 2380 595810 ...... ...... .. Conviction is a bigger enemy of the truth than lies. .. ...... ...... > -----Original Message----- > From: Steve Evans [mailto:sevans@FOUNDATION.SDSU.EDU] > Sent: 29 January 2002 22:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Que Length Check > > > I wrote a script that looks like the following according to > Julian's instructions. When I run it tells me there are to > many arguments. Any ideas? > > Steve > > > > > #!/bin/sh > > #Define this to be your maximum allowed mail queue length > MAXLEN=20 > > LSLEN='cd /var/spool/mqueue.in && ls | wc -l' > QUEUELEN='find /var/spool/mqueue.in -name q* | wc -l' > > if [ $QUEUELEN -gt $MAXLEN ]; then > touch /var/spool/mqueue.in-file > fi > From m.sapsed at BANGOR.AC.UK Wed Jan 30 10:05:48 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:22 2006 Subject: uuencoded "not"attachments Message-ID: <3C57C57C.5D9EA52@bangor.ac.uk> Hello folks, Is this of any interest to anyone? Martin -------- Original Message -------- Subject: Re: [unisog] MyParty Date: Tue, 29 Jan 2002 12:42:38 -0700 From: "William D. Colburn (aka Schlake)" To: unisog@sans.org UUencoded inline transmissions are still (as far as I know) a valid format. They are also likely to remain valid virtually forever. The author (PL Daniels) of ripmime (http://www.pldaniels.com/ripmime/) added code to pull out such attachments for me. I use his package in my antivirus milter. The real problem here is that some software is "generous in what it accepts", and other software isn't. The virus makes it past attachment strippers because it isn't an attachment, but the end-user software is "helpful" and finds the file for the user. -- William Colburn, "Sysprog" Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn From scheuerm at RZSUN08.UNI-TRIER.DE Wed Jan 30 10:42:11 2002 From: scheuerm at RZSUN08.UNI-TRIER.DE (Horst Scheuermann) Date: Thu Jan 12 21:14:22 2006 Subject: Mailscanner found Virus, but ... Message-ID: <200201301042.LAA12310@rzsun08.uni-trier.de> SunOS rzsun08 5.6 Generic_105181-29 sun4u sparc SUNW,Ultra-1 This is perl, v5.6.1 built for sun4-solaris Mailscanner 3.04-1 sent my Photo as attachment Jan 30 11:22:16 rzsun08 sendmail[12000]: LAA12000: from=, size=41911, class=0, pri=71911, nrcpts=1, msgid=, bodytype=7BIT, proto=ESMTP, relay=rzsun01 [136.199.8.61] Jan 30 11:22:40 rzsun08 mailscanner[11923]: Scanning 1 messages, 42341 bytes Jan 30 11:22:40 rzsun08 mailscanner[11923]: Going to scan 1 messages Jan 30 11:22:41 rzsun08 mailscanner[11923]: Found 1 viruses in messages z Jan 30 11:22:41 rzsun08 mailscanner[11923]: Scanned 1 messages, 42341 bytes in 1 seconds Jan 30 11:22:41 rzsun08 mailscanner[11923]: Saved infections to /z/mailscanner/mailscanner/var/quarantine/20020130/z Jan 30 11:22:41 rzsun08 mailscanner[11923]: About to deliver 1 messages Jan 30 11:22:41 rzsun08 sendmail[12008]: LAA12000: to="|/usr/local_5/bin/filter -vo /export/home/scheuerm/.elm/filterlog", ctladdr= (13673/13673), delay=00:00:25, xdelay=00:00:00, mailer=prog, stat=Sent Jan 30 11:22:41 rzsun08 mailscanner[11923]: Deleting unparsable message z from queue Jan 30 11:22:41 rzsun08 mailscanner[11923]: Deleting unparsable message z from queue Jan 30 11:22:41 rzsun08 mailscanner[11923]: About to deliver 1 messages Jan 30 11:22:42 rzsun08 sendmail[12012]: LAA12012: from=laine@uni-trier.de, size=392, class=0, pri=30392, nrcpts=1, msgid=<200201301022.LAA12012@rzsun08.uni-trier.de>, relay=root@localhost Jan 30 11:22:42 rzsun08 mailscanner[11923]: Notified laine@uni-trier.de about 1 infections Jan 30 11:22:42 rzsun08 sendmail[12014]: LAA12012: to=laine@uni-trier.de, delay=00:00:00, xdelay=00:00:00, mailer=relay, relay=rzmail.uni-trier.de. [136.199.8.220], stat=Sent (LAA03514 Message accepted for delivery) Jan 30 11:22:43 rzsun08 mailscanner[11923]: Skipping renamed attachment MailScanner-3.04-1 virus was found, but teh recipent gets the virus attachment and X-MailScanner: Found to be clean same, when virus is inline From jkf at ecs.soton.ac.uk Wed Jan 30 11:20:42 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Return-Path header In-Reply-To: <000b01c1a8ff$b7029090$65020a0a@galaxy> Message-ID: <5.1.0.14.2.20020130111941.02f264e0@hawk.ecs.soton.ac.uk> At 20:01 29/01/2002, you wrote: >In addition to my other mails about the Return-Path header... >It _seems_ to be there somewhere... sort of... > From the contents of a virus warning message: >Full headers are: > Return-Path: > Received: from ......rest of the headers >Not a real header you might expect... but it's a start... >Browsing back through my old virus warnings, it looks like something >concerning this has changed between versions 3.02-1 and 3.03-1 of >MailScanner. I'll take a look. >And btw, yes this last warning was about the MyParty virus. Tnx for being so >darn fast with fixing MailScanner to detect it! I aim to please :-) (I had the fix out in less than an hour of discovering the problem, which isn't too bad compared to the commercial guys :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 20:08:54 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: william.lau@WESTBAYSEMI.COM requested to join Message-ID: <200201292008.UAA13263@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 20:08:54 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from William Lau You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER william.lau@WESTBAYSEMI.COM William Lau PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER william.lau@WESTBAYSEMI.COM William Lau // EOJ From jkf at ecs.soton.ac.uk Wed Jan 30 11:29:39 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Outgoing & relayed email In-Reply-To: Message-ID: <5.1.0.14.2.20020130112837.05a201a0@hawk.ecs.soton.ac.uk> At 07:22 30/01/2002, you wrote: >I recently installed mailscanner and it seem to be working fine on my >mailserver. I'm running Redhat Linux 7.1, sendmail 8.11.6 and procmail. I >just want to ask if its possible to scan outgoing and relayed email by >mailscanner? MailScanner will scan all mail that comes into your server via the SMTP port (port 25). So configure your system so that outgoing mail comes in via this route and it will get scanned. Without knowing more about your setup, it's hard to say any more than that. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 30 11:23:32 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: MailScanner + SpamAssassin Integration In-Reply-To: Message-ID: <5.1.0.14.2.20020130112128.05a3edd0@hawk.ecs.soton.ac.uk> At 20:15 29/01/2002, you wrote: >SpamAssassin support in MailScanner; however, whenever I enable this >support, I get a Perl Error as follows: > >Can't locate Mail/SpamAssassin.pm in @INC (@INC contains: >/usr/local/MailScanner/bin /usr/lib/perl5/5.6.0/i386-linux >/usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux >/usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at >/usr/local/MailScanner/bin/sendmail.pl line 46. >Compilation failed in require at /usr/local/MailScanner/bin/mailscanner line >77. > >I did a search for SpamAssassin.pm, and found that it was located in the >following directory: /usr/local/lib/perl5/site_perl/5.6.1/Mail/ >It seems the default path that MailScanner looks for is the Perl 5.6.0 >path.. Your @INC path has become corrupted in your copy of perl. I would suggest you try re-installing Perl 5.6.1 and being very careful when it asks you about search paths while configuring itself. You need to ensure that both 5.6.0 (for backwards compatibility with modules installed in your old version) and 5.6.1 (your new version) make it into the search path somehow. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 30 11:32:03 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: <3C57B7EE.92C38344@bangor.ac.uk> Message-ID: <5.1.0.14.2.20020130113005.05a4b7f8@hawk.ecs.soton.ac.uk> At 09:07 30/01/2002, you wrote: >I have mailscanner 3.04.1 and spamassassin 2.01. I had a message this >morning which mailscanner marked as spam because spamassassin said 13 hits. >I thought it was odd because the message wasn't spam and didn't really look >spammish. I saved the message to a file and ran spamassassin -t on it. The >score was: >SPAM: Content analysis details: (0.8 hits, 5 required) >SPAM: Hit! (0.8 points) BODY: Includes a URL link to send an email >Can anyone suggest why spamassassin told mailscanner there were 13 hits >when spamassassin -t doesn't even manage a whole one? This is a symptom of a long-running SpamAssassin bug where their Perl API occasionally gives different results to other ways of calling SA. I've yet to be able to reproduce the problem reliably. The only other possibility is that the rules that the user root is using are different from the default rules. You haven't been tweaking SA config files madly have you? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Jan 29 20:17:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: matt@MATTD.ORG requested to join Message-ID: <200201292017.UAA13971@magpie.ecs.soton.ac.uk> Tue, 29 Jan 2002 20:17:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Matt Dickinson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER matt@MATTD.ORG Matt Dickinson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER matt@MATTD.ORG Matt Dickinson // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 07:25:52 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: fabian@ARRFAB.NET left the JISCmail list Message-ID: <200201300725.HAA14875@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 07:25:52 Fabian Arrotin has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 09:39:26 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: jasper.carryon@BOLSIUS.NL requested to join Message-ID: <200201300939.JAA22969@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 09:39:26 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jasper Janus You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jasper.carryon@BOLSIUS.NL Jasper Janus PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jasper.carryon@BOLSIUS.NL Jasper Janus // EOJ From nwp at LEMON-COMPUTING.COM Wed Jan 30 12:01:00 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:22 2006 Subject: Outgoing & relayed email In-Reply-To: <5.1.0.14.2.20020130112837.05a201a0@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Wed, Jan 30, 2002 at 11:29:39AM +0000 References: <5.1.0.14.2.20020130112837.05a201a0@hawk.ecs.soton.ac.uk> Message-ID: <20020130120100.S7526@lemon-computing.com> On Wed, Jan 30, 2002 at 11:29:39AM +0000, Julian Field wrote: > MailScanner will scan all mail that comes into your server via the SMTP > port (port 25). So configure your system so that outgoing mail comes in via > this route and it will get scanned. Without knowing more about your setup, > it's hard to say any more than that. Or if you use Exim as MTA, and in the way recommended in the setup docs, it will also scan locally generated outgoing mail anyway. ;) -- Nick Phillips -- nwp@lemon-computing.com This will be a memorable month -- no matter how hard you try to forget it. From nwp at LEMON-COMPUTING.COM Wed Jan 30 12:12:12 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness In-Reply-To: <068d01c1a92c$1634f8b0$6400000a@clerks>; from alex@IALEX.NET on Tue, Jan 29, 2002 at 08:18:55PM -0500 References: <15447.12534.327536.788259@gargle.gargle.HOWL> <068d01c1a92c$1634f8b0$6400000a@clerks> Message-ID: <20020130121212.V7526@lemon-computing.com> On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > When someone sends me myparty, it changes myparty.yahoo.com whichever to > AB283.dat or something along those lines. It doesn't detect any type of > virus either, but if i save AB283.dat then scan it, its myparty. I've sent Alex the EICAR.COM test "virus" uuencoded in the body of the message to see whether that gets detected. Maybe uvscan just doesn't pick up on uuencoded stuff embedded in plain text - anybody else with uvscan care to try it? -- Nick Phillips -- nwp@lemon-computing.com Excellent day for putting Slinkies on an escalator. From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 30 12:30:31 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness Message-ID: Julian We run the same combination and I have noticed a similar problem very occasionally. I will try to capture some more examples. Not sure what we can do with these examples though (or if I should have them at all) if we have RIPA looking over our shoulders! As a BTW, with the increased processing load imposed by the changes you made in 3.04-1, we have had to postpone the roll-out of SpamAssassin to our busy Mail Hubs. They are now struggling to hanle the incoming mail load as it is. However it is recognised here that MailScanner and uvscan (and SpamAssassin) are essential tools so we will be able to upgrade the platforms (currently 400MHz Ultra-5_10's with 384MB) once we have identified suitable hardware. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > Sent: 30 January 2002 11:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mailscanner/spamassassin strangeness > > > At 09:07 30/01/2002, you wrote: > >I have mailscanner 3.04.1 and spamassassin 2.01. I had a > message this > >morning which mailscanner marked as spam because > spamassassin said 13 > >hits. I thought it was odd because the message wasn't spam > and didn't > >really look spammish. I saved the message to a file and ran > >spamassassin -t on it. The score was: > >SPAM: Content analysis details: (0.8 hits, 5 required) > >SPAM: Hit! (0.8 points) BODY: Includes a URL link to send > an email Can > >anyone suggest why spamassassin told mailscanner there were 13 hits > >when spamassassin -t doesn't even manage a whole one? > > This is a symptom of a long-running SpamAssassin bug where > their Perl API occasionally gives different results to other > ways of calling SA. I've yet to be able to reproduce the > problem reliably. The only other possibility is that the > rules that the user root is using are different from the > default rules. You haven't been tweaking SA config files > madly have you? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 30 12:19:43 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness Message-ID: Nick I wonder if the problem lies with the particular ".DAT" file used by uvscan? The MyParty virus signature is not recognised by any NAI ".DAT" files prior to 4184, due out on 30/1/2002. You need a special "extras" .DAT file from them to recognise this virus until 4184 is released. You can send a test message to me as we run MailScanner with uvscan. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: 30 January 2002 12:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Myparty Strangeness > > > On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > > > When someone sends me myparty, it changes myparty.yahoo.com > whichever > > to AB283.dat or something along those lines. It doesn't detect any > > type of virus either, but if i save AB283.dat then scan it, its > > myparty. > > I've sent Alex the EICAR.COM test "virus" uuencoded in the > body of the message to see whether that gets detected. Maybe > uvscan just doesn't pick up on uuencoded stuff embedded in > plain text - anybody else with uvscan care to try it? > -- > Nick Phillips -- nwp@lemon-computing.com > Excellent day for putting Slinkies on an escalator. > From jkf at ecs.soton.ac.uk Wed Jan 30 13:14:13 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness In-Reply-To: Message-ID: <5.1.0.14.2.20020130131344.02f8b9e8@hawk.ecs.soton.ac.uk> At 12:19 30/01/2002, you wrote: >The MyParty virus signature is not recognised by any NAI ".DAT" files >prior to 4184, due out on 30/1/2002. You need a special "extras" .DAT >file from them to recognise this virus until 4184 is released. All I can say to that is "what a bodge job!" -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 30 13:22:47 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness Message-ID: <5.1.0.14.2.20020130132242.02f8b9e8@wheresmymailserver.com> At 12:30 30/01/2002, you wrote: >Not sure what we can do with these examples though (or if I should have >them at all) if we have RIPA looking over our shoulders! You shouldn't keep them at all, I'm afraid. The only reason you can keep them is as part of running your normal service, which would be stretching the point here a little. >As a BTW, with the increased processing load imposed by the changes you >made in 3.04-1, we have had to postpone the roll-out of SpamAssassin to >our busy Mail Hubs. They are now struggling to hanle the incoming mail >load as it is. I knew this would happen, but unfortunately there's no way around it. You now have to process every single message, including plain-text messages, and there isn't really any way to speed this up significantly. Sorry about that. >However it is recognised here that MailScanner and uvscan (and >SpamAssassin) are essential tools so we will be able to upgrade the >platforms (currently 400MHz Ultra-5_10's with 384MB) once we have >identified suitable hardware. How many messages per day do you process on an Ultra 5? I would be interested to hear what the maximum load is that an Ultra 5 can take. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From scheuerm at rzsun08.uni-trier.de Wed Jan 30 13:34:26 2002 From: scheuerm at rzsun08.uni-trier.de (Horst Scheuermann) Date: Thu Jan 12 21:14:22 2006 Subject: solved: Mailscanner found Virus, but ... Message-ID: <200201301334.OAA15338@rzsun08.uni-trier.de> with the installation of Version 3.04-1 I changed my directory layout to /z/mailscanner as a symbolic link to /z/MailScanner-3.04-1/mailscanner in order to be able to switch versions easily. This configuration caused the formerly described error. deleted the symbolic link and copied out mailscanner and now all is ok. Julian, thank You for correcting my config file Horst Scheuermann Universitaets-Rechenzentrum Trier __o 16 Universitaetsring 19 D-54286 Trier _`\<,_ Telefon: 0651 201 3436 Telefax: 0651 201 3921 (_)/ (_) scheuermann@uni-trier.de - Often in error; Never in Doubt! ~~~~~~~~~~~~ From pipera at HRZ.UNI-MARBURG.DE Wed Jan 30 13:46:23 2002 From: pipera at HRZ.UNI-MARBURG.DE (Piper Andreas) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: Your message of "Wed, 30 Jan 2002 13:22:47 GMT." <5.1.0.14.2.20020130132242.02f8b9e8@wheresmymailserver.com> Message-ID: <200201301346.g0UDkNZV004145@pcrz109.HRZ.Uni-Marburg.DE> Hello, after some comparing of stand-alone spamassassin to mailscanner+spamassassin and digging into spamassassin- and mailscanner-code I found that the email-data within mailscanner are handed over to spamassassin with their line-endings cut off, which gives a different input to spamassassin as with using stdin. Changing this in sendmail.pl puts away with the spam-hit-differences, at least for my host. I don't know if this is a perl-issue, since I am running 5.005; maybe in 5.6 the data are handled in a different way? The changes in sendmail.pl are these: *** sendmail.pl Wed Jan 30 14:36:26 2002 --- sendmail.pl.orig Mon Jan 28 13:46:10 2002 *************** *** 230,240 **** return 0 unless $H; foreach $_ (@$H) { ! # chomp; push(@WholeMessage, $_); } ! push(@WholeMessage, "\n"); open(DF, $dfilename) or return 0; while() { ! # chomp; push(@WholeMessage, $_); } --- 230,240 ---- return 0 unless $H; foreach $_ (@$H) { ! chomp; push(@WholeMessage, $_); } ! push(@WholeMessage, ""); open(DF, $dfilename) or return 0; while() { ! chomp; push(@WholeMessage, $_); } Andreas ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 30 14:00:45 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness Message-ID: > >However it is recognised here that MailScanner and uvscan (and > >SpamAssassin) are essential tools so we will be able to upgrade the > >platforms (currently 400MHz Ultra-5_10's with 384MB) once we have > >identified suitable hardware. > > How many messages per day do you process on an Ultra 5? I > would be interested to hear what the maximum load is that an > Ultra 5 can take. Julian We run sendmail-8.10.1 on all five of our Ultra-5_10 Mail Hubs. If you look at the output from the "mailstats" command and sum the total of messages IN and the total of messages OUT the figure is 500,000+ messages a _week_ on each of our two busiest Mail Hubs. The corresponding volume of message data processed on these two Hubs is 14GB+ a week (split roughly 50/50 between messages IN/OUT). If I have done my sums correctly it would appear that, if the average message size is about 25K, an Ultra-5 in the configuration described above is struggling when the _daily_ load is in excess of about 75,000 messages IN/OUT (*). (*) Since this is an aggregate figure we use the term "message transactions" as the measure of how busy our Mail Hubs are. Each Mail Hub also has an old mail list expander on it which handle some legacy mail lists and this adds to the processing load very slightly. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 14:00:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: simon.hardy@HEMEL-HEMPSTEAD.SEMA.SLB.COM requested to join Message-ID: <200201301400.OAA15180@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 14:00:29 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Simon Hardy You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER simon.hardy@HEMEL-HEMPSTEAD.SEMA.SLB.COM Simon Hardy PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER simon.hardy@HEMEL-HEMPSTEAD.SEMA.SLB.COM Simon Hardy // EOJ From jkf at ecs.soton.ac.uk Wed Jan 30 14:03:07 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: <200201301346.g0UDkNZV004145@pcrz109.HRZ.Uni-Marburg.DE> References: Message-ID: <5.1.0.14.2.20020130135933.02fa8338@hawk.ecs.soton.ac.uk> At 13:46 30/01/2002, you wrote: >after some comparing of stand-alone spamassassin to mailscanner+spamassassin >and digging into spamassassin- and mailscanner-code I found that the >email-data within mailscanner are handed over to spamassassin with their >line-endings cut off, which gives a different input to spamassassin as with >using stdin. > >Changing this in sendmail.pl puts away with the spam-hit-differences, at >least for my host. I don't know if this is a perl-issue, since I am >running 5.005; >maybe in 5.6 the data are handled in a different way? Well done! I've been trying to solve this one for ages, never got anywhere. I'm trying out your suggested change now, it certainly doesn't seem to do any harm... BTW You did the diff the wrong way round. What he's doing here is to comment out the 2 lines that say "chomp" and change the "" to "\n" in the push() statement in the middle. This change will get rolled into the next release unless I hear anything bad about it. >The changes in sendmail.pl are these: > >*** sendmail.pl Wed Jan 30 14:36:26 2002 >--- sendmail.pl.orig Mon Jan 28 13:46:10 2002 >*************** >*** 230,240 **** > return 0 unless $H; > foreach $_ (@$H) { >! # chomp; > push(@WholeMessage, $_); > } >! push(@WholeMessage, "\n"); > open(DF, $dfilename) or return 0; > while() { >! # chomp; > push(@WholeMessage, $_); > } >--- 230,240 ---- > return 0 unless $H; > foreach $_ (@$H) { >! chomp; > push(@WholeMessage, $_); > } >! push(@WholeMessage, ""); > open(DF, $dfilename) or return 0; > while() { >! chomp; > push(@WholeMessage, $_); > } > >Andreas > >________________________________________________________________________ >Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg > Hans-Meerwein-Strasse, 35032 Marburg, Germany >Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Wed Jan 30 14:06:40 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: Message-ID: <5.1.0.14.2.20020130140547.02f9ea38@hawk.ecs.soton.ac.uk> At 14:00 30/01/2002, you wrote: >If I have done my sums correctly it would appear that, if the average >message size is about 25K, an Ultra-5 in the configuration described >above is struggling when the _daily_ load is in excess of about 75,000 >messages IN/OUT (*). 75,000 per day on an Ultra 5, that's quite impressive, even with SA turned off. No wonder our Ultra 5's potter along happily at 10k per day :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From alex at IALEX.NET Wed Jan 30 14:07:51 2002 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness References: Message-ID: <005701c1a997$81015ab0$6400000a@clerks> The problem is not there. I do have the extras.dat that includes myparty updates. I run two versions of 'virus scanning of email' Mailscanner at home, amavis at work, both using mcafee uvscan. Amavis is currently blocking myparty, mailscanner is not. Scan engine v4.1.60 for Linux. Virus data file v4183 created Jan 24 2002 Scanning for 59703 viruses, trojans and variants. Using /usr/local/uvscan/extra.dat to scan for 2 additional virus(es). Regards, Alex ----- Original Message ----- From: "Quentin Campbell" To: Sent: Wednesday, January 30, 2002 7:19 AM Subject: Re: Myparty Strangeness > Nick > > I wonder if the problem lies with the particular ".DAT" file used by > uvscan? > > The MyParty virus signature is not recognised by any NAI ".DAT" files > prior to 4184, due out on 30/1/2002. You need a special "extras" .DAT > file from them to recognise this virus until 4184 is released. > > You can send a test message to me as we run MailScanner with uvscan. > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > > -----Original Message----- > > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > > Sent: 30 January 2002 12:12 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Myparty Strangeness > > > > > > On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > > > > > When someone sends me myparty, it changes myparty.yahoo.com > > whichever > > > to AB283.dat or something along those lines. It doesn't detect any > > > type of virus either, but if i save AB283.dat then scan it, its > > > myparty. > > > > I've sent Alex the EICAR.COM test "virus" uuencoded in the > > body of the message to see whether that gets detected. Maybe > > uvscan just doesn't pick up on uuencoded stuff embedded in > > plain text - anybody else with uvscan care to try it? > > -- > > Nick Phillips -- nwp@lemon-computing.com > > Excellent day for putting Slinkies on an escalator. > > > From alex at IALEX.NET Wed Jan 30 14:09:51 2002 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness References: <15447.12534.327536.788259@gargle.gargle.HOWL> <068d01c1a92c$1634f8b0$6400000a@clerks> <20020130121212.V7526@lemon-computing.com> Message-ID: <008301c1a997$c8d7b460$6400000a@clerks> Both messages got flagged w/ a virus warning and 'eicar.com is not a virus'. Now i'm even more perplexed :) Alex ----- Original Message ----- From: "Nick Phillips" To: Sent: Wednesday, January 30, 2002 7:12 AM Subject: Re: Myparty Strangeness > On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > > > When someone sends me myparty, it changes myparty.yahoo.com whichever to > > AB283.dat or something along those lines. It doesn't detect any type of > > virus either, but if i save AB283.dat then scan it, its myparty. > > I've sent Alex the EICAR.COM test "virus" uuencoded in the body of the > message to see whether that gets detected. Maybe uvscan just doesn't > pick up on uuencoded stuff embedded in plain text - anybody else with uvscan > care to try it? > -- > Nick Phillips -- nwp@lemon-computing.com > Excellent day for putting Slinkies on an escalator. > From jkf at ecs.soton.ac.uk Wed Jan 30 14:16:49 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness In-Reply-To: <005701c1a997$81015ab0$6400000a@clerks> References: Message-ID: <5.1.0.14.2.20020130141151.051f4518@hawk.ecs.soton.ac.uk> At 14:07 30/01/2002, you wrote: >The problem is not there. I do have the extras.dat that includes myparty >updates. I run two versions of 'virus scanning of email' Mailscanner at >home, amavis at work, both using mcafee uvscan. Amavis is currently >blocking myparty, mailscanner is not. > >Scan engine v4.1.60 for Linux. >Virus data file v4183 created Jan 24 2002 >Scanning for 59703 viruses, trojans and variants. >Using /usr/local/uvscan/extra.dat to scan for 2 additional virus(es). This has to be some weird McAfee problem, as Sophos happily detects it. I wonder if McAfee is producing some strange output that is not picked up correctly by the parser? If you feel up to it, could you try the following: Edit sweep.pl, and look for the definition of ProcessMcAfeeOutput. Change the start of that function so it looks like this: sub ProcessMcAfeeOutput { my($line, $infections, $types, $BaseDir) = @_; my($lastline, $report, $dot, $id, $part, @rest); chomp $line; print STDERR "McAfee says \"$line\"\n"; # INSERT THIS LINE $lastline = $currentline; $currentline = $line; then run MailScanner from the command line (using the check_mailscanner script). Send the server a copy of MyParty and mail me the output. It should show something about MyParty... This will tell us what McAfee actually outputs, so we can check that the parser is correctly catching the notification. >----- Original Message ----- >From: "Quentin Campbell" >To: >Sent: Wednesday, January 30, 2002 7:19 AM >Subject: Re: Myparty Strangeness > > > > Nick > > > > I wonder if the problem lies with the particular ".DAT" file used by > > uvscan? > > > > The MyParty virus signature is not recognised by any NAI ".DAT" files > > prior to 4184, due out on 30/1/2002. You need a special "extras" .DAT > > file from them to recognise this virus until 4184 is released. > > > > You can send a test message to me as we run MailScanner with uvscan. > > > > Quentin > > --- > > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > > ------------------------------------------------------------------------ > > "Any opinion expressed above is mine. The University can get its own." > > > > > -----Original Message----- > > > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > > > Sent: 30 January 2002 12:12 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Myparty Strangeness > > > > > > > > > On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > > > > > > > When someone sends me myparty, it changes myparty.yahoo.com > > > whichever > > > > to AB283.dat or something along those lines. It doesn't detect any > > > > type of virus either, but if i save AB283.dat then scan it, its > > > > myparty. > > > > > > I've sent Alex the EICAR.COM test "virus" uuencoded in the > > > body of the message to see whether that gets detected. Maybe > > > uvscan just doesn't pick up on uuencoded stuff embedded in > > > plain text - anybody else with uvscan care to try it? > > > -- > > > Nick Phillips -- nwp@lemon-computing.com > > > Excellent day for putting Slinkies on an escalator. > > > > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From ant at DVERE.NET Wed Jan 30 14:35:23 2002 From: ant at DVERE.NET (Ant La Porte) Date: Thu Jan 12 21:14:22 2006 Subject: Outgoing & relayed email In-Reply-To: Message-ID: On Wed, 30 Jan 2002, Ruel C. Bristol wrote: > I recently installed mailscanner and it seem to be working fine on my > mailserver. I'm running Redhat Linux 7.1, sendmail 8.11.6 and procmail. I > just want to ask if its possible to scan outgoing and relayed email by > mailscanner? from your header... X-Virus-Scanned: by: Bulacan Information Technology Message-ID: or are you talking about a different system? If you're composing *on* the mailserver *and* your MUA is configure to call a new sendmail (eg. Pine option for SMTP server is "" or "") it will bypass the mailspool that is being monitored by MailScanner. Change this value to "localhost" or the machines hostname and locally composed mail is scanned normally. Could this be what's happening? Caught me out at first... -- Ant La Porte, Dvere Network Services ===== http://www.dvere.net ===== i386-slackware-linux-gnu ===== From gerry at DORFAM.CA Wed Jan 30 15:08:42 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: <3C57B7EE.92C38344@bangor.ac.uk> Message-ID: For what it's worth I get different results when using spamd/c and just spamassassin on the sample-spam.txt message. It seems consistent with spamd/c giving 16+ hits and spamassassin giving 19+. This seems to have started with the newest version of spamassassin??? Gerry On Wed, 30 Jan 2002, Martin Sapsed wrote: > Hi all, > > I have mailscanner 3.04.1 and spamassassin 2.01. I had a message this > morning which mailscanner marked as spam because spamassassin said 13 hits. > I thought it was odd because the message wasn't spam and didn't really look > spammish. I saved the message to a file and ran spamassassin -t on it. The > score was: > > SPAM: Content analysis details: (0.8 hits, 5 required) > SPAM: Hit! (0.8 points) BODY: Includes a URL link to send an email > > Can anyone suggest why spamassassin told mailscanner there were 13 hits > when spamassassin -t doesn't even manage a whole one? > > Cheers, > > Martin > > -- > Martin Sapsed To have no errors > Information Services Would be life without meaning > University of Wales, Bangor, LL57 2UX No struggle, no joy. > Fax: +44 (0)1248 383826 > -- "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Wed Jan 30 15:12:23 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:22 2006 Subject: Thank You! In-Reply-To: <001b01c1a93c$105ce5a0$ac722241@fizz> Message-ID: Wow!!! Almost half of your mail is spam!!!! What kind of organization are you working with? Is this a university or private company? I knew the problem was bad but never thought it was this bad. Gerry On Tue, 29 Jan 2002, Kelly Hamlin wrote: > --Total Mail: 23409 > --Total Spam: 10062 > --Total Virii: 607 > > Virus-MyParty: 442 > Virus-Badtrans: 38 > Virus-Sircam: 36 > Virus-GOP-A: 4 > Virus-Hybris: 20 > Virus-Magistr-B: 19 > > > Thats what your software has blocked today! > Thank you for your excellent work! > Kelly > -- "The lyfe so short, the craft so long to learne" Chaucer From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 15:12:25 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: dobos_s@IBCNET.HU requested to join Message-ID: <200201301512.PAA20606@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 15:12:25 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Sandor Dobos You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dobos_s@IBCNET.HU Sandor Dobos PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dobos_s@IBCNET.HU Sandor Dobos // EOJ From s-luppescu at UCHICAGO.EDU Wed Jan 30 15:19:03 2002 From: s-luppescu at UCHICAGO.EDU (Stuart Luppescu) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness In-Reply-To: <20020130121212.V7526@lemon-computing.com> References: <15447.12534.327536.788259@gargle.gargle.HOWL> <068d01c1a92c$1634f8b0$6400000a@clerks> <20020130121212.V7526@lemon-computing.com> Message-ID: <1012403944.31732.3.camel@musuko.uchicago.edu> On ?, 2002-01-30 at 06:12, Nick Phillips wrote: > On Tue, Jan 29, 2002 at 08:18:55PM -0500, Alex Short wrote: > > > When someone sends me myparty, it changes myparty.yahoo.com whichever to > > AB283.dat or something along those lines. It doesn't detect any type of > > virus either, but if i save AB283.dat then scan it, its myparty. > > I've sent Alex the EICAR.COM test "virus" uuencoded in the body of the > message to see whether that gets detected. Maybe uvscan just doesn't > pick up on uuencoded stuff embedded in plain text - anybody else with uvscan > care to try it? We're running mailscanner 3.04-1 on RedHat 6.2 installed from RPMS, and uvscan, and several MyParty messages have gotten through completely untouched. I problem is that, according to McAfee, the virus detection code for MyParty is in data file 4184, but the latest one they're distributing is 4183. Try figure. I may be mistaken, but I had heard that MyParty stopped propagating last night at midnight, so all this discussion may be moot. -- Stuart Luppescu -=- s-luppescu@uchicago.edu University of Chicago -=- CCSR ???????? -=- Kernel 2.4.14-xfs Ducks? What ducks?? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020130/39f52b1e/attachment.bin From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 16:43:25 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: john.wu@SSA.CO.SANTA-CLARA.CA.US requested to join Message-ID: <200201301643.QAA28638@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 16:43:25 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from John Wu You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER john.wu@SSA.CO.SANTA-CLARA.CA.US John Wu PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER john.wu@SSA.CO.SANTA-CLARA.CA.US John Wu // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 16:30:56 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: matt@MATTD.ORG left the JISCmail list Message-ID: <200201301630.QAA27436@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 16:30:56 Matt Dickinson has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From hamish at TRAVELLINGKIWI.COM Wed Jan 30 16:50:30 2002 From: hamish at TRAVELLINGKIWI.COM (Hamish Marson) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness References: <5.1.0.14.2.20020130131344.02f8b9e8@hawk.ecs.soton.ac.uk> Message-ID: <3C582456.9B2FC619@travellingkiwi.com> Julian Field wrote: > At 12:19 30/01/2002, you wrote: > >The MyParty virus signature is not recognised by any NAI ".DAT" files > >prior to 4184, due out on 30/1/2002. You need a special "extras" .DAT > >file from them to recognise this virus until 4184 is released. > > All I can say to that is "what a bodge job!" No... You can use the daily dat file (Updated daily like the title says), and it's all in there... I do (With amavisd) and it works fine. I'm catching about a thousand a day... -- I don't suffer from Insanity... | Linux User #237369 I enjoy every minute of it... | | http://www.travellingkiwi.com/ | From ed at THE7THBEER.COM Wed Jan 30 17:08:49 2002 From: ed at THE7THBEER.COM (Edward Mitchell) Date: Thu Jan 12 21:14:22 2006 Subject: Outgoing & relayed email In-Reply-To: <5.1.0.14.2.20020130112837.05a201a0@hawk.ecs.soton.ac.uk> Message-ID: As an addendum, I've found MailScanner *incredibly* useful in helping out smaller sites that I backup MX for. This is especially since I've noticed(perhaps the trend is old, but I've not come across it till recently) spammers pulling MX records, specifically non-domain backup MX's and using them for spamming from resolvable domains. > MailScanner will scan all mail that comes into your server via the SMTP > port (port 25). So configure your system so that outgoing mail comes in via > this route and it will get scanned. Without knowing more about your setup, > it's hard to say any more than that. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From nwp at LEMON-COMPUTING.COM Wed Jan 30 17:39:49 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness In-Reply-To: <008301c1a997$c8d7b460$6400000a@clerks>; from alex@IALEX.NET on Wed, Jan 30, 2002 at 09:09:51AM -0500 References: <15447.12534.327536.788259@gargle.gargle.HOWL> <068d01c1a92c$1634f8b0$6400000a@clerks> <20020130121212.V7526@lemon-computing.com> <008301c1a997$c8d7b460$6400000a@clerks> Message-ID: <20020130173949.M6646@lemon-computing.com> On Wed, Jan 30, 2002 at 09:09:51AM -0500, Alex Short wrote: > Both messages got flagged w/ a virus warning and 'eicar.com is not a virus'. > Now i'm even more perplexed :) That's fine; it just shows that your mailscanner is working fine. Is it therefore a correct summary to say: myparty does not get detected by mailscanner with uvscan in your case; myparty does get detected if you pass the full plain-text message to uvscan manually; eicar gets detected every which way. ?? -- Nick Phillips -- nwp@lemon-computing.com It's lucky you're going so slowly, because you're going in the wrong direction. From m.sapsed at bangor.ac.uk Wed Jan 30 18:13:04 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: <5.1.0.14.2.20020130132242.02f8b9e8@wheresmymailserver.com> Message-ID: On Wed, 30 Jan 2002, Julian Field wrote: > At 12:30 30/01/2002, you wrote: > >Not sure what we can do with these examples though (or if I should have > >them at all) if we have RIPA looking over our shoulders! > > You shouldn't keep them at all, I'm afraid. The only reason you can keep > them is as part of running your normal service, which would be stretching > the point here a little. The message which caused me to mention the problem was actually one sent to the samba list. It will therefore be archived on umpteen servers and in many (tens or hundreds of) thousands of people's mailboxes. Surely the lawyers wouldn't get excited about me sending a copy to Julian to try Andreas' fix would they???? ;-) Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From m.sapsed at bangor.ac.uk Wed Jan 30 18:13:04 2002 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:14:22 2006 Subject: mailscanner/spamassassin strangeness In-Reply-To: <5.1.0.14.2.20020130132242.02f8b9e8@wheresmymailserver.com> Message-ID: On Wed, 30 Jan 2002, Julian Field wrote: > At 12:30 30/01/2002, you wrote: > >Not sure what we can do with these examples though (or if I should have > >them at all) if we have RIPA looking over our shoulders! > > You shouldn't keep them at all, I'm afraid. The only reason you can keep > them is as part of running your normal service, which would be stretching > the point here a little. The message which caused me to mention the problem was actually one sent to the samba list. It will therefore be archived on umpteen servers and in many (tens or hundreds of) thousands of people's mailboxes. Surely the lawyers wouldn't get excited about me sending a copy to Julian to try Andreas' fix would they???? ;-) Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From fizz at BOMB.NET Wed Jan 30 19:51:32 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:22 2006 Subject: Corrupted Messages? Message-ID: <001701c1a9c7$85013740$48cf75cc@fizz> Is there any way to get Mailscanner to tag || remove messages that have a corrupted header? For example, someone sends a message and its missing the F in From in the header. This drives virtually ANY mail client completely bonkerz, and gives strange errors, Editing the message and replacing the F seems to solve the problem. Just wondering if anyone else has come acrosss a simlar problem. ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From rishi at THEARGONCOMPANY.COM Wed Jan 30 20:40:14 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:22 2006 Subject: Local Domains - What does it mean? References: <001701c1a9c7$85013740$48cf75cc@fizz> Message-ID: <007b01c1a9ce$61c2d480$1b02a8c0@theargoncompany.com> Hi, I am new to using Mail Scanner. Just started a few days back. I'm in love with it. ;-) However, the reason I'm sending this email to ask what this means: Local Domains I've tried to look at all the documentation and even searched the Mailing List before asking the question, but I did not understand the purpose of this option. The explanation says : This should list your local email domain name, or else be the name of a file containing a list of all your local email domain names. It is used by the Deliver From Local Domains What does it mean? Could anyone explain this a little further in detail ...... Or can you point me to more documentation that I might have missed? Thanks Regards Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020131/6fc27226/attachment.html From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 20:07:39 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: steve-lists@BEFRIEND.COM requested to join Message-ID: <200201302007.UAA15842@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 20:07:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Steve Werby You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER steve-lists@BEFRIEND.COM Steve Werby PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER steve-lists@BEFRIEND.COM Steve Werby // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Jan 30 20:22:09 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: AJCartmell@FONANT.CO.UK requested to join Message-ID: <200201302022.UAA16804@magpie.ecs.soton.ac.uk> Wed, 30 Jan 2002 20:22:09 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Anthony Cartmell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER AJCartmell@FONANT.CO.UK Anthony Cartmell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER AJCartmell@FONANT.CO.UK Anthony Cartmell // EOJ From felker at GMX.NET Wed Jan 30 21:11:01 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:22 2006 Subject: Local Domains - What does it mean? References: <007b01c1a9ce$61c2d480$1b02a8c0@theargoncompany.com> Message-ID: <18908.1012425061@www4.gmx.net> > Hi, > > I am new to using Mail Scanner. Just started a few days back. I'm in love > with it. ;-) > > However, the reason I'm sending this email to ask what this means: Local > Domains Well, do you need it? If Mailscanner is working OK for you, why bother about all the options? -- Sent through GMX FreeMail - http://www.gmx.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020130/5d35c99b/attachment.html From rishi at THEARGONCOMPANY.COM Wed Jan 30 21:22:05 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:22 2006 Subject: Cobalt RaQ - Can virus scanning be enabled only on selected Virtual Domain? References: <001701c1a9c7$85013740$48cf75cc@fizz> <007b01c1a9ce$61c2d480$1b02a8c0@theargoncompany.com> Message-ID: <00c901c1a9d4$42cbd4e0$1b02a8c0@theargoncompany.com> Hi I've just installed the mailscanner software on my Cobalt RaQ3....... It works. ;-) However, it is possible to enable Virus Scanning only on selected Virtual Domains? I noticed the following option in the mailscanner.conf file. # Do you want to scan email for viruses? # A few people have wanted to disable the entire virus scanning. Virus Scanning = yes This option would apply to all the Virtual Domains..... right? Regards Rishi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020131/96bab5c2/attachment.html From rishi at THEARGONCOMPANY.COM Wed Jan 30 21:24:46 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:22 2006 Subject: Local Domains - What does it mean? References: <007b01c1a9ce$61c2d480$1b02a8c0@theargoncompany.com> <18908.1012425061@www4.gmx.net> Message-ID: <00da01c1a9d4$b758de20$1b02a8c0@theargoncompany.com> I guess you have a point but I just thought I'd understand the option and it's purpose. ;-) Thanks for responding anyways. Regards Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com ----- Original Message ----- From: Sander Jonkers To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thursday, January 31, 2002 2:41 AM Subject: Re: Local Domains - What does it mean? > Hi, > > I am new to using Mail Scanner. Just started a few days back. I'm in love > with it. ;-) > > However, the reason I'm sending this email to ask what this means: Local > Domains Well, do you need it? If Mailscanner is working OK for you, why bother about all the options? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020131/cfb62620/attachment.html From felker at GMX.NET Wed Jan 30 21:52:56 2002 From: felker at GMX.NET (Sander Jonkers) Date: Thu Jan 12 21:14:22 2006 Subject: Local Domains - What does it mean? References: <00da01c1a9d4$b758de20$1b02a8c0@theargoncompany.com> Message-ID: <9784.1012427576@www16.gmx.net> > I guess you have a point but I just thought I'd understand the option and > it's purpose. ;-) I should have said a bit more: Just like you, I've been using Mailscanner for a few days now. In my case there is enough to focus on before diving into all the detailed options (like the one you mentioned). Sander > > Thanks for responding anyways. > > Regards > > Rishi Gangoly > The Argon Company > 4th Floor, G Block, Dhanraj Mahal > Chhatrapati Shivaji marg > Mumbai - 400039 > Phone: 2361313 > Pager: 9624-533230 > Call Centre: 2361311 > Website: www.TheArgonCompany.com > Yahoo Messenger: rishigangoly > MSN Messenger: rishi@theargoncompany.com > > > ----- Original Message ----- > From: Sander Jonkers > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thursday, January 31, 2002 2:41 AM > Subject: Re: Local Domains - What does it mean? > > > > Hi, > > > > I am new to using Mail Scanner. Just started a few days back. I'm in > love > > with it. ;-) > > > > However, the reason I'm sending this email to ask what this means: > Local > > Domains > > Well, do you need it? If Mailscanner is working OK for you, why bother > about > all the options? > > > > -- Sent through GMX FreeMail - http://www.gmx.net From alex at IALEX.NET Thu Jan 31 00:32:41 2002 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:14:22 2006 Subject: Myparty Strangeness References: <15447.12534.327536.788259@gargle.gargle.HOWL> <068d01c1a92c$1634f8b0$6400000a@clerks> <20020130121212.V7526@lemon-computing.com> <008301c1a997$c8d7b460$6400000a@clerks> <20020130173949.M6646@lemon-computing.com> Message-ID: <01bc01c1a9ee$cb1eaba0$6400000a@clerks> > Is it therefore a correct summary to say: > > myparty does not get detected by mailscanner with uvscan in your case; > myparty does get detected if you pass the full plain-text message to uvscan > manually; > eicar gets detected every which way. Yes. The only way i can detect it is if i save the attachment on outlook express and scan that, or use pine, save the text attachment, uudecode it and scan that. Alex From hyooga at WT.NET Thu Jan 31 02:41:21 2002 From: hyooga at WT.NET (Paul) Date: Thu Jan 12 21:14:22 2006 Subject: Cobalt RaQ - Can virus scanning be enabled only on selected Virtual Domain? In-Reply-To: <00c901c1a9d4$42cbd4e0$1b02a8c0@theargoncompany.com> Message-ID: I believe it will scan all the mail. It comes into your mqueue.in first then sendmail processes it. Your virtual domain is setup in sendmail. It will scan all the mails as far as I know. About how to set up to scan individual virtual domain, there are experts in this list. I am not sure how to do it :) Hope this helps Paul On Thu, 31 Jan 2002, Rishi Gangoly wrote: > Hi > > I've just installed the mailscanner software on my Cobalt RaQ3....... It works. ;-) > > However, it is possible to enable Virus Scanning only on selected Virtual Domains? > > I noticed the following option in the mailscanner.conf file. > > # Do you want to scan email for viruses? > # A few people have wanted to disable the entire virus scanning. > Virus Scanning = yes > > This option would apply to all the Virtual Domains..... right? > > Regards > > Rishi > > -- > This message has been scanned for viruses and > dangerous content, and is believed to be clean. > > From LISTSERV at JISCMAIL.AC.UK Thu Jan 31 02:40:04 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:22 2006 Subject: MAILSCANNER: chawana@CHEVALIERTHAI.COM requested to join Message-ID: <200201310240.CAA09526@magpie.ecs.soton.ac.uk> Thu, 31 Jan 2002 02:40:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Chawana Suntonpitagkul The following membership options have been requested: HTML DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER chawana@CHEVALIERTHAI.COM Chawana Suntonpitagkul PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER chawana@CHEVALIERTHAI.COM Chawana Suntonpitagkul SET MAILSCANNER HTML DIGEST FOR chawana@CHEVALIERTHAI.COM // EOJ From S.R.Patterson at SOTON.AC.UK Thu Jan 31 10:44:33 2002 From: S.R.Patterson at SOTON.AC.UK (Patterson, S R) Date: Thu Jan 12 21:14:22 2006 Subject: Cobalt RaQ - Can virus scanning be enabled only on selected V irtual Domain? Message-ID: The scanning of email (or not) based upon sender/recipient domains etc is a feature which has been talked about extensively but not yet implemented. Feelings are mixed about it. Unless you have a whole set of IP addresses for your RaQ3 then I can't think of any easy way to split each incoming virtual email domain into a different mail queue which is probably what would be required to achieve per-domain scanning using the current software. Of course you can always write a patch ;-) Has anyone (Jules ;P) given any thought to an option to allow you to run Mailscanner as a local delivery agent (or perhaps more correctly as a wrapper around an existing local delivery agent)? The biggest problem I can see is in how you tell which emails you've already scanned - since some messages may required multiple delivery attempts. In this scenario it might be easier to pass messages bound for different domains to different delivery agents... There are some problems (how do you tell if a mail's already been scanned in the case of multiple delivery attempts on the same message for one...) but nobody said life was easy ;) Steve (apologies for top posting, being very lazy) -- Steven Patterson, MSci ----------------------------------------------+ | Electronic Information Systems Support and Development | | Computing Services, University of Southampton, UK. | +-------------------------------------------- Tel: +44 (0) 2380 595810 ...... ...... .. Conviction is a bigger enemy of the truth than lies. .. ...... ...... > -----Original Message----- > From: Paul [mailto:hyooga@WT.NET] > Sent: 31 January 2002 02:41 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Cobalt RaQ - Can virus scanning be enabled only > on selected > Virtual Domain? > > > I believe it will scan all the mail. It comes into your > mqueue.in first > then sendmail > processes it. Your virtual domain is setup in sendmail. It > will scan all > the mails as far as I know. About how to set up to scan > individual virtual > domain, there are experts in this list. I am not sure how to do it :) > > Hope this helps > > Paul > > On Thu, 31 Jan 2002, Rishi Gangoly wrote: > > > Hi > > > > I've just installed the mailscanner software on my Cobalt > RaQ3....... It works. ;-) > > > > However, it is possible to enable Virus Scanning only on > selected Virtual Domains? > > > > I noticed the following option in the mailscanner.conf file. > > > > # Do you want to scan email for viruses? > > # A few people have wanted to disable the entire virus scanning. > > Virus Scanning = yes > > > > This option would apply to all the Virtual Domains..... right? > > > > Regards > > > > Rishi > > > > -- > > This message has been scanned for viruses and > > dangerous content, and is believed to be clean. > > > > > From jkf at ecs.soton.ac.uk Thu Jan 31 11:05:32 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Cobalt RaQ - Can virus scanning be enabled only on selected V irtual Domain? In-Reply-To: Message-ID: <5.1.0.14.2.20020131110006.03b335d8@imap.ecs.soton.ac.uk> At 10:44 31/01/2002, you wrote: >The scanning of email (or not) based upon sender/recipient domains etc >is a feature which has been talked about extensively but not yet >implemented. Feelings are mixed about it. I haven't had time to write it yet. It's on the list though. Different people have asked for different things, some of which are far easier to write than others. For now, I'm tempted to go with the easiest solution from my point of view, as it's more likely to get written (at all) that way. Make me do it the hard way and you may never see it at all... So what I'm proposing is just a file which lists domains for which you scan mail. If it sees any of these domains in the envelope to or from address, then it scans the message. If it doesn't scan it, it will add something like a "X-MailScanner: not scanned" header to advertise to your users that they want to pay you to get their mail scanned. Would this do? >Has anyone (Jules ;P) given any thought to an option to allow you to >run Mailscanner as a local delivery agent (or perhaps more correctly >as a wrapper around an existing local delivery agent)? If you want to crank up a big binary like Perl every time you run a delivery agent, then use amavis :-) This design difference is one of the major reasons that MailScanner is so much less load on your system than Avamis. > > -----Original Message----- > > From: Paul [mailto:hyooga@WT.NET] > > Sent: 31 January 2002 02:41 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Cobalt RaQ - Can virus scanning be enabled only > > on selected > > Virtual Domain? > > > > > > I believe it will scan all the mail. It comes into your > > mqueue.in first > > then sendmail > > processes it. Your virtual domain is setup in sendmail. It > > will scan all > > the mails as far as I know. About how to set up to scan > > individual virtual > > domain, there are experts in this list. I am not sure how to do it >:) > > > > Hope this helps > > > > Paul > > > > On Thu, 31 Jan 2002, Rishi Gangoly wrote: > > > > > Hi > > > > > > I've just installed the mailscanner software on my Cobalt > > RaQ3....... It works. ;-) > > > > > > However, it is possible to enable Virus Scanning only on > > selected Virtual Domains? > > > > > > I noticed the following option in the mailscanner.conf file. > > > > > > # Do you want to scan email for viruses? > > > # A few people have wanted to disable the entire virus scanning. > > > Virus Scanning = yes > > > > > > This option would apply to all the Virtual Domains..... right? > > > > > > Regards > > > > > > Rishi > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content, and is believed to be clean. > > > > > > > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dobos_s at IBCNET.HU Thu Jan 31 11:00:03 2002 From: dobos_s at IBCNET.HU (Sandor Dobos) Date: Thu Jan 12 21:14:22 2006 Subject: Bug in Local Domains Message-ID: Hi! The from/to addresses are case insensetive in SMTP protokoll, but mailscanner uses it in case sensitive way. For example if You send a mail from Your ABC.com domain, and in Local Domains file is only abc.com, then if Your mail is disinfected it will be sent to outer recipients in spite of You set not to deliver from local addresses! The same case-sensitivity problem exists with spam white list. Patch follows --- sendmail.pl.bck Mon Jan 28 12:46:10 2002 +++ sendmail.pl Thu Jan 31 10:57:01 2002 @@ -174,8 +174,8 @@ $from =~ s/>$//; # trailing <> $fromdomain = $from; $fromdomain =~ s/^[^@]*@//; # Delete everything up to and including the @ sign - next if $Config::SpamWhiteList{"$from"} || - $Config::SpamWhiteList{"$fromdomain"}; + next if $Config::SpamWhiteList{lc "$from"} || + $Config::SpamWhiteList{lc "$fromdomain"}; # Reverse the $relay IP address @IPwords = split(/\./, $relay); @@ -473,8 +473,8 @@ if ($Clean ne 'clean') { # Just delete the message if it came from a local domain/address if (!$Config::DeliverFromLocal && - ($Config::LocalDomains{"$from"} || - $Config::LocalDomains{"$fromdomain"})) { + ($Config::LocalDomains{lc "$from"} || + $Config::LocalDomains{lc "$fromdomain"})) { Log::WarnLog("Virus originated from Internal LAN: User is $from, Host is $relay"); unlink "$InQ/$hfile"; unlink "$InQ/$dfile"; --- disinfect.pl.bck Thu Jan 31 10:57:48 2002 +++ disinfect.pl Thu Jan 31 10:58:12 2002 @@ -103,8 +103,8 @@ $fromdomain = $from; $fromdomain =~ s/^[^@]*@//; # Delete everything up to and including the @ next if !$Config::DeliverFromLocal && - ($Config::LocalDomains{lc "$from"} || - $Config::LocalDomains{lc "$fromdomain"}); + ($Config::LocalDomains{"$from"} || + $Config::LocalDomains{"$fromdomain"}); # Need to be in the directory containing attachments for this message chdir($Config::SrcDir . "/$id"); Dobos Sandor IBCnet Hungary Ltd. From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 31 11:32:11 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:22 2006 Subject: Cobalt RaQ - Can virus scanning be enabled only on selected V irtual Domain? Message-ID: > -----Original Message----- > From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] > Sent: 31 January 2002 11:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Cobalt RaQ - Can virus scanning be enabled only > on selected V irtual Domain? > > > At 10:44 31/01/2002, you wrote: > >The scanning of email (or not) based upon sender/recipient > domains etc > >is a feature which has been talked about extensively but not yet > >implemented. Feelings are mixed about it. > > I haven't had time to write it yet. It's on the list though. > Different people have asked for different things, some of > which are far easier to write than others. For now, I'm > tempted to go with the easiest solution from my point of > view, as it's more likely to get written (at all) that way. > Make me do it the hard way and you may never see it at all... > > So what I'm proposing is just a file which lists domains for > which you scan mail. If it sees any of these domains in the > envelope to or from address, then it scans the message. If it > doesn't scan it, it will add something like a "X-MailScanner: > not scanned" header to advertise to your users that they want > to pay you to get their mail scanned. > > Would this do? ** This would probably suit us *if* we had to start separating out any ** of the 40+ domains for which our Mail Hubs host mail. However in our ** case we want to filter *all* mail irrespective of domain. > > >Has anyone (Jules ;P) given any thought to an option to allow you to > >run Mailscanner as a local delivery agent (or perhaps more > correctly as > >a wrapper around an existing local delivery agent)? > > If you want to crank up a big binary like Perl every time you > run a delivery agent, then use amavis :-) This design > difference is one of the major reasons that MailScanner is so > much less load on your system than Avamis. ** Another issue to consider is that ** in sendmail there are two basic types of delivery agent; ** external ones like /bin/mail and internal ones like IPC. The latter ** is used internally within sendmail to communicate over TCP/IP networks. ** The former you could probably put a wrapper round but the IPC ones ** you cannot; almost all of our non-local domain hosting is actually ** delivered by the IPC delivery agent rather than a local program. There ** are probably kludges you could use to work around this but at the cost ** of more CPU and less reliability and transparency in delivery methods. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From jkf at ecs.soton.ac.uk Thu Jan 31 11:33:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Bug in Local Domains In-Reply-To: Message-ID: <5.1.0.14.2.20020131112713.067092d0@imap.ecs.soton.ac.uk> At 11:00 31/01/2002, you wrote: >The from/to addresses are case insensetive in SMTP protokoll, but >mailscanner uses it in case sensitive way. >For example if You send a mail from Your ABC.com domain, and in Local >Domains file is only abc.com, then >if Your mail is disinfected it will be sent to outer recipients in spite of >You set not to deliver from local addresses! > >The same case-sensitivity problem exists with spam white list. Here's a rather briefer change that achieves much the same thing: Just two lines to add. *** sendmail.pl Wed Jan 30 14:00:13 2002 --- sendmail.pl.new Thu Jan 31 11:28:32 2002 *************** *** 170,175 **** --- 170,176 ---- next if $SkipChecks; # Check to ensure the sender address isn't in the white list + $from = lc($from); $from =~ s/^$//; # trailing <> $fromdomain = $from; *** disinfect.pl Thu Dec 13 12:37:30 2001 --- disinfect.pl.new Thu Jan 31 11:28:58 2002 *************** *** 98,103 **** --- 98,104 ---- # Don't do this if we aren't delivering cleaned up mail and the message # came from one of the local domains. $from = (split(/\0/, $MessagesInfo->{$id}))[0]; + $from = lc($from); $from =~ s/^$//; # trailing <> $fromdomain = $from; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dobos_s at IBCNET.HU Thu Jan 31 13:54:39 2002 From: dobos_s at IBCNET.HU (Sandor Dobos) Date: Thu Jan 12 21:14:22 2006 Subject: Bug in Local Domains Message-ID: Thanks, It seems You have more perl knowledge than I have :-))) I forget something: You should write all the input files (localdomains, spamwhitelist) in lower case, or add "lc" to appropriate lines in config.pl too. Dobos Sandor IBCnet Hungary Ltd. Julian Field cc: Sent by: Subject: Re: Bug in Local Domains MailScanner mailing list 2002.01.31 12:33 Please respond to MailScanner mailing list At 11:00 31/01/2002, you wrote: >The from/to addresses are case insensetive in SMTP protokoll, but >mailscanner uses it in case sensitive way. >For example if You send a mail from Your ABC.com domain, and in Local >Domains file is only abc.com, then >if Your mail is disinfected it will be sent to outer recipients in spite of >You set not to deliver from local addresses! > >The same case-sensitivity problem exists with spam white list. Here's a rather briefer change that achieves much the same thing: Just two lines to add. *** sendmail.pl Wed Jan 30 14:00:13 2002 --- sendmail.pl.new Thu Jan 31 11:28:32 2002 *************** *** 170,175 **** --- 170,176 ---- next if $SkipChecks; # Check to ensure the sender address isn't in the white list + $from = lc($from); $from =~ s/^$//; # trailing <> $fromdomain = $from; *** disinfect.pl Thu Dec 13 12:37:30 2001 --- disinfect.pl.new Thu Jan 31 11:28:58 2002 *************** *** 98,103 **** --- 98,104 ---- # Don't do this if we aren't delivering cleaned up mail and the message # came from one of the local domains. $from = (split(/\0/, $MessagesInfo->{$id}))[0]; + $from = lc($from); $from =~ s/^$//; # trailing <> $fromdomain = $from; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Jan 31 14:26:23 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Bug in Local Domains In-Reply-To: Message-ID: <5.1.0.14.2.20020131142552.066d7098@imap.ecs.soton.ac.uk> At 13:54 31/01/2002, you wrote: >Thanks, It seems You have more perl knowledge than I have :-))) >I forget something: You should write all the input files (localdomains, >spamwhitelist) >in lower case, or add "lc" to appropriate lines in config.pl too. Already done, will be in the next version (not so critical). >At 11:00 31/01/2002, you wrote: > >The from/to addresses are case insensetive in SMTP protokoll, but > >mailscanner uses it in case sensitive way. > >For example if You send a mail from Your ABC.com domain, and in Local > >Domains file is only abc.com, then > >if Your mail is disinfected it will be sent to outer recipients in spite >of > >You set not to deliver from local addresses! > > > >The same case-sensitivity problem exists with spam white list. > >Here's a rather briefer change that achieves much the same thing: >Just two lines to add. > >*** sendmail.pl Wed Jan 30 14:00:13 2002 >--- sendmail.pl.new Thu Jan 31 11:28:32 2002 >*************** >*** 170,175 **** >--- 170,176 ---- > next if $SkipChecks; > > # Check to ensure the sender address isn't in the white list >+ $from = lc($from); > $from =~ s/^ $from =~ s/>$//; # trailing <> > $fromdomain = $from; > >*** disinfect.pl Thu Dec 13 12:37:30 2001 >--- disinfect.pl.new Thu Jan 31 11:28:58 2002 >*************** >*** 98,103 **** >--- 98,104 ---- > # Don't do this if we aren't delivering cleaned up mail and the >message > # came from one of the local domains. > $from = (split(/\0/, $MessagesInfo->{$id}))[0]; >+ $from = lc($from); > $from =~ s/^ $from =~ s/>$//; # trailing <> > $fromdomain = $from; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Jan 31 14:49:56 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:22 2006 Subject: Per-Domain scanning for viruses and spam Message-ID: <5.1.0.14.2.20020131142634.067417c0@imap.ecs.soton.ac.uk> I have implemented per-domain scanning for viruses and spam. It involves a few new keywords in the config file to switch the various bits on and off: ># ># Per-Domain Scanning and Spam Detection ># ># Do we want to only scan certain named domains for viruses and spam? >Scanning By Domain = yes > ># Filename listing all the domains we want to scan >Domains To Scan = /usr/local/MailScanner/etc/domains.to.scan.conf > ># Do we want to add a MailScanner header to messages we have not scanned >Sign Unscanned Messages = yes > ># What do we want to put in the header >Unscanned Header = not scanned What I need now is some beta-testers to try out the new features. Volunteers to me in person at mailscanner@ecs.soton.ac.uk (not the list) please. As this is really an option for commercial sites (ISP's mostly) then all contributions to my PayPal account are most welcome :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Thu Jan 31 15:06:25 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:22 2006 Subject: how can i... Message-ID: <003b01c1aa68$daabfdf0$48cf75cc@fizz> How can i get it to show the hits on mail NOT marked as spam, maybe include the stuff spamassassin includes in all mail. I monitor both mailing lists and i think this would be a great thing :) heres a sample X-Spam-Report: 5.36 hits, 5 required; * 1.6 -- Contains phrases frequently found in spam [score: 21, hits: for your] * 1.0 -- spam-phrase score is over 20 * 0.8 -- Received via known spam-harbouring dialups * 2.0 -- Received via a relay in relays.osirusoft.com [RBL check: found 129.129.246.209.relays.osirusoft.com.] ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From Jed.Brown at RL.AC.UK Thu Jan 31 15:15:08 2002 From: Jed.Brown at RL.AC.UK (Brown, J (Jed) ) Date: Thu Jan 12 21:14:22 2006 Subject: JISCmail Service: W32/MyParty-A Virus Infection Message-ID: <350DC7048372D31197F200902773DF4C01B25C6D@exchange11.rl.ac.uk> Affected List Owners (sent as blind copy using LISTNAME-Request of all affected lists). I write to apologise for the recent virus infection which affected your JISCmail mailing list. This message provides details of what happened, the actions we took to limit the impact and to clean up afterwards; and finally our plans to prevent it happening again. Details of the virus are to be found on http://vil.nai.com/vil/content/v_99332.htm but the most important features are: - the infected file is uuencoded as a plain text file imbedded in the main body of the message rather than as the more usual MIME attachment; - the file name looks very like a web address and may trick recipients into opening the infected file; - some virus protection systems were not able to detect the embedded file and scan it even though they had details of its 'signature'; and so the virus spread quite rapidly through the community. Only 9 JISCmail lists received a copy of the infected message before distribution was stopped while a fix was developed that rejected infected messages. A larger number received warnings and/or disinfected messages. We have removed infected messages from the archives of the affected lists. We now plan to review our policy on how we treat attachments which may contain executable code. We already reject mail containing known viruses but we may introduce changes to identify potentially harmful attachments. We shall discuss these policy changes with the JISCmail Advisory Group and OWNERS-TALK as appropriate and will make any general announcements to OWNERS-UNIQUE and on the JISCmail web. Jed Brown JISCmail Director Rutherford Appleton Laboratory, Chilton, DIDCOT, Oxon OX11 0QX Tel: +44 1235 446609, Mob: +44 7770 652485 Fax: +44 1235 446626 From brose at MED.WAYNE.EDU Thu Jan 31 15:46:21 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:22 2006 Subject: how can i... Message-ID: Most like it would be to comment out if ($spammy) { and it's closing bracket in sendmail.pl since it's the tagger routine. -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Thursday, January 31, 2002 10:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: how can i... How can i get it to show the hits on mail NOT marked as spam, maybe include the stuff spamassassin includes in all mail. I monitor both mailing lists and i think this would be a great thing :) heres a sample X-Spam-Report: 5.36 hits, 5 required; * 1.6 -- Contains phrases frequently found in spam [score: 21, hits: for your] * 1.0 -- spam-phrase score is over 20 * 0.8 -- Received via known spam-harbouring dialups * 2.0 -- Received via a relay in relays.osirusoft.com [RBL check: found 129.129.246.209.relays.osirusoft.com.] ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From R.A.Gardener at SHU.AC.UK Thu Jan 31 15:55:20 2002 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:14:22 2006 Subject: Exim system filters compatibility Message-ID: <003001c1aa6f$b0633cf0$2614348f@CISSYS15> Hi, I'm trying to use exim's system filter in conjunction with mailscanner. Briefly the filter keeps a count of certain words - if this count reaches a theshold the mail is rejected. The filter correctly scans the messages and most mail goes through but the mail that qualifies for rejection sits in the outgoing queue. The Log file tells me that there a "Format error in the spool file" Has anyone else seen this? Can someone confirm that exim system filter works with the exim setup necessary for mailscanner? Regards, Ray Gardener CIS Sheffield Hallam University. 0114 225 4926 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020131/78994806/attachment.html From rishi at THEARGONCOMPANY.COM Thu Jan 31 16:09:53 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:22 2006 Subject: Fw: Warning: E-mail viruses detected Message-ID: <051601c1aa71$b83b3980$1b02a8c0@theargoncompany.com> Hi, Can anyone help? How did this happen? They were plain PDF files and for sure did not have any Viruses in them. Regards Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com ----- Original Message ----- From: MailScanner To: rishi@TheArgonCompany.com Sent: Thursday, January 31, 2002 9:38 PM Subject: Warning: E-mail viruses detected Our virus detector has just been triggered by a message you sent:- To: , , , , , Subject: PHP not supported on Cobalt RaQ3 - BUT supported in RaQ4 Date: Thu Jan 31 21:38:58 2002 One or more of the attachments are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files or putting them into a "zip" file to avoid this constraint. The virus detector said this about the message: Report: Attempt to hide real filename extension in datasheet.raq3.pdf Report: Attempt to hide real filename extension in datasheet.raq4.pdf -- MailScanner Email Virus Scanner From S.R.Patterson at SOTON.AC.UK Thu Jan 31 16:29:44 2002 From: S.R.Patterson at SOTON.AC.UK (Patterson, S R) Date: Thu Jan 12 21:14:23 2006 Subject: Warning: E-mail viruses detected Message-ID: The files match the rule which tries to stop attachements that are attempting to hide their true file type from getting through. If you don't like this behaviour I suggest you take another read of the docs and the config files and turn it off. Cheers, Steve -----Original Message----- From: Rishi Gangoly [mailto:rishi@THEARGONCOMPANY.COM] Sent: 31 January 2002 16:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Fw: Warning: E-mail viruses detected Hi, Can anyone help? How did this happen? They were plain PDF files and for sure did not have any Viruses in them. Regards Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg Mumbai - 400039 Phone: 2361313 Pager: 9624-533230 Call Centre: 2361311 Website: www.TheArgonCompany.com Yahoo Messenger: rishigangoly MSN Messenger: rishi@theargoncompany.com ----- Original Message ----- From: MailScanner To: rishi@TheArgonCompany.com Sent: Thursday, January 31, 2002 9:38 PM Subject: Warning: E-mail viruses detected Our virus detector has just been triggered by a message you sent:- To: , , , , , Subject: PHP not supported on Cobalt RaQ3 - BUT supported in RaQ4 Date: Thu Jan 31 21:38:58 2002 One or more of the attachments are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files or putting them into a "zip" file to avoid this constraint. The virus detector said this about the message: Report: Attempt to hide real filename extension in datasheet.raq3.pdf Report: Attempt to hide real filename extension in datasheet.raq4.pdf -- MailScanner Email Virus Scanner From David.Sullivan at BARNET.AC.UK Thu Jan 31 16:33:35 2002 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:14:23 2006 Subject: Fw: Warning: E-mail viruses detected In-Reply-To: <051601c1aa71$b83b3980$1b02a8c0@theargoncompany.com> Message-ID: <3C59723F.24250.25A28ACE@localhost> On 31 Jan 2002 at 21:39, Rishi Gangoly wrote: > Hi, > > Can anyone help? > > How did this happen? > > They were plain PDF files and for sure did not have any Viruses in them. > > One or more of the attachments are on the list of unacceptable attachments > for this site and will not have been delivered. > > Consider renaming the files or putting them into a "zip" file to avoid > this constraint. > > The virus detector said this about the message: > Report: Attempt to hide real filename extension in datasheet.raq3.pdf > Report: Attempt to hide real filename extension in datasheet.raq4.pdf This will happen for any "double extension" that doesn't have an explicit "allow" in the filename.rules.conf This has caught us out, we've recently added ".doc" as an allow rule so you may want to do a similar thing for ".pdf" files. Whether this is *completely* safe is debateable. Regards -- David Sullivan IT Services, Barnet College, London David.Sullivan@barnet.ac.uk 020 8275 5036 From dpowell at LSSI.NET Thu Jan 31 17:06:53 2002 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:14:23 2006 Subject: Fw: Warning: E-mail viruses detected In-Reply-To: <3C59723F.24250.25A28ACE@localhost> References: <3C59723F.24250.25A28ACE@localhost> Message-ID: <1012496813.1744.4.camel@powell> Please change the subject of this message. You are messing up my email filters :) On Thu, 2002-01-31 at 11:33, David Sullivan wrote: > On 31 Jan 2002 at 21:39, Rishi Gangoly wrote: > > > Hi, > > > > Can anyone help? > > > > How did this happen? > > > > They were plain PDF files and for sure did not have any Viruses in them. > > > > > > > One or more of the attachments are on the list of unacceptable attachments > > for this site and will not have been delivered. > > > > Consider renaming the files or putting them into a "zip" file to avoid > > this constraint. > > > > The virus detector said this about the message: > > Report: Attempt to hide real filename extension in datasheet.raq3.pdf > > Report: Attempt to hide real filename extension in datasheet.raq4.pdf > This will happen for any "double extension" that doesn't have an explicit > "allow" in the filename.rules.conf > > This has caught us out, we've recently added ".doc" as an allow rule so you may > want to do a similar thing for ".pdf" files. > Whether this is *completely* safe is debateable. > > Regards > > -- > David Sullivan IT Services, Barnet College, London > David.Sullivan@barnet.ac.uk > 020 8275 5036 -- Darrin Powell System Administrator LSSi, Corp. (919) 466-6803 From R.A.Gardener at SHU.AC.UK Thu Jan 31 16:55:05 2002 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:14:23 2006 Subject: Exim system filters compatibility Message-ID: <007901c1aa78$0963d6e0$2614348f@CISSYS15> Re: my original message below; on turning off SPAM checking in mailscanner the filter works. Strange! Version of mailscanner is 3.04 of exim 3.33. Is there something missing in my configuration? Regards ----- Original Message ----- From: Ray Gardener To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thursday, January 31, 2002 3:55 PM Subject: Exim system filters compatibility Hi, I'm trying to use exim's system filter in conjunction with mailscanner. Briefly the filter keeps a count of certain words - if this count reaches a theshold the mail is rejected. The filter correctly scans the messages and most mail goes through but the mail that qualifies for rejection sits in the outgoing queue. The Log file tells me that there a "Format error in the spool file" Has anyone else seen this? Can someone confirm that exim system filter works with the exim setup necessary for mailscanner? Regards, Ray Gardener CIS Sheffield Hallam University. 0114 225 4926 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020131/a5bc4855/attachment.html From rishi at THEARGONCOMPANY.COM Thu Jan 31 19:18:08 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:23 2006 Subject: GNU / Linux based Anti Virus Software! References: <051601c1aa71$b83b3980$1b02a8c0@theargoncompany.com> Message-ID: <01b701c1aa8c$04b37e20$0a00a8c0@gangfam.com> Thoughts on GNU/Linux concept. Has anyone in the GNU/Linux community thought of writing an Anti Virus software? If not I wonder why? What are your thoughts? Regards Rishi From yelsir at MAGNATECHONLINE.COM Thu Jan 31 19:27:53 2002 From: yelsir at MAGNATECHONLINE.COM (Yussef M. ElSirgany) Date: Thu Jan 12 21:14:23 2006 Subject: GNU / Linux based Anti Virus Software! In-Reply-To: <01b701c1aa8c$04b37e20$0a00a8c0@gangfam.com> Message-ID: Rishi, There is a gnu antivirus software project it is @ http://lavp.sourceforge.net/ it is the second listing for gnu antivirus in google.com Problem is staying on top of all new virus defs and having people analyze new viruses not really av virus engine development. Yussef M. ElSirgany Magnatech Business Systems Phone: 516-931-4444 Ext.105 Fax: 516-931-1264 Email: yelsir@magnatechonline.com > > Thoughts on GNU/Linux concept. > > Has anyone in the GNU/Linux community thought of writing an Anti Virus > software? > > If not I wonder why? > > What are your thoughts? > > Regards > > Rishi > From nwp at LEMON-COMPUTING.COM Thu Jan 31 20:28:20 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:23 2006 Subject: Exim system filters compatibility In-Reply-To: <007901c1aa78$0963d6e0$2614348f@CISSYS15>; from R.A.Gardener@SHU.AC.UK on Thu, Jan 31, 2002 at 04:55:05PM -0000 References: <007901c1aa78$0963d6e0$2614348f@CISSYS15> Message-ID: <20020131202820.A12346@lemon-computing.com> On Thu, Jan 31, 2002 at 04:55:05PM -0000, Ray Gardener wrote: > Re: my original message below; on turning off SPAM checking in mailscanner the filter works. Strange! Version of mailscanner is 3.04 of exim 3.33. Is there something missing in my configuration? More likely something dodgy in my code. If you could send me a copy of your exim filter and the various mailscanner.conf files that either do or don't trigger it, I'll have a look. In the past, that symptom has usually been because I've miscalculated the length of a header in the exim spool file. It could also be that an element of the spool file is present that I've not seen before, or that 3.33 has something new that I need to look at. Most likely just a bug, though. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Avoid gunfire in the bathroom tonight. From nwp at LEMON-COMPUTING.COM Thu Jan 31 20:29:46 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:23 2006 Subject: Exim system filters compatibility In-Reply-To: <007901c1aa78$0963d6e0$2614348f@CISSYS15>; from R.A.Gardener@SHU.AC.UK on Thu, Jan 31, 2002 at 04:55:05PM -0000 References: <007901c1aa78$0963d6e0$2614348f@CISSYS15> Message-ID: <20020131202946.B12346@lemon-computing.com> On Thu, Jan 31, 2002 at 04:55:05PM -0000, Ray Gardener wrote: > Re: my original message below; on turning off SPAM checking in mailscanner the filter works. Strange! Version of mailscanner is 3.04 of exim 3.33. Is there something missing in my configuration? Oh, I forgot to mention. There was a bug in the header-mangling code for Exim that caused this symptom when messages were tagged as spam by mailscanner. It should no longer be there in 3.04, though. -- Nick Phillips -- nwp@lemon-computing.com You can create your own opportunities this week. Blackmail a senior executive. From miguelk at KONSULTEX.COM.BR Thu Jan 31 21:26:52 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren =?iso-8859-1?Q?O=B4?= Brien de Lacy) Date: Thu Jan 12 21:14:23 2006 Subject: GNU / Linux based Anti Virus Software! References: Message-ID: <3C59B69C.2124502A@konsultex.com.br> You can also check out www.openantivirus.org which has links to a java based anti virus and to a very promising idea of a product called halflife which proposes to scan at the packet level (I assume that reassembling the packets first). This is something I am interested in because the licensing schemes the anti virus vendors propose make any solution realtively expensive. Miguel "Yussef M. ElSirgany" wrote: > Rishi, > > There is a gnu antivirus software project it is @ > http://lavp.sourceforge.net/ it is the second listing for gnu antivirus in > google.com > > Problem is staying on top of all new virus defs and having people analyze > new viruses not really av virus engine development. > > Yussef M. ElSirgany > Magnatech Business Systems > > Phone: 516-931-4444 Ext.105 > Fax: 516-931-1264 > Email: yelsir@magnatechonline.com > > > > > Thoughts on GNU/Linux concept. > > > > Has anyone in the GNU/Linux community thought of writing an Anti Virus > > software? > > > > If not I wonder why? > > > > What are your thoughts? > > > > Regards > > > > Rishi > > From hyooga at WT.NET Thu Jan 31 23:51:40 2002 From: hyooga at WT.NET (Paul) Date: Thu Jan 12 21:14:23 2006 Subject: Spamassassin Timeout! Message-ID: <200201312346.g0VNkkY23990@smtp3.wt.net> Hi all, Could anyone please give me some ideas why I receive "SpamAssassin timed out and was killed" message. I am running perl 5.0053 and SA 1.5 with MailScanner 3.04. Thanks in advanced Paul From taz at TAZ-MANIA.COM Fri Jan 4 02:56:51 2002 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I could only have one I would prefer command-line. However couldn't there be a flag to indicate which mode a filter uses? Also I'm hoping that multiple plug-ins are allowed... I want to write one and I may find that billy-bob wrote one I would like to include as well. I also would prefer a score, That's the most flexible... If I want pass/fail I just make it always return a super high score. THANKS!! Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I write you folks a generic way of adding in a spam-processing plugin, how would you like it to work? A command-line or a function call? How do you want the envelope data? (client ip, sender, recipients) Returns a spam yes/no flag, or a score to add to SpamAssassin? Or a yes/no flag with a configurable score in MailScanner.conf? How do you actually want this interface to work? P.S. Do my PGP-signed list postings look okay? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHsfhH2WUcUFbZUEQKwFQCfWsqhGU1ygJCbIpArZKL7ZcugOVYAn3RC dMdSQsxMGcrL51Ei8fikXSaM =a9hr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ]