email tagged as Denial of Service but not being saved

Robert Hicks rhicks at MINES.EDU
Sat Nov 2 02:40:07 GMT 2002 

It isn't urgent enough to bypass testing.

Thanks again...

On Friday, November 1, 2002, at 02:43 PM, Julian Field wrote:

> At 21:35 01/11/2002, you wrote:
>> Thanks for the quick response!   Do I need to update anything or
>> did my upgrade to 4.04-1 take care of it?
>
> I'll be releasing an update for v3 and v4 in the next couple of days
> or so,
> as I've got a couple of minor security fixes to publish which I have
> back-ported to v3. The security issues have never been exploited by
> anyone,
> so I would prefer to get them fixed before anyone else finds them.
>
> I leave the commercial guys to delay fixing holes until they have been
> found and exploited :-)
>
> If it's really urgent, I can release earlier, but I would rather do
> some
> more testing first.
>
>> On Fri, 1 Nov 2002, Julian Field wrote:
>> > Thanks for reporting that. It is now detecting and handling this
>> correctly.
>> >
>> > At 19:54 01/11/2002, you wrote:
>> > >I upgraded from Mailscanner 1.x to 4.03-1 three days ago.
>> > >The new version(4.03-1) is working great as far as I can
>> > >tell with the exception of one thing.
>> > >
>> > >The issue is that over the past three days I have seen four
>> "Denial of
>> > >Service" messages logged to syslog but no attachments or body
>> messages are
>> > >being saved.
>> > >The user does get an email that says "look here" with the correct
>> message
>> > >ID as I would expect but the message(and message ID
>> > >directory) are never created in the quarantine area.   Postmaster
>> also
>> > >does not get any email regarding the DoS message.  Syslog normally
>> would
>> > >show "Saved entire message" or "Saved infected "filename"" but
>> nothing
>> > >shows in syslog
>> > >other than "Denial of Service attack in in message gXXXXXXXXXXX."
>> > >I need to allow the end user the option of at least seeing the
>> > >quarantined data even if it is a broken or does not contain a
>> properly
>> > >attached document.
>> > >
>> > >Has anyone seen this problem before?   From what I can tell, all
>> virus
>> > >infected files ARE being saved and logged properly.   I have
>> increased the
>> > >timeout TNEF timeout in hope that it will help in some fashion
>> > >even though it has nothing to do with creating quarantined
>> directories
>> > >and email postmaster of a DoS message.
>> > >
>> > >I just put 4.04-1 earlier today.  I haven't seen any new DoS
>> messages
>> > >be tagged yet.
>> > >
>> > >Also.....
>> > >Is there any way to prevent MailScanner from catching "external
>> body"
>> > >messages and tagging them?  I have seen a couple of other posts on
>> > >the subject but nothing concrete on being a future release option.
>> > >
>> > >
>> > >AIX 5.1-002, Perl 5.6.0, TNEF=internal, Mcafee, TNEF Timeout = 120,
>> > >Scanner Timeout=300,Quarantine Infections = yes, Quarantine Whole
>> Message
>> > >= yes
>> > >
>> > >
>> > >Thanks in advance,
>> > >
>> > >Robert
>> >
>> > --
>> > Julian Field                Teaching Systems Manager
>> > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>> > Tel. 023 8059 2817          University of Southampton
>> >                              Southampton SO17 1BJ
>> >
>
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                             Southampton SO17 1BJ

More information about the MailScanner mailing list