3.04-1 doesn't spam check

Gerry Doris gerry at DORFAM.CA
Tue Jan 29 22:57:02 GMT 2002


Well, I don't know if this was the "correct" way to do it but...

Julian suggested way back when I was having problems that perhaps it was
the downlevel version of perl that I was using (I'm running RH 7.1).  I
updated using CPAN to 5.6.1.  That wasn't the cause of the problem I was
having but that's another story.

I noticed that I now had two different perl installs;  the old one to
5.6.0 and the new one at 5.6.1.  I manually went in and deleted the 5.6.0
stuff.  I then reinstalled mailscanner and spanassassin (not just
restarted).

Everything has worked fine since.


Gerry

On Tue, 29 Jan 2002, Gene Ruebsamen wrote:

> Okay, I know you guys are probably sick of hearing this, but this problem
> seems to be the same problem I am haveing, and is possibly related to the
> PERL path problem. (see previous post).
>
> Am I correct in assuming that the RPM install of MailScanner on RH7.2 looks
> for Perl Version 5.6.0?
>
> I have the same configuration as Stephen, and I cannot get MailScanner to
> flag spam using SpamAssassin 2.01, and the reason is because MailScanner
> assumes a path to perl 5.6.0 instead of perl 5.6.1.
>
> Any ideas?
>
> Gene Ruebsamen
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Stephen Nelson
> Sent: Tuesday, January 29, 2002 1:09 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: 3.04-1 doesn't spam check
>
>
> Something seems a bit odd with my current setup... I upgraded to 3.04-1,
> and since then no spam messages are being marked. Running in debug mode
> gave no messages (and quit after a single message was processed, but that
> looks like a feature). There are no error messages in either the maillog or
> the messages file. Spamassassin seems to run fine from the command line.
>
> Since I'm not seeing other messages about this, I'm assuming I scrambled a
> config file. I'm running perl v5.6.1 and SpamAssassin 2.01 on a Red Hat
> Linux 7.2 system.
>
> What have I missed? My config file is as follows. The primary tweaks are
> that I deliver individually in the background (there is only one user, so
> that seems optimal) and that I give SpamAssassin a timeout of 720 (I'm on a
> dialup, so I want to give SpamAssassin time to establish a network link for
> RBL). Spam checking and spamassassin are both set to "yes".
>
> Any ideas?
>
> ---- CUT HERE ---
> # Configuration file for MailScanner E-Mail Virus Scanner
> # This file assumes everything is in the default locations provided
> # by the MailScanner and RedHat 6.2 and upwards.
>
> # User to run as (provided for Exim users)
> #Run As User = mail
>
> # Group to run as (provided for Exim users)
> #Run As Group = mail
>
> # In every batch of virus-scanning, limit the maximum
> # a) number of text-only messages to deliver
> # b) number of potentially infected messages to unpack and scan
> # c) total size of text-only messages to deliver
> # d) total size of potentially infected messages to unpack and scan
> Max Safe   Messages Per Scan = 500
> Max Unsafe Messages Per Scan = 100
> Max Safe   Bytes Per Scan = 100000000
> Max Unsafe Bytes Per Scan = 50000000
>
> # To avoid resource leaks, re-start periodically.
> Restart Every = 14400 # 4 hours
>
> # Name of this host, or just "the MailScanner" if you want to hide this
> info.
> # It can be placed in the Help Desk note contained in virus warnings sent
> to users.
> Host name          = the MailScanner
>
> # Add this extra header to all mail as it is scanned.
> # (this must *include* terminating colon).
> Mail Header = X-MailScanner:
>
> # Set the mail header to these values for clean/infected messages.
> Clean Header       = Found to be clean
> Infected Header    = Found to be infected
> Disinfected Header = Disinfected
>
> # Set where to unpack incoming messages before scanning them
> Incoming Work Dir  = /var/spool/MailScanner/incoming
>
> # Set where to store infected message attachments (if they are kept)
> Quarantine Dir     = /var/spool/MailScanner/quarantine
>
> # Set where to store the process id so you can easily stop the scanner
> Pid File           = /usr/local/MailScanner/var/virus.pid
>
> # Set where to find the attachment filename ruleset.
> # The structure of this file is explained elsewhere, but it is used to
> # accept or reject file attachments based on their name, regardless of
> # whether they are infected or not.
> Filename Rules     = /usr/local/MailScanner/etc/filename.rules.conf
>
> # Set where to find the message text sent to users when one of their
> # attachments has been quarantined.
> Stored Virus Message Report
> = /usr/local/MailScanner/etc/stored.virus.message.txt
> Stored Bad Filename Message Report
> = /usr/local/MailScanner/etc/stored.filename.message.txt
>
> # Set where to find the message text sent to users when one of their
> # attachments has been deleted.
> Deleted Virus Message Report
> = /usr/local/MailScanner/etc/deleted.virus.message.txt
> Deleted Bad Filename Message Report
> = /usr/local/MailScanner/etc/deleted.filename.message.txt
>
> # Set where to find the message text sent to users explaining about the
> # attached disinfected documents.
> Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt
>
> # Set location of incoming mail queue
> # and location of outgoing mail queue.
> Incoming Queue Dir = /var/spool/mqueue.in
> Outgoing Queue Dir = /var/spool/mqueue
>
> # Set whether to use sendmail or exim (default is sendmail)
> MTA                = sendmail
>
> # Set how to invoke MTA when sending created message
> # (e.g. to sender/recipient saying "found a virus in your message")
> Sendmail           = /usr/sbin/sendmail
>
> # Sendmail2 is provided for Exim users.
> # It defaults to the value supplied for Sendmail.
> # It is the command used to attempt delivery of outgoing
> # (scanned/cleaned) messages.
> # This is not usually required for sendmail.
> #Sendmail2          = /usr/sbin/exim -C /etc/exim_send.conf
>
> # Do you want to scan email for viruses?
> # A few people have wanted to disable the entire virus scanning.
> Virus Scanning     = yes
>
> # Which Virus Scanning package to use:
> # sophos    from www.sophos.com, or
> # mcafee    from www.mcafee.com, or
> # command   from www.command.co.uk, or
> # kaspersky from www.kaspersky.com, or
> # inoculate from www.cai.com/products/inoculateit.htm, or
> # f-secure  from www.f-secure.com, or
> # f-prot    from www.f-prot.com (which is *free* for Linux as of 1/1/2002)
> Virus Scanner      = f-prot
>
> # Where the Virus scanner is installed. This is the command needed to run
> it.
> #
> # Note: If you want to use multiple virus scanners, then this should be a
> # comma-separated list of commands, **in the same order** as they are listed
> # in the "Virus Scanner" keyword just above. For example:
> # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f-
> protwrapper
> #
> Sweep = /usr/local/f-prot/f-prot
>
> # The maximum length of time the commercial virus scanner is allowed to run
> # for 1 batch of messages (in seconds).
> Virus Scanner Timeout = 300
>
> # Expand TNEF attachments using an external program?
> # This should be "yes" except for Sophos (when it should be "no")
> # as Sophos has the facility built-in.
> Expand TNEF        = yes
>
> # Where the MS-TNEF expander is installed.
> # The new --maxsize option limits the maximum size that any expanded
> attachment
> # may be. It helps protect against Denial Of Service attacks in TNEF files.
> TNEF Expander      = /usr/local/MailScanner/bin/tnef --maxsize=100000000
>
> # The maximum length of time the TNEF Expander is allowed to run for 1
> message.
> # (in seconds)
> TNEF Timeout       = 120
>
> # What should the attachments be called that replace virus-infected files?
> Attachment Warning Filename = VirusWarning.txt
>
> # Should we scan all messages, including plain-text messages which are
> normally
> # harmless? This should be "yes" since the MyParty message appeared.
> Scan All Messages = yes
>
> # Once we have removed viruses from an email message and replaced them with
> # VirusWarning.txt attachments, should we deliver the clean result to the
> # original recipients (or just delete them if "no")?
> Deliver To Recipients = yes
>
> # Deliver messages with viruses removed to their original recipients
> # if they came from a local address, or just delete them so no-one knows
> # we have a virus outbreak on our site?
> Deliver From Local Domains = yes
>
> # Notify the senders of infected messages that they should check out
> # their systems?
> Notify Senders = yes
>
> # Set where to find the message text sent to the senders of infected
> # messages.
> #Sender Report = /usr/local/MailScanner/etc/sender.report.txt
> Sender Virus Report
> = /usr/local/MailScanner/etc/sender.virus.report.txt
> Sender Bad Filename Report
> = /usr/local/MailScanner/etc/sender.filename.report.txt
> Sender Error Report
> = /usr/local/MailScanner/etc/sender.error.report.txt
>
> # Notify the local postmaster when any infections are found?
> Notify Local Postmaster = yes
>
> # Include the full headers of each message in the postmaster notification?
> Postmaster Gets Full Headers = no
>
> # Set email address of who to notify about any infections found.
> # Should put your full domain name here too,
> #    e.g. postmaster at your.domain.com
> Local Postmaster = postmaster
>
> # Set what to do with infected attachments or messages.
> # keep   ==> Store under the "Quarantine Dir"
> # delete ==> Just delete them
> #Action = delete
> Action = keep
>
> # Should I attempt to disinfect infected attachments and then deliver
> # the clean ones
> Deliver Disinfected Files = yes
>
> # Local domain name, or filename containing a list of local domain names
> # The file supports blank entries, '#' and ';' comment characters and
> # uses the first word off each line. This should be compatible with all
> # such lines in a sendmail or Exim configuration file.
> #Local Domains = /usr/local/MailScanner/etc/localdomains.conf
> Local Domains = speakeasy.org
> Local Domains = speakeasy.net
>
> # Mark infected messages in the message body.
> # There can now be more than 1 of these configuration lines here, so you can
> # break the warning message over multiple lines.
> Mark Infected Messages = yes
> Inline Text Warning = Warning: This message has had one or more attachments
> removed.
> Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment
> (s) for more information.
> Inline HTML Warning = <P><B><FONT SIZE="+1" COLOR="red">Warning:
> </FONT>This message has had one or more attachments removed. Please read
> the "VirusWarning.txt" attachment(s) for more information.</B><BR></P>
>
> # Sign clean messages in the message body.
> # There can be more than 1 of these configuration lines here, so you can
> # break the signature message over multiple lines.
> # Note that enabling this option will add to the overall system load as some
> # major optimisations will no longer be possible!
> Sign Clean Messages = no
> Inline Text Signature = --
> Inline Text Signature = This message has been scanned for viruses and
> Inline Text Signature = dangerous content by MailScanner, and is
> Inline Text Signature = believed to be clean.
> Inline HTML Signature = <BR>--
> Inline HTML Signature = <BR>This message has been scanned for viruses and
> Inline HTML Signature = <BR>dangerous content by
> Inline HTML Signature = <A
> HREF="http://www.mailscanner.info/"><B>MailScanner</B></A>,
> Inline HTML Signature = and is<BR>believed to be clean.
>
> #
> # Spam Detection
> #
> # Should the anti-spam checks be done on all incoming messages?
> Spam Checks = yes
>
> # Set the name of the extra header to add to all messages found to be
> # likely spam.
> Spam Header = X-MailScanner-SpamCheck:
>
> # Do you want to put some text on the front of the subject line when
> # we think it is spam?
> Spam Modify Subject = yes
>
> # What text do we want to put on the front (gets followed by a " ")
> Spam Subject Text = {SPAM?}
>
> # Do we have the SpamAssassin package installed?
> # This is a very good, very clever heuristics-based spam checker.
> # For more info and installation instructions, see
> http://spamassassin.taint.org/
> Use SpamAssassin = yes
>
> # Set the maximum size of message which we will check with SpamAssassin
> # Don't set this too large as your system load will get very high processing
> # huge messages.
> Max SpamAssassin Size = 100000
>
> # Set the maximum time to allow SpamAssassin to process 1 message
> SpamAssassin Timeout = 720
>
> # Set the list of database names and their corresponding DNS domains.
> # All of these databases work in a similar way, allowing the simple use
> # of multiple databases.
> # See www.ordb.org and www.mail-abuse.org for more information.
> # Spam List =
> # MAPS now charge for their services, so you'll have to buy a contract
> before
> # attempting to use the next 3 lines.
> #Spam List = MAPS-RBL, blackholes.mail-abuse.org.
> #Spam List = MAPS-DUL, dialups.mail-abuse.org.
> #Spam List = MAPS-RSS, relays.mail-abuse.org.
> # This next line works for JANET UK Academic sites only
> #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net.
>
> # Define local networks from whom you should always accept mail, and
> # never mark it as spam. This is useful in case your own mail servers
> # are ever in the ORBS or MAPS lists.
> Accept Spam From = 152.78.
> Accept Spam From = 139.166.
> Accept Spam From = 192.168.0.
>
> # Define a list of email addresses and email domains from whom you should
> # always accept mail, and never mark it as spam. This is useful in case
> # someone you correspond with a lot has their mail servers in the ORBS or
> # MAPS lists.
> Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf
>
> #
> # Advanced Features
> # =================
> #
> # Don't bother changing anything below this unless you really know what
> # you are doing.
> #
>
> # Set Debug to 1 to stop it running as a daemon
> # and produce more verbose output
> Debug = 0
>
> # Attempt immediate delivery of messages, or just place them in the outgoing
> # queue for the MTA to deliver at a time of its own choosing?
> # If attempting immediate delivery, do them one at a time,
> #                                or do them in batches of 30 at a time?
> # Delivery Method = queue
> # Delivery Method = individual
> Delivery Method = individual
>
> # How to lock spool files.
> # Don't set this unless you *know* you need to.
> # For sendmail, it defaults to "flock".
> # For Exim, it defaults to "posix".
> # No other type is implemented.
> #Lock Type          = flock
>
> # Where to put the virus scanning engine lock files.
> # These lock files are used between MailScanner and the virus signature
> # "autoupdate" scripts, to ensure that they aren't both working at the
> # same time (which could cause MailScanner to let a virus through).
> Lock File Dir = /tmp
>
> # What to do when you get several MailScanner headers in one message,
> # from multiple MailScanner servers. Values are
> # "append"  : Append the new data to the existing header
> # "add"     : Add a new header
> # "replace" : Replace the old data with the new data
> # Default is "append"
> Multiple Headers = append
>
> # Some versions of Microsoft Outlook generate unparsable Rich Text
> # format attachments. Do we want to deliver these bad attachments anyway?
> # Setting this to yes introduces the slight risk of a virus getting through,
> # but if you have a lot of troubled Outlook users you might need to do this.
> # We are working on a replacement for the TNEF decoder.
> Deliver Unparsable TNEF = no
>
> # When attempting delivery of outgoing messages, should we do it in the
> # background or wait for it to complete? The danger of doing it in the
> # background is that the machine load goes ever upwards while all the
> # slow sendmail processes run to completion. However, running it in the
> # foreground may cause the mail server to run too slowly.
> Deliver In Background = yes
>
> # Minimum acceptable code stability status -- if we come across code
> # that's not at least as stable as this, we barf.
> # This is currently only used to check that you don't end up using untested
> # virus scanner support code without realising it.
> # Levels used are:
> # none  - there may not even be any code.
> # unsupported - code may be completely untested, a contributed dirty hack,
> #     anything, really.
> # alpha  - code is pretty well untested. Don't assume it will work.
> # beta  - code is tested a bit. It should work.
> # supported - code *should* be reliable.
> #
> # Don't even *think* about setting this to anything other than "beta" or
> # "supported" on a system that receives real mail until you have tested it
> # yourself and are happy that it is all working as you expect it to.
> # Don't set it to anything other than "supported" on a system that could
> # ever receive important mail.
> Minimum Code Status = beta
>

--
"The lyfe so short, the craft so long to learne" Chaucer



More information about the MailScanner mailing list