V4.00 Comments

Julian Field mailscanner at ecs.soton.ac.uk
Sun Sep 22 18:29:40 IST 2002


Released version 4.00.0a3.

At 15:06 22/09/2002, you wrote:
>Ok...I have V4.00.0a2 installed and running on a production box right
>now.  Here is what I notice/suggest at this point:
>
>1.  Upon starting V4.00.0a2, the maillog still shows V4.00.0a1

Fixed.

>2.  In the logs:
>
>Sep 22 08:40:41 redline sendmail[28666]: g8MDeea28666:
>from=<owner-uromastyx at icomm.ca>, size=3130, class=-60, nrcpts=1,
>msgid=<17b.ef38590.2abf2207 at aol.com>, proto=ESMTP, daemon=MTA,
>relay=icomm.ca [216.126.72.23]
>Sep 22 08:40:42 redline cucipop[28668]: Opened nathanr's mailbox
>Sep 22 08:40:42 redline cucipop[28668]: nathanr 192.168.0.101 0, 0 (0),
>5 (537030)
>Sep 22 08:40:44 redline MailScanner[28482]: Scanning 1 messages, 3568
>bytes
>Sep 22 08:40:44 redline MailScanner[28482]: Saved archive copies of
>g8MDeea28666
>Sep 22 08:40:44 redline MailScanner[28482]: Spam Checks: Starting
>Sep 22 08:40:45 redline MailScanner[28482]: Spam Checks: Found 0 spam
>messages
>Sep 22 08:40:45 redline MailScanner[28482]: Virus Scanning: Starting
>Sep 22 08:40:46 redline MailScanner[28482]: Virus Scanning: sophos found
>1 infections
>Sep 22 08:40:46 redline MailScanner[28482]: Virus Scanning: Found 0
>viruses
>Sep 22 08:40:46 redline MailScanner[28482]: Other Checks: Starting
>Sep 22 08:40:46 redline MailScanner[28482]: Filename Checks: Allowing
>g8MDeea28666.header (no rule matched)
>Sep 22 08:40:46 redline MailScanner[28482]: Filename Checks: Allowing
>msg-28482-2.txt
>Sep 22 08:40:46 redline MailScanner[28482]: Other Checks: Found 0
>problems
>Sep 22 08:40:46 redline MailScanner[28482]: Uninfected: Delivered 1
>messages
>Sep 22 08:40:46 redline MailScanner[28482]: Disinfection: Attempting to
>disinfect 1 messages
>
>The log is showing that Sophos found 1 infection, however there was no
>infection.  It is doing this on every message that comes in.  Is this an
>error in filename rules or something?

No. Turns out I was using the results output from the scan-a-batch function
wrongly. As a result it was always trying to disinfect, even when there
were no viruses found. Fixed.

>3.  In mailscanner.conf, I think the Max SpamAssassin Size = 50000
>should be increased to say 150000 by default.  Otherwise, if a LARGE
>HTML spam comes in and its size is 50001, SA will bypass it.

It's intentionally set fairly small, as running SpamAssassin is quite heavy
load on large messages. I set to 50,000 as that is bigger than 99% of spam,
so will catch virtually everything while not slowing everything down
processing huge messages with it. If you set the max size large, you better
have lots of CPU available!

>   You might
>also set Debug= no by default.

Done.

>   Could you include a little documentation
>on the # Address of the local Postmaster, which is used as the "From"
>address in
># virus warnings sent to users.
># This can also be the filename of a ruleset.
>
>What is the syntax of this ruleset?  I guess the question would apply to
>the other possible rulesets as well.

Most of the configuration options can take rulesets. Take a look in the
MailScanner/etc/rules directory and you will see a couple of files there to
help you out.

Hope you don't mind me posting this to the list as well, it's generally
useful info for everyone.

>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ecs.soton.ac.uk]
>Sent: Sunday, September 22, 2002 7:50 AM
>To: Mike Kercher
>Subject: RE: GFI Email Security Tests
>
>
>At 13:47 22/09/2002, you wrote:
> >That fixed it!  I am now testing V4 on my middlefinger.net domain :)
> >Lots of information is being logged!
>
>Do you reckon it's a bit too much?
>
> >   I like it a lot at first glance!
> >I think I need to upgrade to your latest release now :)
>
>Please keep me informed of how you get on, particularly any problems you
>
>find or features you like/dislike.
>Thanks!
>
>Jules.

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list