email tagged as Denial of Service but not being saved

Robert Hicks rhicks at MINES.EDU
Fri Nov 1 21:35:45 GMT 2002 

Julian,

Thanks for the quick response!   Do I need to update anything or
did my upgrade to 4.04-1 take care of it?


Robert


On Fri, 1 Nov 2002, Julian Field wrote:

> Thanks for reporting that. It is now detecting and handling this correctly.
>
> At 19:54 01/11/2002, you wrote:
> >I upgraded from Mailscanner 1.x to 4.03-1 three days ago.
> >The new version(4.03-1) is working great as far as I can
> >tell with the exception of one thing.
> >
> >The issue is that over the past three days I have seen four "Denial of
> >Service" messages logged to syslog but no attachments or body messages are
> >being saved.
> >The user does get an email that says "look here" with the correct message
> >ID as I would expect but the message(and message ID
> >directory) are never created in the quarantine area.   Postmaster also
> >does not get any email regarding the DoS message.  Syslog normally would
> >show "Saved entire message" or "Saved infected "filename"" but nothing
> >shows in syslog
> >other than "Denial of Service attack in in message gXXXXXXXXXXX."
> >I need to allow the end user the option of at least seeing the
> >quarantined data even if it is a broken or does not contain a properly
> >attached document.
> >
> >Has anyone seen this problem before?   From what I can tell, all virus
> >infected files ARE being saved and logged properly.   I have increased the
> >timeout TNEF timeout in hope that it will help in some fashion
> >even though it has nothing to do with creating quarantined directories
> >and email postmaster of a DoS message.
> >
> >I just put 4.04-1 earlier today.  I haven't seen any new DoS messages
> >be tagged yet.
> >
> >Also.....
> >Is there any way to prevent MailScanner from catching "external body"
> >messages and tagging them?  I have seen a couple of other posts on
> >the subject but nothing concrete on being a future release option.
> >
> >
> >AIX 5.1-002, Perl 5.6.0, TNEF=internal, Mcafee, TNEF Timeout = 120,
> >Scanner Timeout=300,Quarantine Infections = yes, Quarantine Whole Message
> >= yes
> >
> >
> >Thanks in advance,
> >
> >Robert
>
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ
>

More information about the MailScanner mailing list