email tagged as Denial of Service but not being saved
Robert Hicks
rhicks at MINES.EDU
Fri Nov 1 19:54:01 GMT 2002
I upgraded from Mailscanner 1.x to 4.03-1 three days ago.
The new version(4.03-1) is working great as far as I can
tell with the exception of one thing.
The issue is that over the past three days I have seen four "Denial of
Service" messages logged to syslog but no attachments or body messages are being saved.
The user does get an email that says "look here" with the correct message
ID as I would expect but the message(and message ID
directory) are never created in the quarantine area. Postmaster also
does not get any email regarding the DoS message. Syslog normally would
show "Saved entire message" or "Saved infected "filename"" but nothing shows in syslog
other than "Denial of Service attack in in message gXXXXXXXXXXX."
I need to allow the end user the option of at least seeing the
quarantined data even if it is a broken or does not contain a properly
attached document.
Has anyone seen this problem before? From what I can tell, all virus
infected files ARE being saved and logged properly. I have increased the
timeout TNEF timeout in hope that it will help in some fashion
even though it has nothing to do with creating quarantined directories
and email postmaster of a DoS message.
I just put 4.04-1 earlier today. I haven't seen any new DoS messages
be tagged yet.
Also.....
Is there any way to prevent MailScanner from catching "external body"
messages and tagging them? I have seen a couple of other posts on
the subject but nothing concrete on being a future release option.
AIX 5.1-002, Perl 5.6.0, TNEF=internal, Mcafee, TNEF Timeout = 120,
Scanner Timeout=300,Quarantine Infections = yes, Quarantine Whole Message = yes
Thanks in advance,
Robert
More information about the MailScanner
mailing list