From ugob at CAMO-ROUTE.COM  Sun Aug  1 00:05:18 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:26 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.154.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matthew Henkler wrote:

> I was hoping someone would be able to enlighten me as to if MailScanner with
> SpamAssassin and DCC are able to work with the greylisting features provided
> with DCC.

I've seen a few mentions of the concept of greylist while going through
DCC's list archive, but never really got time to investigate this topic.

If you could tell us briefly what it does and how it is configured, we
might be of help, and Julian could decide or not to implement a change
to support this feature.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jrudd at UCSC.EDU  Sun Aug  1 01:45:59 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:26 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.155.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Jul 31, 2004, at 4:05 PM, Ugo Bellavance wrote:

> Matthew Henkler wrote:
>
>> I was hoping someone would be able to enlighten me as to if
>> MailScanner with
>> SpamAssassin and DCC are able to work with the greylisting features
>> provided
>> with DCC.
>
> I've seen a few mentions of the concept of greylist while going through
> DCC's list archive, but never really got time to investigate this
> topic.
>
> If you could tell us briefly what it does and how it is configured, we
> might be of help, and Julian could decide or not to implement a change
> to support this feature.
>

I could be wrong, but my concept of greylisting is this:

When you receive a message from a source you haven't before (for some
period of time that is at least a few hours, but probably at least a
couple days and not more than a few weeks), you reject it, and then
record the source (which is the combination of _BOTH_ IP address and
sender's email address, though I don't know if you use the envelope or
header address, or both) in your "greylist".

What happens is: if it's a legitimate sender, they'll try again 30
minutes to 3 hours, usually.  Or at least a couple more times in the
next 3-5 days (unless they're prodigy, who says they retry but often
don't), so the second time around that IP address/sender will be in
your greylist, and you'll accept the message.  If it's someone you talk
to a lot, then they'll always be in your greylist, and you shouldn't
end up rejecting them that often (you also record them when a message
is successful, IIRC).

If it's a spam-bot, it will probably take the rejection and throw the
message away (they don't tend to keep big queues of messages), and you
wont hear from them again.  As long as that exact combination of IP
address and sender doesn't come through again in less than your
greylist timeout period, you wont ever accept messages from that
spam-bot.


It's not perfect.  You need to come up with a timeout for entries that
it long enough such that legit sites can come back and get through, but
not so long that you might get the same spam-bot trying again.  Plus,
there is a way that I can think of for spammers to adapt to it (that I
wont go into here), but it also leads to them coming up with a good
retry period, which leads to receivers adjusting their timeouts, and so
on.  But, it is apparently a good tool.

But I think it's more of a sendmail milter type thing than a
mailscanner thing.  By the time mailscanner sees the message, it's too
late to reject it for the sender to try again later.

(meanwhile, I haven't had any spam get through my system at home since
I adopted sendmail 8.13.0, with greet delay, SBL, XBL, and connection
control; and my logs show I'm rejecting a fair share every day)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From henkler at PURDUE.EDU  Sun Aug  1 04:03:11 2004
From: henkler at PURDUE.EDU (Matthew Henkler)
Date: Thu Jan 12 21:26:26 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.156.1137101186.24926.mailscanner@lists.mailscanner.info>

On Sat, 31 Jul 2004, John Rudd wrote:

> But I think it's more of a sendmail milter type thing than a
> mailscanner thing.  By the time mailscanner sees the message, it's too
> late to reject it for the sender to try again later.

Yes, that seems likely now that I think about it.  The way I have it set
up at least, it is  most likely too late for MailScanner to do anything
about.  Guess I'll have to play around with it at the MTA level.

Good explanation of greylisting for everyone though, thanks!

matt

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From stefan.Sabolowitsch at FELTENGMBH.DE  Sun Aug  1 08:17:26 2004
From: stefan.Sabolowitsch at FELTENGMBH.DE (Stefan Sabolowitsch)
Date: Thu Jan 12 21:26:26 2006
Subject: Childprocesses increase and increase. (140MB -> 188MB and up)
Message-ID: <mailman.157.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi List / NG.

I have following here:
WBEL (RHEL-AS) with latest patches / 1GB RAM / 1GHZ Athlon
and latest Version Mailscanner.

On the server max 4 mailscanners processes works.
I see, that increases to everyone of the individual Processe more and more.
(140MB -> 188MB and up).

Currently a process has 193480 kB. Those ones are already 755 MB! How far
is that still supposed to work?

Is that normal?

thanks for every aid / tip

Stefan


Info about Files and Connectios from this Childprocess:

"File" "Descriptor" "Type" "File" "size" "Inode" "Path"
Current dir Directory 4096 3572116 /var/spool/postfix/hold
Root dir Directory 4096 2 /
Program code Regular file 12700 1130768 /usr/bin/perl
Shared library Regular file 5524 2670735 /usr/lib/gconv/ISO8859-1.so
Shared library Regular file 21436 2670791 /usr/lib/gconv/gconv-
modules.cache
Shared library Regular file 90059
983048 /usr/share/locale/de/LC_MESSAGES/libc.mo
Shared library Regular file 271344
1376784 /usr/local/lib/libclamav.so.1.0.4
Shared library Regular file 179496 1212456 /usr/lib/libgmp.so.3.3.2
Shared library Regular file 62128 1212429 /usr/lib/libbz2.so.1.0.2
Shared library Regular file 69171
2703973 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-
multi/auto/Mail/ClamAV/ClamAV.so
Shared library Regular file 54636 3244072 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Digest/MD5/MD5.so
Shared library Regular file 57561
934042 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/Digest/SHA1/SHA1.so
Shared library Regular file 76492 524337 /lib/libresolv-2.3.2.so
Shared library Regular file 83619
1311361 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/Net/DNS/DNS.so
Shared library Regular file 52584 1212474 /usr/lib/libz.so.1.1.4
Shared library Regular file 222464
3670084 /usr/lib/mysql/libmysqlclient.so.10.0.0
Shared library Regular file 181413
1982529 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/DBD/mysql/mysql.so
Shared library Regular file 51908 524325 /lib/libnss_files-2.3.2.so
Shared library Regular file 69835 4554814 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/List/Util/Util.so
Shared library Regular file 114188
1032734 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-
multi/auto/Compress/Zlib/Zlib.so
Shared library Regular file 92441
2965599 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/HTML/Parser/Parser.so
Shared library Regular file 42585 4866074 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/MIME/Base64/Base64.so
Shared library Regular file 46816 2883599 /lib/tls/librtkaio-2.3.2.so
Shared library Regular file 56580
2392524 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/Time/HiRes/HiRes.so
Shared library Regular file 51331 4702234 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Sys/Syslog/Syslog.so
Shared library Regular file 38161 4669500 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Sys/Hostname/Hostname.so
Shared library Regular file 199225
3850347 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-
multi/auto/DBI/DBI.so
Shared library Regular file 793716 524345 /lib/libdb-4.1.so
Shared library Regular file 152003 2720380 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/DB_File/DB_File.so
Shared library Regular file 63573 3801148 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Socket/Socket.so
Shared library Regular file 61658 4620314 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/File/Glob/Glob.so
Shared library Regular file 42977 4882465 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Cwd/Cwd.so
Shared library Regular file 47336 4177969 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/Fcntl/Fcntl.so
Shared library Regular file 56843 2342943 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/IO/IO.so
Shared library Regular file 202346 1523753 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/auto/POSIX/POSIX.so
Shared library Regular file 32140784 3276814 /usr/lib/locale/locale-archive
Shared library Regular file 12548 524343 /lib/libutil-2.3.2.so
Shared library Regular file 23404 524303 /lib/libcrypt-2.3.2.so
Shared library Regular file 1571340 2883592 /lib/tls/libc-2.3.2.so
Shared library Regular file 97420 2883596 /lib/tls/libpthread-0.60.so
Shared library Regular file 213376 2883594 /lib/tls/libm-2.3.2.so
Shared library Regular file 14888 524305 /lib/libdl-2.3.2.so
Shared library Regular file 91484 524309 /lib/libnsl-2.3.2.so
Shared library Regular file 2524937 3178565 /usr/lib/perl5/5.8.0/i386-linux-
thread-multi/CORE/libperl.so
Shared library Regular file 106424 524292 /lib/ld-2.3.2.so
4r Regular file 54478
4473367 /usr/lib/MailScanner/MailScanner/CustomConfig.pm
5r Regular file 16382
4473327 /usr/lib/MailScanner/MailScanner/ConfigDefs.pl

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From massctrl at SKYNET.BE  Sun Aug  1 13:29:55 2004
From: massctrl at SKYNET.BE (JT)
Date: Thu Jan 12 21:26:26 2006
Subject: Rules Du Jour
Message-ID: <mailman.158.1137101186.24926.mailscanner@lists.mailscanner.info>

How can I find out if the "Rules du jour" are really used and actually
working?

Thanks

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug  1 13:36:13 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:26 2006
Subject: Rules Du Jour
Message-ID: <mailman.159.1137101186.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-01 at 13:29, JT wrote:
> How can I find out if the "Rules du jour" are really used and actually
> working?

Look at your logs.





--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Stefan.Sabolowitsch at FELTENGMBH.DE  Sun Aug  1 13:51:42 2004
From: Stefan.Sabolowitsch at FELTENGMBH.DE (Stefan Sabolowitsch)
Date: Thu Jan 12 21:26:26 2006
Subject: AW: Rules Du Jour
Message-ID: <mailman.160.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi JT,

local root recive a email from "Rules du jour".

Stefan

-----Ursprüngliche Nachricht-----
Von: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Im Auftrag
von JT
Gesendet: Sonntag, 1. August 2004 14:30
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Rules Du Jour

How can I find out if the "Rules du jour" are really used and actually
working?

Thanks

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Sun Aug  1 18:06:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.161.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Afternoon all! (Or is it morning or evening right now? Who knows?)

I have just released the latest stable version of MailScanner, 4.32.5.
The major changes for this release are
- Can now run in foreground to help people using daemon monitoring systems.
- Upgrade to latest version of Archive::Zip which fixes some problems with
corrupt zip files.
- The Spam Score number can now be formatted using printf() formatting
specifications.
- Added command-line check to make MailScanner print all its module version
numbers, this should be used in all problem reports to the
MailScanner@jiscmail.ac.uk mailing list. Run it as
        /usr/sbin/MailScanner -v
or
        /opt/MailScanner/bin/MailScanner -v

The full ChangeLog is at the bottom of this message.

Please download it, as usual, from www.mailscanner.info.
Any problems, please shout loud and soon :-)

* New Features and Improvements *

- Per-domain white and blacklisting now supports IP address checks.
- Disarmed web bugs now tell you where they came from.
- New "Run In Foreground" option which will be useful if you are trying to
   use another tool to monitor MailScanner's health and restart it auto-
   matically if it dies for some reason.
- New "--perl=" switch for install.sh on non-RPM systems.
- Added extra strings to languages.conf to support new feature of reporting
   the fault with a message in the subject line of the postmaster report.
- CheckModuleVersion now supports the "-v" command-line option, to make its
   output more verbose.
- Upgraded Archive::Zip to 1.12.
- Added *.job to the list of banned filenames.
- New "Spam Score Number Format" option to allow numeric formatting of the
   number that is substituted for _SCORE_ in the spam score outputting.
- Added "--version" (or "-v" or anything that looks roughly like "-v").
   This will make MailScanner print the version number of all the modules
   that MailScanner uses, along with its own version number.
- Improved MailScanner.conf settings to explicitly say that "Virus Scanners"
   cannot be a ruleset.
- Improvement to installer for non-RPM systems to catch broken MakeMaker on
   some Solaris systems.
- Updated OpenBSD manual installation instructions.
- Added $MailScanner::Config::ConfFile so that Custom Functions can find the
   configuration directory easily.
- Updated Spanish translations.

* Fixes *

- Postfix file corruption problem remaining on a few systems, now fixed.
   It was a Perl bug.
- tar distribution check_mailscanner.cron file now calls check_mailscanner
   and not check_MailScanner.
- Comments output in upgrade_MailScanner_conf made more consistent.
- Moved "Spam List" so it matches the first rule, not all rules. This enables
   you to apply rules for entire domains and exceptions for certain addresses
   within those domains.
- Improved zip of death detection.
- Changed web bug disarming so alt text is only provided if there is a 'src'.
- Fixed bug where autolearn status was reported incorrectly with
SpamAssassin 2.
- Fixed bug causing symptom of missing identically-named nested zip files.
- Fixed bug in ZMailer.pm from Mariano.
- Fixed bug involving '+' characters in address patterns in config compiler.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Aug  1 18:06:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.162.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Afternoon all! (Or is it morning or evening right now? Who knows?)

I have just released the latest stable version of MailScanner, 4.32.5.
The major changes for this release are
- Can now run in foreground to help people using daemon monitoring systems.
- Upgrade to latest version of Archive::Zip which fixes some problems with
corrupt zip files.
- The Spam Score number can now be formatted using printf() formatting
specifications.
- Added command-line check to make MailScanner print all its module version
numbers, this should be used in all problem reports to the
MailScanner@jiscmail.ac.uk mailing list. Run it as
        /usr/sbin/MailScanner -v
or
        /opt/MailScanner/bin/MailScanner -v

The full ChangeLog is at the bottom of this message.

Please download it, as usual, from www.mailscanner.info.
Any problems, please shout loud and soon :-)

* New Features and Improvements *

- Per-domain white and blacklisting now supports IP address checks.
- Disarmed web bugs now tell you where they came from.
- New "Run In Foreground" option which will be useful if you are trying to
   use another tool to monitor MailScanner's health and restart it auto-
   matically if it dies for some reason.
- New "--perl=" switch for install.sh on non-RPM systems.
- Added extra strings to languages.conf to support new feature of reporting
   the fault with a message in the subject line of the postmaster report.
- CheckModuleVersion now supports the "-v" command-line option, to make its
   output more verbose.
- Upgraded Archive::Zip to 1.12.
- Added *.job to the list of banned filenames.
- New "Spam Score Number Format" option to allow numeric formatting of the
   number that is substituted for _SCORE_ in the spam score outputting.
- Added "--version" (or "-v" or anything that looks roughly like "-v").
   This will make MailScanner print the version number of all the modules
   that MailScanner uses, along with its own version number.
- Improved MailScanner.conf settings to explicitly say that "Virus Scanners"
   cannot be a ruleset.
- Improvement to installer for non-RPM systems to catch broken MakeMaker on
   some Solaris systems.
- Updated OpenBSD manual installation instructions.
- Added $MailScanner::Config::ConfFile so that Custom Functions can find the
   configuration directory easily.
- Updated Spanish translations.

* Fixes *

- Postfix file corruption problem remaining on a few systems, now fixed.
   It was a Perl bug.
- tar distribution check_mailscanner.cron file now calls check_mailscanner
   and not check_MailScanner.
- Comments output in upgrade_MailScanner_conf made more consistent.
- Moved "Spam List" so it matches the first rule, not all rules. This enables
   you to apply rules for entire domains and exceptions for certain addresses
   within those domains.
- Improved zip of death detection.
- Changed web bug disarming so alt text is only provided if there is a 'src'.
- Fixed bug where autolearn status was reported incorrectly with
SpamAssassin 2.
- Fixed bug causing symptom of missing identically-named nested zip files.
- Fixed bug in ZMailer.pm from Mariano.
- Fixed bug involving '+' characters in address patterns in config compiler.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From massctrl at SKYNET.BE  Sun Aug  1 18:29:01 2004
From: massctrl at SKYNET.BE (JT)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.163.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi all,

It has been covered before but no fool-proof answers have been given (and
is not likely to happen). I've been contacting almost all of the supported
anti-virus companies and asked them if i could use their command line
version to scan mail.  I didn't mention mailscanner.  The overall answer
was no you can't, you need the virusscanner for mailservers,.....

My statement is:
Mailscanner is handling the task of fetching the mails, strip off the
attachment and scan it with an external virusscanner.

An anti-virus package for mailservers is made to do this too.  Fetch the
mails, strip off the attachment and scan it.

Since Mailscanner is overlapping the functions of the anti-virusscanner for
mailservers the only thing that needs to be done at the end is to scan a
plain file!
Something command-line filescanners are licensed to do!

What is your opinion about this?  Is there someone who has more
knowledge/experience about this? Any legal advice ?

Thanks in advance

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ochanis at ncc.edu  Sun Aug  1 18:43:56 2004
From: ochanis at ncc.edu (Steve Ochani)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.164.1137101186.24926.mailscanner@lists.mailscanner.info>

I had the same problem, that's why I decided to go with clamav


On 1 Aug 2004 at 18:29, JT wrote:

> Hi all,
>
> It has been covered before but no fool-proof answers have been given
> (and is not likely to happen). I've been contacting almost all of the
> supported anti-virus companies and asked them if i could use their
> command line version to scan mail.  I didn't mention mailscanner.  The
> overall answer was no you can't, you need the virusscanner for
> mailservers,.....
>
> My statement is:
> Mailscanner is handling the task of fetching the mails, strip off the
> attachment and scan it with an external virusscanner.
>
> An anti-virus package for mailservers is made to do this too.  Fetch
> the mails, strip off the attachment and scan it.
>
> Since Mailscanner is overlapping the functions of the
> anti-virusscanner for mailservers the only thing that needs to be done
> at the end is to scan a plain file! Something command-line
> filescanners are licensed to do!
>
> What is your opinion about this?  Is there someone who has more
> knowledge/experience about this? Any legal advice ?
>
> Thanks in advance
>
> -------------------------- MailScanner list ---------------------- To
> leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk Before
> posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From massctrl at SKYNET.BE  Sun Aug  1 19:04:24 2004
From: massctrl at SKYNET.BE (JT)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.165.1137101186.24926.mailscanner@lists.mailscanner.info>

Although that's very nice software, that's not an option, commercial anti-
virus scanners are required by most custommers.

Thanks

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From alex at nkpanama.com  Sun Aug  1 19:56:27 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.166.1137101186.24926.mailscanner@lists.mailscanner.info>

How about BitDefender? Single user license is free, I think...

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of JT
Sent: Sunday, August 01, 2004 1:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Licenses

Although that's very nice software, that's not an option, commercial anti-
virus scanners are required by most custommers.

Thanks

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From webmaster at EW3D.COM  Sun Aug  1 20:38:51 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.167.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JT wrote:

>Although that's very nice software, that's not an option, commercial anti-
>virus scanners are required by most custommers.
>
>Thanks
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
>
Hmm... how brainwashed and sad. ClamAV was rated number 4 in speed of
updates for new sigs in the last independent test I read (page is gone
now). Norton was much slower. But, each to their own. As an open source
project, it should excel above all but maybe the very best like f-secure.

So, I guess these same clients demand all commercial products, so why
MailScanner (non-commercial open source)? Why would they rely on a
non-commercial product to run a commercial product? And are you by any
chance on an open source OS?

I can tell you I have several users monotoring the email through our
system for viruses, and after a few months and thousands of emails to
them, not one has found a virus that ClamAV has missed. I'm impressed.
The beauty of it is the whole community has the ability to submit
viruses and that group is getting very large. Much larger than the staff
at any commercial AV company. As I see it, as AV open source programs
like ClamAV get more widely used, it will only get to be an even better
product with blindingly fast updates.

Not trying to start a war here or anything... just trying to make an
interesting point.

John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From alex at nkpanama.com  Sun Aug  1 21:49:20 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.168.1137101186.24926.mailscanner@lists.mailscanner.info>

Very well made. I have clients who also have antivirus protection on their
desktops and have yet to see a single virus pass through ClamAV, provided
it's kept up to date.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of John Hinton
Sent: Sunday, August 01, 2004 2:39 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Licenses

JT wrote:

>Although that's very nice software, that's not an option, commercial anti-
>virus scanners are required by most custommers.
>
>Thanks
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
>
Hmm... how brainwashed and sad. ClamAV was rated number 4 in speed of
updates for new sigs in the last independent test I read (page is gone
now). Norton was much slower. But, each to their own. As an open source
project, it should excel above all but maybe the very best like f-secure.

So, I guess these same clients demand all commercial products, so why
MailScanner (non-commercial open source)? Why would they rely on a
non-commercial product to run a commercial product? And are you by any
chance on an open source OS?

I can tell you I have several users monotoring the email through our
system for viruses, and after a few months and thousands of emails to
them, not one has found a virus that ClamAV has missed. I'm impressed.
The beauty of it is the whole community has the ability to submit
viruses and that group is getting very large. Much larger than the staff
at any commercial AV company. As I see it, as AV open source programs
like ClamAV get more widely used, it will only get to be an even better
product with blindingly fast updates.

Not trying to start a war here or anything... just trying to make an
interesting point.

John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From theaney at CABLESPEED.COM  Sun Aug  1 21:50:50 2004
From: theaney at CABLESPEED.COM (Tim Heaney)
Date: Thu Jan 12 21:26:26 2006
Subject: problem with install.sh on non-RPM system
Message-ID: <mailman.169.1137101186.24926.mailscanner@lists.mailscanner.info>

I have a working MailScanner installation on a non-RPM-based Linux
machine. I just attempted to upgrade to 4.32.5 using the install.sh
script, but I ran into some problems. I have a newer version of Perl,
along with all of the modules required by MailScanner, installed in
/usr/local/bin, so I ran

  # ./install.sh --perl=/usr/local/bin/perl


  Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages
  tree is missing.
  If you have access to an RPM called rpm-build or rpmbuild
  then install it first and come back and try again.

I don't understand why it needs this for the non-RPM version (maybe
the problem is right here?), but I do have rpm installed, so I kept
going. I don't have any of the directories mentioned, but I do have a
/usr/src/rpm, so I linked /usr/src/RPM to that and tried again

  # ./install.sh --perl=/usr/local/bin/perl


  Okay, you have /usr/src/RPM.

  Writing a .rpmmacros file in your home directory to stop
  unpackaged files breaking the build process.
  You can delete it once MailScanner is installed if you want to.


  This script will pause for a few seconds after each major step,
  so do not worry if it appears to stop for a while.
  If you want it to stop so you can scroll back through the output
  then press Ctrl-S to stop the output and Ctrl-Q to start it again.


  If this fails due to dependency checks, and you wish to ignore
  these problems, you can run
      ./install.sh --nodeps

  Rebuilding all the Perl modules for your version of Perl

  Oh good, module ExtUtils::MakeMaker version 6.05 is already installed.

  Oh good, module Net::CIDR version 0.09 is already installed.

  Attempting to build and install perl-IO-stringy-2.108-1
  Missing file perl-rpm/perl-IO-stringy-2.108-1.src.rpm. Are you in the right directory?

  Missing file /usr/src/RPM/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm.
  Maybe it did not build correctly?
  *
  * This Could Be A Problem. Press Ctrl-S Now!!
  *

It seems to be complaining that I don't have a

  perl-rpm/perl-IO-stringy-2.108-1.src.rpm

which is true, I don't have a perl-rpm directory at all. I do have

  perl-tar/IO-stringy-2.108.tar.gz

but I already have IO-stringy-2.109 installed, so why would it be
looking for 2.108 at all, let alone the RPM version?

I extracted

  perl-tar/MailScanner-4.32.5-1.tar.gz

and updated my installation the old way and all seems to be well, but
how is this install.sh method supposed to work?

Thanks!

Tim

Hardware: AMD Athlon 1200MHz, 1024 MB RAM, 60 GB HDD.
Software: Slackware Linux 9.1, Sendmail, SpamAssassin, MailScanner
Virus Scanners: F-Prot
Volume: 20 messages/day

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From massctrl at SKYNET.BE  Sun Aug  1 22:01:26 2004
From: massctrl at SKYNET.BE (No Name)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.170.1137101186.24926.mailscanner@lists.mailscanner.info>

That is COMPLETELY off-topic !!
Please read the original post.

Thank you

Jt

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug  1 22:09:02 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.171.1137101186.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-01 at 22:01, No Name wrote:
> That is COMPLETELY off-topic !!
> Please read the original post.

What is?
If you're going to "reprimand" people at least quote what you consider
to be off topic.


--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From alex at nkpanama.com  Sun Aug  1 22:16:41 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.172.1137101186.24926.mailscanner@lists.mailscanner.info>

Specially if it *is* something that's been discussed before, like in:
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0406&L=mailscanner&P=R57638
&I=-1
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0406&L=mailscanner&P=R21710
&I=-1
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0405&L=mailscanner&P=R20467
&I=-1


and more extensively in:

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0310&L=mailscanner&P=R91313
&I=-1
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0308&L=mailscanner&P=R84325
&I=-1
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0212&L=mailscanner&P=R17643
&I=-1

In essence, BitDefender *is* commercial, but there is also a *free* version.
ClamAV is top of the line anyway.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Michele Neylon : Blacknight Solutions
Sent: Sunday, August 01, 2004 4:09 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Licenses

On Sun, 2004-08-01 at 22:01, No Name wrote:
> That is COMPLETELY off-topic !!
> Please read the original post.

What is?
If you're going to "reprimand" people at least quote what you consider
to be off topic.


--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From res at AUSICS.NET  Mon Aug  2 01:21:05 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.173.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sun, 1 Aug 2004, JT wrote:

> Although that's very nice software, that's not an option, commercial anti-
> virus scanners are required by most custommers.

Why should they care? the point of matter is a Virus Scanenr to do the
job, something ClamAv does.

When you point out its free and has free updates for as far as the future
can see, its saves them money, the license fee some of these companies
want is absolutely beyond any joke, I mean 5$ mail box, might be fine in a
ma and pa office, but stick it in  a corporation with 30000 users, even
the licenses for 10K users etc are almost likened to criminal by some
vendors.
For  instance f-prot has a certain version of their linux scanner for
free, the same scan engine in the scanner for even a small company will
cost thousands....

Other vendora claim if you are scanning mail you must buy their mailserver
license, even if like you said all it's dong is scnaning a file which
MailScanner has already created from a mmail message, you can even use it
according to some vendors with their fileserver version, why? especially
when their mailscanner license is multiple times the fileserver license
*sigh*

As MailScanner extracts and (creates?) the file to be scanned and all we
are doin is calling the virus scanner, so technically the fileserver
scanner is only scanning a file, not an email, it would be a very good
test case in a court somewhere :)

--
Regards,
Res

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From wavedatacom at GMAIL.COM  Mon Aug  2 04:00:35 2004
From: wavedatacom at GMAIL.COM (Chris Cook)
Date: Thu Jan 12 21:26:26 2006
Subject: Getting perl error after installing mailscanner-4.32.5-1 from RPMs
Message-ID: <mailman.174.1137101186.24926.mailscanner@lists.mailscanner.info>

I was running mailscanner 4.26 and have just finished installing the 4.32.5
from the redhat RPMs (using the install.sh script).

When trying to start mailscanner I get the following:

service MailScanner start
Starting MailScanner daemons:
         incoming sendmail:                                [  OK  ]
         outgoing sendmail:                                [  OK  ]
         MailScanner:       Global symbol "$FIELD_NAME" requires explicit
package name at /usr/lib/MailScanner/MailScanner/Message.pm line 4016.
Global symbol "$FIELD_NAME" requires explicit package name at
/usr/lib/MailScanner/MailScanner/Message.pm line 4019.
Compilation failed in require at /usr/sbin/MailScanner line 52.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
                                                           [  OK  ]

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From greyhair at GREYHAIR.NET  Mon Aug  2 06:11:46 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.175.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JT,

Licenses:
Read the license agreements carefully for the product you think is
correct for your application.  Res' point is a good one that could
lead to a bad situation... your are only scanning a file, you use a
3rd party program to automate the process (MailScanner).  You are
not relying on (trusting?) the AntiVirus vendor to "real time" scan
the emails (also files).

If it is not clearly stated in the license agreement that 3rd party
programs to automate the scan process are forbidden then you have a
leg to stand on in court.  The problem is that it is VERY expensive
to go to court.

My advice is talk to the AntiVirus vendors and ask them if it is ok
to use a MailScanner to invoke the command line scanner to reduce
overall operation cost.

It all comes down to what you feel is ethical, moral and just.

ClamAV:
Install it anyway! What would it hurt... it is FREE.  I do
understand your position.  I, you and most of this mailing list
understands that ClamAV is a superior piece of software.  How do you
explain Free software to someone who learned the economic principle
"nothing is free.."?

You cant just say to the customer or boss," You are an uninformed
idiot, let me do my job," without putting your paycheck in jeopardy!


greyhair

JT wrote:
> Hi all,
>
> It has been covered before but no fool-proof answers have been given (and
> is not likely to happen). I've been contacting almost all of the supported
> anti-virus companies and asked them if i could use their command line
> version to scan mail.  I didn't mention mailscanner.  The overall answer
> was no you can't, you need the virusscanner for mailservers,.....
>
> My statement is:
> Mailscanner is handling the task of fetching the mails, strip off the
> attachment and scan it with an external virusscanner.
>
> An anti-virus package for mailservers is made to do this too.  Fetch the
> mails, strip off the attachment and scan it.
>
> Since Mailscanner is overlapping the functions of the anti-virusscanner for
> mailservers the only thing that needs to be done at the end is to scan a
> plain file!
> Something command-line filescanners are licensed to do!
>
> What is your opinion about this?  Is there someone who has more
> knowledge/experience about this? Any legal advice ?
>
> Thanks in advance
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From tony.johansson at SVENSKAKYRKAN.SE  Mon Aug  2 08:18:51 2004
From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.176.1137101186.24926.mailscanner@lists.mailscanner.info>

Is it possible to also include "<!--  -->" in striphtml?

See below for an example

/Tony



<!-- /* Font Definitions */ @font-face {font-family:"Times New (W1)";
panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:0;
mso-generic-font-family:roman; mso-font-pitch:variable;
mso-font-signature:536902279 -2147483648 8 0 511 0;} /* Style Definitions
*/ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:"";
margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan;
font-size:12.0pt; font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink
{color:blue; text-decoration:underline; text-underline:single;} a:visited,
span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;
text-underline:single;} p {mso-margin-top-alt:auto; margin-right:0in;
mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan;
font-size:12.0pt; font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";} span.EmailStyle17
{mso-style-type:personal-compose; mso-style-noshow:yes;
mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial;
mso-ascii-font-family:Arial; mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial; color:windowtext;} span.GramE
{mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in;
mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;}
-->

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From massctrl at SKYNET.BE  Mon Aug  2 08:33:07 2004
From: massctrl at SKYNET.BE (JT)
Date: Thu Jan 12 21:26:26 2006
Subject: Licenses
Message-ID: <mailman.177.1137101186.24926.mailscanner@lists.mailscanner.info>

Res and Greyhair,

Thanks for the informative answers.

Cheers

Jt

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 08:42:06 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: problem with install.sh on non-RPM system
Message-ID: <mailman.178.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:50 01/08/2004, you wrote:
>I have a working MailScanner installation on a non-RPM-based Linux
>machine. I just attempted to upgrade to 4.32.5 using the install.sh
>script, but I ran into some problems.

In which case use the non-RPM-based distribution of MailScanner.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 08:45:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: Getting perl error after installing mailscanner-4.32.5-1 from
    RPMs
Message-ID: <mailman.179.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 04:00 02/08/2004, you wrote:
>I was running mailscanner 4.26 and have just finished installing the 4.32.5
>from the redhat RPMs (using the install.sh script).
>
>When trying to start mailscanner I get the following:
>
>service MailScanner start
>Starting MailScanner daemons:
>          incoming sendmail:                                [  OK  ]
>          outgoing sendmail:                                [  OK  ]
>          MailScanner:       Global symbol "$FIELD_NAME" requires explicit
>package name at /usr/lib/MailScanner/MailScanner/Message.pm line 4016.
>Global symbol "$FIELD_NAME" requires explicit package name at
>/usr/lib/MailScanner/MailScanner/Message.pm line 4019.
>Compilation failed in require at /usr/sbin/MailScanner line 52.
>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
>                                                            [  OK  ]

What version of MailTools do you have installed?
rpm -q perl-MailTools
perl -MMail::Header -e 'print $Mail::Header::VERSION;'

You should have version 1.50 installed.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 08:47:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.180.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Why bother? They are comments anyway.

At 08:18 02/08/2004, you wrote:
>Is it possible to also include "<!--  -->" in striphtml?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jrudd at UCSC.EDU  Mon Aug  2 10:20:07 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.181.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I think the reason would be:

If you're wanting to strip HTML, then what you want to be left with is
plain text, basically.  If you still have the comment tags, it's not
really pain text, it's HTML with fewer tags (which is still an HTML
document).  That presents a logical contradiction: message minus html
!= html with fewer tags.

"Strip html" implies that the result should be without tags ... that
would imply to me that comment tags should be included in that "without
tags" part.

On Aug 2, 2004, at 12:47 AM, Julian Field wrote:

> Why bother? They are comments anyway.
>
> At 08:18 02/08/2004, you wrote:
>> Is it possible to also include "<!--  -->" in striphtml?
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mustafa at palnet.com  Mon Aug  2 10:45:14 2004
From: mustafa at palnet.com (Mustafa N. Deeb)
Date: Thu Jan 12 21:26:26 2006
Subject: don't pass through anything
Message-ID: <mailman.182.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2096" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>hi</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>i have a customer who doesn't want to go through 
any kind of filtering </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>which rule applies for that ?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Cheers</FONT></DIV></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From marcel at IRC-ADDICTS.DE  Mon Aug  2 11:18:44 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:26 2006
Subject: Some error, which results in two times receiving of mails
Message-ID: <mailman.183.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi there,

[...]
> |
> |>Hi there,
> |>
> |>currently i am experiencing some trouble with my mails.
> |>
> |>As the Mails got scanned, some mails generate an error.
> |>
> |>The error look like this:
> |>
> |>Jul 30 17:47:08 marcel MailScanner[953]: Failed to link message body
> |>between queues (/var/spool/mqueue/dfi6UFkoRC003363 -->
> /var/spool/mqueue.in/dfi6UFkoRC003363)
> |>
> |>Then the recipient get this mail twice.
> |>
> |>Any idea how to handle this?
> |>
> |>Till now i have not seen any kind of problems within these mails, as all
> |>mails are different sizes or content.
> |>
> |>Would be great, if anyone could help me.
> |
> Have you, per chance, upgraded to sendmail 8.13.0 and not compiled with
> - -DHASFLOCK ?
>
> - -d
>

Sorry, never updated to this Version.
I am still using this one:

Sendmail version 8.12.6, config V10/Berkeley

and i guess, if it would not use flock, it would never work. Or am i wrong
with that?

But it works let´s say about 95% for all incoming mails.
Only sometimes it just does this strange misbehaviour :(

i even tried a file-system check..which said, there are no problems with
my discs :(

any kind of help would be great

Thanks in advance

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BARENDSE.TO  Mon Aug  2 11:34:13 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.184.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have the same problem, when I looked into it it seemed that the mails
that do not get washed completely were created by Outlook 2000 when using
Word 2000 as the mail editor. At the time there was nothing that could be
done about it.

Mails from newer clients did get washed properly. We've learned to live
with it but a solution would be nice :)

On Mon, 2 Aug 2004, John Rudd wrote:

> I think the reason would be:
>
> If you're wanting to strip HTML, then what you want to be left with is
> plain text, basically.  If you still have the comment tags, it's not
> really pain text, it's HTML with fewer tags (which is still an HTML
> document).  That presents a logical contradiction: message minus html
> != html with fewer tags.
>
> "Strip html" implies that the result should be without tags ... that
> would imply to me that comment tags should be included in that "without
> tags" part.
>
> On Aug 2, 2004, at 12:47 AM, Julian Field wrote:
>
>> Why bother? They are comments anyway.
>>
>> At 08:18 02/08/2004, you wrote:
>>> Is it possible to also include "<!--  -->" in striphtml?
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http: //www.mailscanner.biz/maq/     and the archives at
>> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http: //www.mailscanner.biz/maq/     and the archives at
> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From theaney at CABLESPEED.COM  Mon Aug  2 12:03:49 2004
From: theaney at CABLESPEED.COM (Tim Heaney)
Date: Thu Jan 12 21:26:26 2006
Subject: problem with install.sh on non-RPM system
Message-ID: <mailman.185.1137101186.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 08:42:06 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>At 21:50 01/08/2004, you wrote:
>>I have a working MailScanner installation on a non-RPM-based Linux
>>machine. I just attempted to upgrade to 4.32.5 using the install.sh
>>script, but I ran into some problems.
>
>In which case use the non-RPM-based distribution of MailScanner.

I'm pretty sure that's what I did. I downloaded

http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.32.5-1.tar.gz

from the "Version 4.32.5-1 for Solaris / BSD / Other Linux / Other Unix"
link.   Like I said, it had a perl-tar directory and lacked a perl-rpm
directory, though the script was looking for the latter. What am I missing?

Thanks,

Tim

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 12:03:56 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.186.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You should have suggested this earlier, it's easy :-)

-----SNIP-----
--- Message.pm.old      2004-07-27 01:18:25.000000000 +0100
+++ Message.pm  2004-08-02 11:58:51.000000000 +0100
@@ -3796,6 +3796,7 @@
    $htmlparser->{textify}{img} = 'src';

    while (my $token = $htmlparser->get_token()) {
+    next if $token->[0] eq 'C';
      my $text = $htmlparser->get_trimmed_text();
      print $textfh $text . "\n" if $text;
    }
-----SNIP-----
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Mon Aug  2 12:13:45 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.187.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi there,

i just tried to install the latest Version on my SuSE-System.

I downloaded the Version for SuSE and installed it with install.sh

Then i edited the new MailScanner.conf which had the Lock Type again
uncommented, so i said it would be flock.

Then i tried to restart the System..and it did not work properly.

rcpMailScanner stop deleted the pid-file under /var/run.

rcpMailScanner start did not create a new one, so my logfile only
contained errors, which said, that this pid-file cannot be found.

So, after stoping MailScanner i created an empty pid-File (touch
/var/run/MailScanner.pid) and started MailScanner again.

Now it seems to work fine...

at least my testmails containing viruses got found..

Maybe someone should check the pid-file-creation-process?

Greeting

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 12:17:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: problem with install.sh on non-RPM system
Message-ID: <mailman.188.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:03 02/08/2004, you wrote:
>On Mon, 2 Aug 2004 08:42:06 +0100, Julian Field
><mailscanner@ECS.SOTON.AC.UK> wrote:
>
> >At 21:50 01/08/2004, you wrote:
> >>I have a working MailScanner installation on a non-RPM-based Linux
> >>machine. I just attempted to upgrade to 4.32.5 using the install.sh
> >>script, but I ran into some problems.
> >
> >In which case use the non-RPM-based distribution of MailScanner.
>
>I'm pretty sure that's what I did. I downloaded
>
>http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.32.5-1.tar.gz
>
>from the "Version 4.32.5-1 for Solaris / BSD / Other Linux / Other Unix"
>link.   Like I said, it had a perl-tar directory and lacked a perl-rpm
>directory, though the script was looking for the latter. What am I missing?

It probably spotted an RPM-based system, and so complained about trying to
install the non-RPM distro on an RPM system.

Go into install.sh and replace

--SNIP--
if [ -x /bin/rpmbuild ]; then
   RPMBUILD=/bin/rpmbuild
elif [ -x /usr/bin/rpmbuild ]; then
   RPMBUILD=/usr/bin/rpmbuild
elif [ -x /usr/local/bin/rpmbuild ]; then
   RPMBUILD=/usr/local/bin/rpmbuild
elif [ -x /bin/rpm ]; then
   RPMBUILD=/bin/rpm
elif [ -x /usr/bin/rpm ]; then
   RPMBUILD=/usr/bin/rpm
elif [ -x /usr/local/bin/rpm ]; then
   RPMBUILD=/usr/local/bin/rpm
else
--SNIP--

with

--SNIP--
if /bin/true; then
--SNIP--

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From R.A.Gardener at SHU.AC.UK  Mon Aug  2 12:21:07 2004
From: R.A.Gardener at SHU.AC.UK (Ray Gardener)
Date: Thu Jan 12 21:26:26 2006
Subject: Version 4.32.5 - new feature usage
Message-ID: <mailman.189.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi,

I am interested in the feature:

- Per-domain white and blacklisting now supports IP address checks.


can someone advice of the syntax I would use (and the right ruleset)?

Thanks in anticipation,


--
Ray Gardener
CIS
Sheffield Hallam University
Telephone: 0114 225 4926
Email: R.A.Gardener@shu.ac.uk

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 12:23:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.190.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:13 02/08/2004, you wrote:
>I downloaded the Version for SuSE and installed it with install.sh
>
>Then i edited the new MailScanner.conf which had the Lock Type again
>uncommented, so i said it would be flock.
>
>Then i tried to restart the System..and it did not work properly.
>
>rcpMailScanner stop deleted the pid-file under /var/run.
>
>rcpMailScanner start did not create a new one, so my logfile only
>contained errors, which said, that this pid-file cannot be found.

What MTA are you running?
What are your "Run As User" and "Run As Group" set to?

>So, after stoping MailScanner i created an empty pid-File (touch
>/var/run/MailScanner.pid) and started MailScanner again.
>Now it seems to work fine...
>at least my testmails containing viruses got found..
>Maybe someone should check the pid-file-creation-process?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Mon Aug  2 12:53:45 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.191.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi,

> At 12:13 02/08/2004, you wrote:
> >I downloaded the Version for SuSE and installed it with install.sh
> >
> >Then i edited the new MailScanner.conf which had the Lock Type again
> >uncommented, so i said it would be flock.
> >
> >Then i tried to restart the System..and it did not work properly.
> >
> >rcpMailScanner stop deleted the pid-file under /var/run.
> >
> >rcpMailScanner start did not create a new one, so my logfile only
> >contained errors, which said, that this pid-file cannot be found.
>
> What MTA are you running?
> What are your "Run As User" and "Run As Group" set to?
>


MTA is sendmail
Run As User and Run As Group are empty, as stated in the Config-File.

# User to run as (not normally used for sendmail)
etc.

Greeting

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Mon Aug  2 13:24:51 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.192.1137101186.24926.mailscanner@lists.mailscanner.info>



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Marcel Blenkers
> Sent: Monday, August 02, 2004 7:54 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: starting errors on suse with latest Version
>
> Hi,
>
> > At 12:13 02/08/2004, you wrote:
> > >I downloaded the Version for SuSE and installed it with install.sh
> > >
> > >Then i edited the new MailScanner.conf which had the Lock Type again
> > >uncommented, so i said it would be flock.
> > >
> > >Then i tried to restart the System..and it did not work properly.
> > >
> > >rcpMailScanner stop deleted the pid-file under /var/run.
> > >
> > >rcpMailScanner start did not create a new one, so my logfile only
> > >contained errors, which said, that this pid-file cannot be found.
> >
> > What MTA are you running?
> > What are your "Run As User" and "Run As Group" set to?
> >
>
>
> MTA is sendmail
> Run As User and Run As Group are empty, as stated in the Config-File.
>
> # User to run as (not normally used for sendmail)
> etc.
>

I am working on two SuSE installs on SuSE 8.1 (sendmail) and 9+ (Postfix)and
there were four problems that I remember encountering with the MailScanner
init script.

1. The script was installed in /etc/init.d/init.d/MailScanner. I had to move
it to /etc/init.d and remove the then empty directory /etc/init.d/init.d/

2. There were permission problems with the sendmail.pid files. I think
simply removing the existing pid files solved the problem.

3. SuSU uses different function names for the Red Hat "success" function. In
SuSE it's "log_success_msg".

4. The ". /etc/sysconfig/network/" call doesn't work. On SuSE this is a
directory.

I was waiting until Julian returned from his jaunt until I reported there
problems. Guess now is the time.

Attached are the very quick hacks I made to the MailScanner init script just
to get it running. When I have some time I'll try to make it a bit more
universal and elegant. If anyone has already made these corrections, please
let us know.

Thanks,

Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, Application/OCTET-STREAM (Name: "MailScanner.init.SuSE")  ]
    [ 12KB. ]
    [ Unable to print this part. ]


From ugob at CAMO-ROUTE.COM  Mon Aug  2 13:55:34 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:26 2006
Subject: don't pass through anything
Message-ID: <mailman.193.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mustafa N. Deeb wrote:
> hi
>
> i have a customer who doesn't want to go through any kind of filtering
>
> which rule applies for that ?\

I'd day:

Spam Checks
Virus Scanning
Dangerous Content Scanning
Filename Rules
Filetype Rules


Or make him go through a sendmail-only mail server if you have one.

>
> Cheers

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 14:17:42 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.194.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:24 02/08/2004, you wrote:
>I am working on two SuSE installs on SuSE 8.1 (sendmail) and 9+ (Postfix)and
>there were four problems that I remember encountering with the MailScanner
>init script.
>
>1. The script was installed in /etc/init.d/init.d/MailScanner. I had to move
>it to /etc/init.d and remove the then empty directory /etc/init.d/init.d/

I have just checked the latest RPM, and it definitely appears to be in
/etc/init.d/MailScanner.

>2. There were permission problems with the sendmail.pid files. I think
>simply removing the existing pid files solved the problem.

Don't know about this one.

>3. SuSU uses different function names for the Red Hat "success" function. In
>SuSE it's "log_success_msg".

The SuSE init.d script does not call "success" anywhere.

>4. The ". /etc/sysconfig/network/" call doesn't work. On SuSE this is a
>directory.

That's why it's not in the SuSE build. It doesn't ever call it.

Please can you confirm that you are using the SuSE distribution of
MailScanner, and a recent one at that, as the mailscanner*rpm file in there
is very different to the RedHat one.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From brent at MIRABITO.COM  Mon Aug  2 14:32:52 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:26:26 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.195.1137101186.24926.mailscanner@lists.mailscanner.info>

Any difference between this stable and 4.32.4 beta?

Brent Strignano
Sidney, NY

-----Original Message-----
From: MailScanner Announcements
[mailto:MAILSCANNER-ANNOUNCE@JISCMAIL.AC.UK] On Behalf Of Julian Field
Sent: Sunday, August 01, 2004 1:07 PM
To: MAILSCANNER-ANNOUNCE@JISCMAIL.AC.UK
Subject: ANNOUNCE: MailScanner stable 4.32.5 released


-SNIP-

Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Mon Aug  2 14:42:25 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.196.1137101186.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: Monday, August 02, 2004 9:18 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: starting errors on suse with latest Version
>
> At 13:24 02/08/2004, you wrote:
> >I am working on two SuSE installs on SuSE 8.1 (sendmail) and 9+
> (Postfix)and
> >there were four problems that I remember encountering with the
> MailScanner
> >init script.
> >
> >1. The script was installed in /etc/init.d/init.d/MailScanner. I had to
> move
> >it to /etc/init.d and remove the then empty directory /etc/init.d/init.d/
>
> I have just checked the latest RPM, and it definitely appears to be in
> /etc/init.d/MailScanner.
>
> >2. There were permission problems with the sendmail.pid files. I think
> >simply removing the existing pid files solved the problem.
>
> Don't know about this one.
>
> >3. SuSU uses different function names for the Red Hat "success" function.
> In
> >SuSE it's "log_success_msg".
>
> The SuSE init.d script does not call "success" anywhere.
>
> >4. The ". /etc/sysconfig/network/" call doesn't work. On SuSE this is a
> >directory.
>
> That's why it's not in the SuSE build. It doesn't ever call it.
>
> Please can you confirm that you are using the SuSE distribution of
> MailScanner, and a recent one at that, as the mailscanner*rpm file in
> there
> is very different to the RedHat one.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support

Silly mistake. If you use the RH RPM on SuSE by mistake you'll get exactly
the errors I list above.

Sorry for the Bother.

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 14:48:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.197.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:32 02/08/2004, you wrote:
>Any difference between this stable and 4.32.4 beta?

Nothing very major.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From brent at MIRABITO.COM  Mon Aug  2 15:04:38 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:26:26 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.198.1137101186.24926.mailscanner@lists.mailscanner.info>

Thanks.

Brent Strignano

>>Any difference between this stable and 4.32.4 beta?

>Nothing very major.
>--
>Julian Field

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From edu at ICARUS.COM.BR  Mon Aug  2 15:09:45 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:26 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.199.1137101186.24926.mailscanner@lists.mailscanner.info>

Where I found the  mailscanner-4.32.5-1.src.rpm ?

I would like to redo the package of mailscanner because I use a lot of
rules files in my server.

Tnx.

Eduardo

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From spivkid at YAHOO.COM  Mon Aug  2 15:27:20 2004
From: spivkid at YAHOO.COM (spivkid)
Date: Thu Jan 12 21:26:26 2006
Subject: Mail Archiving and Monitoring
Message-ID: <mailman.200.1137101186.24926.mailscanner@lists.mailscanner.info>

So even its just a filename the app is setup to look
for .rules if its going to be a rule?
--- Alex Neuman <alex@NKPANAMA.COM> wrote:

> It's been discussed lately. You probably need to
> name the file
> "archive.rules" and not ".conf" so MailScanner knows
> it's a ruleset. Where
> did you get the idea for using ".conf"?
>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of spivkid
> Sent: Wednesday, July 28, 2004 8:55 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Mail Archiving and Monitoring
>
> Has anyone used Mail Archiving with a rule base?
>
> I have
> Archive Mail = %etc-dir%/archive.rule.conf
>
> archive.rule.conf
> FromorTo: user1@domain.com
> /var/spool/MailScanner/quarantine/user1
>
> And the email just archive to archive.rule.conf and
> it
> archive all users email in this file.
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> -------------------------- MailScanner list
> ----------------------
> To leave, send    leave mailscanner    to
> jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions
> at
> http://www.mailscanner.biz/maq/     and the archives
> at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list
> ----------------------
> To leave, send    leave mailscanner    to
> jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions
> at
> http://www.mailscanner.biz/maq/     and the archives
> at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>




__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Mon Aug  2 15:52:16 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:26 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.201.1137101186.24926.mailscanner@lists.mailscanner.info>

Hi there,

as the others Problems only are due to the wrong Version downloaded (Red
Hat) my little Problem still exists ;)

Got any ideas for that?

Or my Problem with this Link-Errors?

Greetings

Marcel



On Mon, 2 Aug 2004, Stephen Swaney wrote:

> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Julian Field
> > Sent: Monday, August 02, 2004 9:18 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: starting errors on suse with latest Version
> >
> > At 13:24 02/08/2004, you wrote:
> > >I am working on two SuSE installs on SuSE 8.1 (sendmail) and 9+
> > (Postfix)and
> > >there were four problems that I remember encountering with the
> > MailScanner
> > >init script.
> > >
> > >1. The script was installed in /etc/init.d/init.d/MailScanner. I had to
> > move
> > >it to /etc/init.d and remove the then empty directory /etc/init.d/init.d/
> >
> > I have just checked the latest RPM, and it definitely appears to be in
> > /etc/init.d/MailScanner.
> >
> > >2. There were permission problems with the sendmail.pid files. I think
> > >simply removing the existing pid files solved the problem.
> >
> > Don't know about this one.
> >
> > >3. SuSU uses different function names for the Red Hat "success" function.
> > In
> > >SuSE it's "log_success_msg".
> >
> > The SuSE init.d script does not call "success" anywhere.
> >
> > >4. The ". /etc/sysconfig/network/" call doesn't work. On SuSE this is a
> > >directory.
> >
> > That's why it's not in the SuSE build. It doesn't ever call it.
> >
> > Please can you confirm that you are using the SuSE distribution of
> > MailScanner, and a recent one at that, as the mailscanner*rpm file in
> > there
> > is very different to the RedHat one.
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
>
> Silly mistake. If you use the RH RPM on SuSE by mistake you'll get exactly
> the errors I list above.
>
> Sorry for the Bother.
>
> Stephen Swaney
> President
> Fortress Systems Ltd.
> Steve.Swaney@FSL.com
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BARENDSE.TO  Mon Aug  2 15:56:18 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.202.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Cool, will try that tonight.

Will this make it into the production releases of MailScanner?

Thx!!
Remco

On Mon, 2 Aug 2004, Julian Field wrote:

> You should have suggested this earlier, it's easy :-)
>
> -----SNIP-----
> --- Message.pm.old      2004-07-27 01:18:25.000000000 +0100
> +++ Message.pm  2004-08-02 11:58:51.000000000 +0100
> @@ -3796,6 +3796,7 @@
> $htmlparser->{textify}{img} = 'src';
>
>   while (my $token = $htmlparser->get_token()) {
> +    next if $token->[0] eq 'C';
> my $text = $htmlparser->get_trimmed_text();
> print $textfh $text . "\n" if $text;
>   }
> -----SNIP-----
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http: //www.mailscanner.biz/maq/     and the archives at
> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 16:04:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.203.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html>
<body>
At 15:09 02/08/2004, you wrote:<br>
<blockquote type=cite class=cite cite="">Where I found the&nbsp;
mailscanner-4.32.5-1.src.rpm ?</blockquote><br>
On the downloads page, where it says<br>
<a href="http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm">Linux
SRPM ^Ö don't install from
this</a><a href="http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm">!</a></body>
<br>
<div>-- </div>
<div>Julian Field</div>
<div><a href="http://www.mailscanner.info/" EUDORA=AUTOURL>www.MailScanner.info</a></div>
<div>MailScanner thanks transtec Computers for their support</div>
<br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 16:04:42 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:26 2006
Subject: HTML strip <!--
Message-ID: <mailman.204.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:56 02/08/2004, you wrote:
>Cool, will try that tonight.
>
>Will this make it into the production releases of MailScanner?

Sure will. Just let me know that it works okay for you first.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From shrek-m at GMX.DE  Mon Aug  2 16:14:35 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:26:27 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.205.1137101186.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 15:09 02/08/2004, you wrote:
>
>> Where I found the mailscanner-4.32.5-1.src.rpm ?
>
> On the downloads page, where it says
> Linux SRPM ^Ö don't install from this 
> <http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>! 
> <http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>



  FYI

----


  Not Found

The requested URL /mailscanner/files/4/mailscanner-4.32.5-1.src.rpm was 
not found on this server.

------------------------------------------------------------------------
Apache/1.3.27 Server at www.sng.ecs.soton.ac.uk Port 80
----


-- 
shrek-m

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From slwatts at WINCKWORTHS.CO.UK  Mon Aug  2 16:25:17 2004
From: slwatts at WINCKWORTHS.CO.UK (Sam Luxford-Watts)
Date: Thu Jan 12 21:26:27 2006
Subject: starting errors on suse with latest Version
Message-ID: <mailman.206.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-html>

<br><font size=2 face="sans-serif">I have the problem where '/etc/init.d/Mailscanner
start' reports both postfix processes as failed and Mailscanner as nothing.
The processes are started correctly.</font>
<br>
<br><font size=2 face="sans-serif">I installed the beta version of &nbsp;the
Suse rpm package and cannot find any of problems as described below - although
I have not checked the PID issue.</font>
<br>
<br><font size=2 face="sans-serif">Sam</font>
<br>
<br><font size=2><tt>Julian Field &lt;mailscanner@ECS.SOTON.AC.UK&gt; wrote
on 02/08/2004 14:17:42:<br>
<br>
&gt; At 13:24 02/08/2004, you wrote:</tt></font>
<br><font size=2><tt>&gt; &gt;I am working on two SuSE installs on SuSE
8.1 (sendmail) and 9+ (Postfix)and</tt></font>
<br><font size=2><tt>&gt; &gt;there were four problems that I remember
encountering with the MailScanner</tt></font>
<br><font size=2><tt>&gt; &gt;init script.</tt></font>
<br><font size=2><tt>&gt; &gt;</tt></font>
<br><font size=2><tt>&gt; &gt;1. The script was installed in /etc/init.d/init.d/MailScanner.
I had to move</tt></font>
<br><font size=2><tt>&gt; &gt;it to /etc/init.d and remove the then empty
directory /etc/init.d/init.d/</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; I have just checked the latest RPM, and it definitely appears to be
in</tt></font>
<br><font size=2><tt>&gt; /etc/init.d/MailScanner.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; &gt;2. There were permission problems with the sendmail.pid files.
I think</tt></font>
<br><font size=2><tt>&gt; &gt;simply removing the existing pid files solved
the problem.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; Don't know about this one.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; &gt;3. SuSU uses different function names for the Red Hat &quot;success&quot;
function. In</tt></font>
<br><font size=2><tt>&gt; &gt;SuSE it's &quot;log_success_msg&quot;.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; The SuSE init.d script does not call &quot;success&quot; anywhere.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; &gt;4. The &quot;. /etc/sysconfig/network/&quot; call doesn't work.
On SuSE this is a</tt></font>
<br><font size=2><tt>&gt; &gt;directory.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; That's why it's not in the SuSE build. It doesn't ever call it.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; Please can you confirm that you are using the SuSE distribution of</tt></font>
<br><font size=2><tt>&gt; MailScanner, and a recent one at that, as the
mailscanner*rpm file in there</tt></font>
<br><font size=2><tt>&gt; is very different to the RedHat one.</tt></font>
<br><font size=2><tt>&gt; --</tt></font>
<br><font size=2><tt>&gt; Julian Field</tt></font>
<br><font size=2><tt>&gt; www.MailScanner.info</tt></font>
<br><font size=2><tt>&gt; MailScanner thanks transtec Computers for their
support</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; -------------------------- MailScanner list ----------------------</tt></font>
<br><font size=2><tt>&gt; To leave, send &nbsp; &nbsp;leave mailscanner
&nbsp; &nbsp;to jiscmail@jiscmail.ac.uk</tt></font>
<br><font size=2><tt>&gt; Before posting, please see the Most Asked Questions
at</tt></font>
<br><font size=2><tt>&gt; http://www.mailscanner.biz/maq/ &nbsp; &nbsp;
and the archives at</tt></font>
<br><font size=2><tt>&gt; http://www.jiscmail.ac.uk/lists/mailscanner.html</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; --------------</tt></font>
<br><font size=2><tt>&gt; Winckworth Sherwood Solicitors and Parliamentary
Agents </tt></font>
<br><font size=2><tt>&gt; DX 148400 WESTMINSTER 5 : 35 Great Peter Street,
London SW1P 3LR</tt></font>
<br><font size=2><tt>&gt; Telephone 020 7593 5000 Fax 020 7593 5099</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; -Confidentiality- </tt></font>
<br><font size=2><tt>&gt; This email message and any attachments are confidential;
they may be<br>
&gt; subject to legal professional privilege and are intended for the <br>
&gt; named recipient only. If you are not the named recipient, please <br>
&gt; return the message and enclosures immediately and delete them from
<br>
&gt; your system.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; -Caution- </tt></font>
<br><font size=2><tt>&gt; Before advice received only by email (whether
by attachment or <br>
&gt; otherwise) may be relied on, the authenticity of the communication
<br>
&gt; must be verified by means independent of email.</tt></font>
<br><font size=2><tt>&gt; <br>
&gt; -Regulation- </tt></font>
<br><font size=2><tt>&gt; The firm is regulated by the Law Society. </tt></font>
<br><font size=2><tt>&gt; <br>
&gt; -Partners- </tt></font>
<br><font size=2><tt>&gt; A list of partners is available for inspection
at each office of the<br>
&gt; firm and on the firm's website at http://www.winckworths.co.uk</tt></font>
<br><font size=2><tt>&gt; &nbsp;</tt></font><font COLOR="#0000ff"><b>
<p>Winckworth Sherwood</b></font> <font FACE="Verdana" SIZE="2">Solicitors and
Parliamentary Agents
<br />DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR
Telephone 020 7593 5000 Fax 020 7593 5099
</font></p>
<p><b>Confidentiality</b>
<br />This email message and any attachments are confidential; they may be subject
to legal professional privilege and are intended for the named recipient only.
If you are not the named recipient, please return the message and enclosures
immediately and delete them from your system.</p>
<b>
<p>Caution</b>
<br />Before advice received only by email (whether by attachment or otherwise) may
be relied on, the authenticity of the communication must be verified by means
independent of email.
<b>
<p>Regulation</b>
<br />The firm is regulated by the Law Society. </p>
<p><b>Partners</b>
<br />A list of partners is available for inspection at each office of the firm and
on the firm's website at</font>
<a HREF="http://www.winckworths.co.uk">www.winckworths.co.uk</a></p>
</font>


-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From SmartD at VMCMAIL.COM  Mon Aug  2 16:46:57 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:27 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.207.1137101187.24926.mailscanner@lists.mailscanner.info>

PMJI:
The negative of greylisting is that some "legit" mail servers may give up
after one attempt.  These will need to be whitelisted to bypass greylisting.


Also, there is a long discussion on DCC list on functionality, and it
appears that an initial denial of 1 - 3 minute(s) is sufficient to stop most
Spam senders, who send once then forget.  Most users would not see this
delay.  Whitelisting will still be an issue for broken sites.

Greylisting needs to run at the mail MTA, so that messages get blocked
*before* they are accepted by your mail MTA.  That's the whole idea... Block
messages once before accepting them the second time.

Each message records a tuple in DCC:  The sender, recipient, and IP address
of sending MTA.  After being saved the first time, every time this recorded
tuple is seen, the message gets delivered immediately. The tuples have a
time-to-live, and will expire off the DCC server eventually.

<<Dan>>




>  -----Original Message-----
>  From: MailScanner mailing list
>  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matthew Henkler
>  Sent: Saturday, July 31, 2004 10:03 PM
>  To: MAILSCANNER@JISCMAIL.AC.UK
>  Subject: Re: [MAILSCANNER] dccifd / greylisting problems
>
>  On Sat, 31 Jul 2004, John Rudd wrote:
>
>  > But I think it's more of a sendmail milter type thing than a
>  > mailscanner thing.  By the time mailscanner sees the
>  message, it's too
>  > late to reject it for the sender to try again later.
>
>  Yes, that seems likely now that I think about it.  The way I
>  have it set up at least, it is  most likely too late for
>  MailScanner to do anything about.  Guess I'll have to play
>  around with it at the MTA level.
>
>  Good explanation of greylisting for everyone though, thanks!
>
>  matt
>
>  -------------------------- MailScanner list ----------------------
>  To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>  Before posting, please see the Most Asked Questions at
>  http://www.mailscanner.biz/maq/     and the archives at
>  http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Mon Aug  2 16:49:28 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:27 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.208.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi!

> Where I found the  mailscanner-4.32.5-1.src.rpm ?
>
> I would like to redo the package of mailscanner because I use a lot of
> rules files in my server.

That would be no problem ? Those will not be overwritten anyway ?

Bye,
Raymond

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BARENDSE.TO  Mon Aug  2 18:03:23 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:27 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.209.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Oops!

Could there be an error in the MailScanner.conf update script? It removed
all my MCP stuff! Maybe it should check if the line contains mcp and if so
don't touch it?

Cheers!

[root@linuxgw MailScanner]# upgrade_MailScanner_conf MailScanner.conf
MailScanner.conf.rpmnew > MailScanner.new
Added new: Find Archives By Content = yes
Added new: Dangerous Content Scanning = yes
Added new: Allow WebBugs = disarm
Added new: Quarantine Silent Viruses = yes
Added new: Spam List Timeouts History = 10
Added new: Ignore Spam Whitelist If Recipients Exceed = 20
Added new: SpamAssassin Timeouts History = 30
Added new: Spam Score Number Format = %d
Added new: Run In Foreground = no
Removed old: Recipient MCP Report =
%report-dir%/en/recipient.mcp.report.txt
Removed old: Include Scores In MCP Report = yes
Removed old: Is Definitely MCP = no
Removed old: MCP High SpamAssassin Score = 10
Removed old: MCP Header = X-MailScanner-MCPCheck:
Removed old: Is Definitely Not MCP = %rules-dir%/mcp.check.rules
Removed old: Always Include MCP Report = yes
Removed old: MCP Max SpamAssassin Size = 100000
Removed old: Non MCP Actions = deliver
Removed old: MCP Required SpamAssassin Score = 1
Removed old: MCP SpamAssassin Timeout = 10
Removed old: MCP Actions = delete
Removed old: MCP SpamAssassin Prefs File =
%mcp-dir%/mcp.spam.assassin.prefs.conf
Removed old: MCP SpamAssassin Install Prefix = %mcp-dir%
Removed old: MCP SpamAssassin Default Rules Dir = %mcp-dir%
Removed old: Detailed MCP Report = yes
Removed old: MCP Error Score = 1
Removed old: Definite MCP Is High Scoring = no
Removed old: Log MCP = yes
Removed old: MCP Checks = yes
Removed old: Sender MCP Report = %report-dir%/en/sender.mcp.report.txt
Removed old: MCP SpamAssassin Local Rules Dir = %mcp-dir%
Removed old: High Scoring MCP Actions = delete
Removed old: MCP SpamAssassin User State Dir =
Removed old: MCP Max SpamAssassin Timeouts = 20



On Sun, 1 Aug 2004, Julian Field wrote:

> Afternoon all! (Or is it morning or evening right now? Who knows?)
>
> I have just released the latest stable version of MailScanner, 4.32.5.
> The major changes for this release are
> - Can now run in foreground to help people using daemon monitoring systems.
> - Upgrade to latest version of Archive::Zip which fixes some problems with
> corrupt zip files.
> - The Spam Score number can now be formatted using printf() formatting
> specifications.
> - Added command-line check to make MailScanner print all its module version
> numbers, this should be used in all problem reports to the
> MailScanner@jiscmail.ac.uk mailing list. Run it as
>       /usr/sbin/MailScanner -v
> or
> /opt/MailScanner/bin/MailScanner -v
>
> The full ChangeLog is at the bottom of this message.
>
> Please download it, as usual, from www.mailscanner.info.
> Any problems, please shout loud and soon :-)
>
> * New Features and Improvements *
>
> - Per-domain white and blacklisting now supports IP address checks.
> - Disarmed web bugs now tell you where they came from.
> - New "Run In Foreground" option which will be useful if you are trying to
> use another tool to monitor MailScanner's health and restart it auto-
> matically if it dies for some reason.
> - New "--perl=" switch for install.sh on non-RPM systems.
> - Added extra strings to languages.conf to support new feature of reporting
>  the fault with a message in the subject line of the postmaster report.
> - CheckModuleVersion now supports the "-v" command-line option, to make its
>  output more verbose.
> - Upgraded Archive::Zip to 1.12.
> - Added *.job to the list of banned filenames.
> - New "Spam Score Number Format" option to allow numeric formatting of the
>  number that is substituted for _SCORE_ in the spam score outputting.
> - Added "--version" (or "-v" or anything that looks roughly like "-v").
> This will make MailScanner print the version number of all the modules
> that MailScanner uses, along with its own version number.
> - Improved MailScanner.conf settings to explicitly say that "Virus Scanners"
>  cannot be a ruleset.
> - Improvement to installer for non-RPM systems to catch broken MakeMaker on
>  some Solaris systems.
> - Updated OpenBSD manual installation instructions.
> - Added $MailScanner::Config::ConfFile so that Custom Functions can find the
>  configuration directory easily.
> - Updated Spanish translations.
>
> * Fixes *
>
> - Postfix file corruption problem remaining on a few systems, now fixed.
>  It was a Perl bug.
> - tar distribution check_mailscanner.cron file now calls check_mailscanner
>  and not check_MailScanner.
> - Comments output in upgrade_MailScanner_conf made more consistent.
> - Moved "Spam List" so it matches the first rule, not all rules. This enables
> you to apply rules for entire domains and exceptions for certain addresses
> within those domains.
> - Improved zip of death detection.
> - Changed web bug disarming so alt text is only provided if there is a 'src'.
> - Fixed bug where autolearn status was reported incorrectly with
> SpamAssassin 2.
> - Fixed bug causing symptom of missing identically-named nested zip files.
> - Fixed bug in ZMailer.pm from Mariano.
> - Fixed bug involving '+' characters in address patterns in config compiler.
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Aug  2 18:10:31 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:27 2006
Subject: HTML strip <!--
Message-ID: <mailman.210.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Without a doubt I am doing someting wrong (its the second time ever I am
using the patch command) but I am getting this error:

[root@linuxgw MailScanner]# patch -p0 < patch
patching file Message.pm
patch: **** malformed patch at line 4: $htmlparser->{textify}{img} =
'src';

I have upgraded to the latest stable just before (4.32.5)

All the text between the snips I copied to a new file with vi called patch
and put that in the /usr/lib/MailScanner/MailScanner dir

Tried to execute from there.

Where did I screw up? :)



On Mon, 2 Aug 2004, Julian Field wrote:

> You should have suggested this earlier, it's easy :-)
>
> -----SNIP-----
> --- Message.pm.old      2004-07-27 01:18:25.000000000 +0100
> +++ Message.pm  2004-08-02 11:58:51.000000000 +0100
> @@ -3796,6 +3796,7 @@
> $htmlparser->{textify}{img} = 'src';
>
>   while (my $token = $htmlparser->get_token()) {
> +    next if $token->[0] eq 'C';
> my $text = $htmlparser->get_trimmed_text();
> print $textfh $text . "\n" if $text;
>   }
> -----SNIP-----
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http: //www.mailscanner.biz/maq/     and the archives at
> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From edu at ICARUS.COM.BR  Mon Aug  2 18:12:09 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:27 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.211.1137101187.24926.mailscanner@lists.mailscanner.info>

Tnx Julian, but the link is broken.


> At 15:09 02/08/2004, you wrote:
>>Where I found the  mailscanner-4.32.5-1.src.rpm ?
>
> On the downloads page, where it says
> <http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>Linux
> SRPM ^Ö don't install from
> this<http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>!
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 18:26:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.212.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:03 02/08/2004, you wrote:
>Oops!
>
>Could there be an error in the MailScanner.conf update script? It removed
>all my MCP stuff! Maybe it should check if the line contains mcp and if so
>don't touch it?

The MCP stuff isn't in the default conf file, so it takes it out. Skipping
any line containing mcp might be a nice quick solution to the problem. It's
more "unintended behaviour" rather than being an actual "bug".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 18:28:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: HTML strip <!--
Message-ID: <mailman.213.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:10 02/08/2004, you wrote:
>Without a doubt I am doing someting wrong (its the second time ever I am
>using the patch command) but I am getting this error:
>
>[root@linuxgw MailScanner]# patch -p0 < patch
>patching file Message.pm
>patch: **** malformed patch at line 4: $htmlparser->{textify}{img} =
>'src';
>
>I have upgraded to the latest stable just before (4.32.5)
>
>All the text between the snips I copied to a new file with vi called patch
>and put that in the /usr/lib/MailScanner/MailScanner dir
>
>Tried to execute from there.
>
>Where did I screw up? :)

That should have worked. Oh well, it's only a 1 line change so you can
trivially do it by hand :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 18:29:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.214.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sorry!
Fixed now.

At 18:12 02/08/2004, you wrote:
>Tnx Julian, but the link is broken.
>
> > At 15:09 02/08/2004, you wrote:
> >>Where I found the  mailscanner-4.32.5-1.src.rpm ?
> >
> > On the downloads page, where it says
> > 
> <http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>Linux
> > SRPM ­ don't install from
> > 
> this<http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>!

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From edu at ICARUS.COM.BR  Mon Aug  2 18:35:28 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:27 2006
Subject: Source RPM 0f  stable 4.32.5
Message-ID: <mailman.215.1137101187.24926.mailscanner@lists.mailscanner.info>

Tnx.

Ed

> Sorry!
> Fixed now.
>
> At 18:12 02/08/2004, you wrote:
>>Tnx Julian, but the link is broken.
>>
>> > At 15:09 02/08/2004, you wrote:
>> >>Where I found the  mailscanner-4.32.5-1.src.rpm ?
>> >
>> > On the downloads page, where it says
>> >
>> <http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>Linux
>> > SRPM ­ don't install from
>> >
>> this<http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/mailscanner-4.32.5-1.src.rpm>!
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From peter at UCGBOOK.COM  Mon Aug  2 19:17:44 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.216.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just tested the new version info and got scared when it showed my Perl
version as 5.008. I looked in the code and in my Perl book and saw that
"$]" is used. Wouldn't "$^V" be nicer?

$ perl -e 'print "$]\n"'
5.008003
$ perl -e 'printf "%vd\n",$^V'
5.8.3

Maybe Net::DNS could be added as an optional module also?

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.31.6,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 19:51:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.217.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:17 02/08/2004, you wrote:
>Just tested the new version info and got scared when it showed my Perl
>version as 5.008. I looked in the code and in my Perl book and saw that
>"$]" is used. Wouldn't "$^V" be nicer?

Much nicer, yes. Sorry about that.

>$ perl -e 'print "$]\n"'
>5.008003
>$ perl -e 'printf "%vd\n",$^V'
>5.8.3
>
>Maybe Net::DNS could be added as an optional module also?

Also done.

These will be in the next release.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at lists.com.ar  Mon Aug  2 19:59:27 2004
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Thu Jan 12 21:26:27 2006
Subject: CustomFunctions Params
Message-ID: <mailman.218.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi, I've sent the ConfFile patch, but I couldn't finish
this patch on time.

Long ago, I have been thinking about having CustomFunctions
whith parameters, so you could have some kind of
configuration in MailScanner.conf
Having the configuration outside the custom functions would
be a good idea.

So I wrote this little patch ("only" touched Config.pm).

With it, you can write something like:

  Spam Checks=&Function_X("param1","path_to_conf.conf")


All the parameters will be passed only one time to the
"InitFunction_X" and "EndFunction_X", so it will be
relatively inexpensive in cpu usage.
Function_X will be called as usual.
If you use &Function_X without params, it will behave
normally.


Saludos

Leonardo Helman
Pert Consultores
Argentina


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, Text/PLAIN  135 lines. ]
    [ Unable to print this part. ]


From el.baby at GMAIL.COM  Mon Aug  2 20:44:59 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.219.1137101187.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 18:26:53 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 18:03 02/08/2004, you wrote:
> >Oops!
> >
> >Could there be an error in the MailScanner.conf update script? It removed
> >all my MCP stuff! Maybe it should check if the line contains mcp and if so
> >don't touch it?
>
> The MCP stuff isn't in the default conf file, so it takes it out. Skipping
> any line containing mcp might be a nice quick solution to the problem. It's
> more "unintended behaviour" rather than being an actual "bug".
>
Well... maybe it IS time to finally add basic MCP configuration and
comments to the main MailScanner.conf file... I never used it, but
there seems to be quite some people using it out there, and the idea
is simple... maybe a couple of 'gross' MCP-SA rules with pointers to
places where to learn how to write SA rules...

Just my 2p

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  2 20:46:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: CustomFunctions Params
Message-ID: <mailman.220.1137101187.24926.mailscanner@lists.mailscanner.info>

Thankyou for writing this, I have been trying to get around to doing it for
months, and never quite remember it when I have the time to do it!

Your patch looks mostly okay. I have tied the regexps to ^ when extracting
the parameters (in the bit of code that is used several times). You have
one bug in your code that I can immediately see, in this bit:
@@ -787,10 +795,11 @@
    foreach $custom (values %CustomFunctions) {
      next unless $custom;
      MailScanner::Log::InfoLog("Config: calling custom end function %s",
-                              $custom);
-    $fn = 'MailScanner::CustomConfig::End' . $custom;
+                              $custom . $CustomFunctionsParams{$custom});
+    $fn = 'MailScanner::CustomConfig::End' . $custom .
+          $CustomFunctionsParams{$custom};
      no strict 'refs';
-    &$fn();
+    eval( $fn );
      use strict 'refs';
    }
  }
In the middle of this, you have used $custom (which is a "value") as they
key into CustomFunctionsParams when calling the End function. You should
have used a "key" and not a "value", so the right parameters are passed to
the End function.

Otherwise it looks great. It will all appear in the next release.
Revised patch is attached.

Many thanks.


At 19:59 02/08/2004, you wrote:
>Hi, I've sent the ConfFile patch, but I couldn't finish
>this patch on time.
>
>Long ago, I have been thinking about having CustomFunctions
>whith parameters, so you could have some kind of
>configuration in MailScanner.conf
>Having the configuration outside the custom functions would
>be a good idea.
>
>So I wrote this little patch ("only" touched Config.pm).
>
>With it, you can write something like:
>
>   Spam Checks=&Function_X("param1","path_to_conf.conf")
>
>
>All the parameters will be passed only one time to the
>"InitFunction_X" and "EndFunction_X", so it will be
>relatively inexpensive in cpu usage.
>Function_X will be called as usual.
>If you use &Function_X without params, it will behave
>normally.
>
>
>Saludos
>
>Leonardo Helman
>Pert Consultores
>Argentina
>
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/    and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, Application/OCTET-STREAM (Name: "Config.pm.patch")  6.7KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
From mailscanner at ecs.soton.ac.uk  Mon Aug  2 20:51:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.221.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:44 02/08/2004, you wrote:
>Well... maybe it IS time to finally add basic MCP configuration and
>comments to the main MailScanner.conf file...

Guess you're right there. I'll change it for the next release.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From el.baby at GMAIL.COM  Mon Aug  2 20:52:00 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.222.1137101187.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 19:51:44 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 19:17 02/08/2004, you wrote:
> >Just tested the new version info and got scared when it showed my Perl
> >version as 5.008. I looked in the code and in my Perl book and saw that
> >"$]" is used. Wouldn't "$^V" be nicer?
>
> Much nicer, yes. Sorry about that.
Mmmhhh what is the minimum perl version required for MailScanner?

IIRC, the 'nice' format is NOT available in Perl versions pre-5.6.0...

>
> >$ perl -e 'print "$]\n"'
> >5.008003
> >$ perl -e 'printf "%vd\n",$^V'
> >5.8.3
> >
> >Maybe Net::DNS could be added as an optional module also?
>
> Also done.
>
> These will be in the next release.


--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From jfaubion at COMCAST.NET  Mon Aug  2 23:52:21 2004
From: jfaubion at COMCAST.NET (John Faubion)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.223.1137101187.24926.mailscanner@lists.mailscanner.info>

> IIRC, the 'nice' format is NOT available in Perl versions pre-5.6.0...

MS is running here on 5.6.0. I haven't upgraded this system as I have
software that still requires 5.6.0. Yes, 5.6.1 breaks it. The system will be
decommissioned shortly when the the new version is ready.

John Faubion

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From wavedatacom at GMAIL.COM  Tue Aug  3 00:16:42 2004
From: wavedatacom at GMAIL.COM (Chris Cook)
Date: Thu Jan 12 21:26:27 2006
Subject: Getting perl error after installing mailscanner-4.32.5-1 from
    RPMs
Message-ID: <mailman.224.1137101187.24926.mailscanner@lists.mailscanner.info>

Yeah, I have version 1.50:
[root@development root]# rpm -q perl-MailTool
perl-MailTools-1.50-1

[root@development root]# perl -MMail::Header -e 'print $Mail::Header::VERSION;'
1.50

Any other ideas?

Thank You,
   Chris

On Mon, 2 Aug 2004 08:45:47 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 04:00 02/08/2004, you wrote:
> >I was running mailscanner 4.26 and have just finished installing the 4.32.5
> >from the redhat RPMs (using the install.sh script).
> >
> >When trying to start mailscanner I get the following:
> >
> >service MailScanner start
> >Starting MailScanner daemons:
> >          incoming sendmail:                                [  OK  ]
> >          outgoing sendmail:                                [  OK  ]
> >          MailScanner:       Global symbol "$FIELD_NAME" requires explicit
> >package name at /usr/lib/MailScanner/MailScanner/Message.pm line 4016.
> >Global symbol "$FIELD_NAME" requires explicit package name at
> >/usr/lib/MailScanner/MailScanner/Message.pm line 4019.
> >Compilation failed in require at /usr/sbin/MailScanner line 52.
> >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
> >                                                            [  OK  ]
>
> What version of MailTools do you have installed?
> rpm -q perl-MailTools
> perl -MMail::Header -e 'print $Mail::Header::VERSION;'
>
> You should have version 1.50 installed.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Tue Aug  3 00:34:05 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.225.1137101187.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 17:52:21 -0500, John Faubion <jfaubion@comcast.net> wrote:
> > IIRC, the 'nice' format is NOT available in Perl versions pre-5.6.0...
>
> MS is running here on 5.6.0. I haven't upgraded this system as I have
> software that still requires 5.6.0. Yes, 5.6.1 breaks it. The system will be
> decommissioned shortly when the the new version is ready.
>
In 5.6.0 it should work OK... the problem is with previous versions...

bin/MailScanner says:
require 5.005;

so it seems to support older perls 5.005* (that would be perl 5.5 in
the 'new' format, but perl 5.5 doesn't know that) :-)

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dsimmons at AFFANT.COM  Tue Aug  3 01:14:19 2004
From: dsimmons at AFFANT.COM (David Simmons)
Date: Thu Jan 12 21:26:27 2006
Subject: One disclaimer only please
Message-ID: <mailman.226.1137101187.24926.mailscanner@lists.mailscanner.info>

We have a disclaimer that is attached to all outgoing email.  Is it
possible for the system to attach the disclaimer one time, so on an
email replied to and fro won't have multiple disclaimers skulking about
the bottom of the email?  

Also, is it possible to somehow attach a .gif to the disclaimer, for
say, a company logo?  Or would we have to convert the image to HTML?

I searched the archives, but didn't find an answer to my questions.

Thank you for your time!

Dave Simmons


         

           

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug  3 01:18:23 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.227.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jose Julian Buda wrote:
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

What was that supposed to be?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From webalizer at nwcweb.com  Tue Aug  3 01:33:36 2004
From: webalizer at nwcweb.com (David J. Duffner - NWCWEB.com)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.228.1137101187.24926.mailscanner@lists.mailscanner.info>

>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
>Sent: Monday, August 02, 2004 8:18 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Fetishes
>
>
>Jose Julian Buda wrote:
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>What was that supposed to be?

        My system smelled a virus trying to spawn itself
and ate the sucker.  Not really sure how/why this popped
on the List successuflly, but there you have it.


--
Message scanned by MailScanner, and is believed to be clean.
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From david.hooton at GMAIL.COM  Tue Aug  3 01:35:07 2004
From: david.hooton at GMAIL.COM (David Hooton)
Date: Thu Jan 12 21:26:27 2006
Subject: One disclaimer only please
Message-ID: <mailman.229.1137101187.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 17:14:19 -0700, David Simmons <dsimmons@affant.com> wrote:
> We have a disclaimer that is attached to all outgoing email.  Is it
> possible for the system to attach the disclaimer one time, so on an
> email replied to and fro won't have multiple disclaimers skulking about
> the bottom of the email?

Hi David,

This has been discussed a few times, it was apparently found to be
much more complicated than it would appear on face value.  I know we'd
also appreciate this to be changed, perhaps if it's such a major task
a few of us should either donate code or money to cover the
development?

> Also, is it possible to somehow attach a .gif to the disclaimer, for
> say, a company logo?  Or would we have to convert the image to HTML?

As with any HTML you can use an <img src=...  and link to an image on
your webserver.
--
Regards,

David Hooton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug  3 02:06:21 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:27 2006
Subject: One disclaimer only please
Message-ID: <mailman.230.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Hooton wrote:

> On Mon, 2 Aug 2004 17:14:19 -0700, David Simmons <dsimmons@affant.com> wrote:
>
>>We have a disclaimer that is attached to all outgoing email.  Is it
>>possible for the system to attach the disclaimer one time, so on an
>>email replied to and fro won't have multiple disclaimers skulking about
>>the bottom of the email?
>
>
> Hi David,
>
> This has been discussed a few times, it was apparently found to be
> much more complicated than it would appear on face value.  I know we'd
> also appreciate this to be changed, perhaps if it's such a major task
> a few of us should either donate code or money to cover the
> development?
>
>
>>Also, is it possible to somehow attach a .gif to the disclaimer, for
>>say, a company logo?  Or would we have to convert the image to HTML?
>
>
> As with any HTML you can use an <img src=...  and link to an image on
> your webserver.

This is not recommended, however.

> --
> Regards,
>
> David Hooton
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From bg.mahesh at INDIAINFO.COM  Tue Aug  3 06:42:26 2004
From: bg.mahesh at INDIAINFO.COM (BG Mahesh)
Date: Thu Jan 12 21:26:27 2006
Subject: ANNOUNCE: MailScanner stable 4.32.5 released
Message-ID: <mailman.231.1137101187.24926.mailscanner@lists.mailscanner.info>

> At 20:44 02/08/2004, you wrote:
> >Well... maybe it IS time to finally add basic MCP configuration and
> >comments to the main MailScanner.conf file...
>
> Guess you're right there. I'll change it for the next release.
>

It would be very useful to include the MS version number in MailScanner.conf file also. I do see /etc/MailScanner/MailScanner.conf.rpmnew but it has an old date. If the version number was included in the file it would be very easy to figure out which installation generated this file


--
B.G. Mahesh
bg.mahesh@indiainfo.com
http://www.indiainfo.com/

--
______________________________________________
IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com
Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes!

Powered by Outblaze

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From bg.mahesh at INDIAINFO.COM  Tue Aug  3 06:46:48 2004
From: bg.mahesh at INDIAINFO.COM (BG Mahesh)
Date: Thu Jan 12 21:26:27 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.232.1137101187.24926.mailscanner@lists.mailscanner.info>

hi

I installed MS 4.32.5-1 yesterday. It uses clamav-0.75.1 and SA 2.63. After upgrading to 4.32.5-1 many infected emails are not being deleted. When I download my email Norton Anti Virus 2004 is deleting those emails

The viruses that are not being detected are,

W32.Netsky.Z@mm
W32.Beagle.X@mm
W32.Mydoom.M@mm
W32.Netsky.AB@mm

In MailScanner.info I do see

Virus Scanning = yes
Virus Scanners = clamav

What could have gone wrong?


--
B.G. Mahesh
bg.mahesh@indiainfo.com
http://www.indiainfo.com/

--
______________________________________________
IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com
Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes!

Powered by Outblaze

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From shrek-m at GMX.DE  Tue Aug  3 07:08:44 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.233.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jose Julian Buda wrote:

>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

no virus in the attachment  << photo.zip >>

$ du -b photo.zip
893     photo.zip

$ unzip -t photo.zip
Archive:  photo.zip
warning [photo.zip]:  zipfile is empty


--
shrek-m

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 08:39:16 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.234.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 00:34 03/08/2004, you wrote:
>On Mon, 2 Aug 2004 17:52:21 -0500, John Faubion <jfaubion@comcast.net> wrote:
> > > IIRC, the 'nice' format is NOT available in Perl versions pre-5.6.0...
> >
> > MS is running here on 5.6.0. I haven't upgraded this system as I have
> > software that still requires 5.6.0. Yes, 5.6.1 breaks it. The system
> will be
> > decommissioned shortly when the the new version is ready.
> >
>In 5.6.0 it should work OK... the problem is with previous versions...
>
>bin/MailScanner says:
>require 5.005;
>
>so it seems to support older perls 5.005* (that would be perl 5.5 in
>the 'new' format, but perl 5.5 doesn't know that) :-)

I have changed it to say "%vd (%f)", $^V, $]
which will hopefully work on old and new versions?

I can't find a 5.005 system here to test it on. Can someone do
         printf "%vd (%f)\n", $^V, $];
and let me know if it works or not please?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 08:48:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.235.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:39 03/08/2004, you wrote:
>I have changed it to say "%vd (%f)", $^V, $]
>which will hopefully work on old and new versions?
>
>I can't find a 5.005 system here to test it on. Can someone do
>         printf "%vd (%f)\n", $^V, $];
>and let me know if it works or not please?

Even better, please try this:
   printf("This is Perl version %f (%vd)\n", $], $^V);
as that appears to work on 5.004.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From P.G.M.Peters at utwente.nl  Tue Aug  3 09:25:14 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:27 2006
Subject: One disclaimer only please
Message-ID: <mailman.236.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 10:35:07 +1000, you wrote:

>> We have a disclaimer that is attached to all outgoing email.  Is it
>> possible for the system to attach the disclaimer one time, so on an
>> email replied to and fro won't have multiple disclaimers skulking about
>> the bottom of the email?
>
>This has been discussed a few times, it was apparently found to be
>much more complicated than it would appear on face value.  I know we'd
>also appreciate this to be changed, perhaps if it's such a major task
>a few of us should either donate code or money to cover the
>development?

Just prepend the disclaimer with "-- " on an empty line and all clients
strip the disclaimer when responding. Or at least they should.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From P.G.M.Peters at utwente.nl  Tue Aug  3 09:27:17 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:27 2006
Subject: Feature request (was: MailScanner stable 4.32.5 released)
Message-ID: <mailman.237.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 11:12:26 +0530, you wrote:

>It would be very useful to include the MS version number in
>MailScanner.conf file also. I do see
>/etc/MailScanner/MailScanner.conf.rpmnew but it has an old date. If the
>version number was included in the file it would be very easy to figure
>out which installation generated this file

And while we are at it: Can MailScanner check the version to check
whether this MailScanner.conf version is compatible with the running
MailScanner?

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 09:43:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Feature request (was: MailScanner stable 4.32.5 released)
Message-ID: <mailman.238.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:27 03/08/2004, you wrote:
>On Tue, 3 Aug 2004 11:12:26 +0530, you wrote:
>
> >It would be very useful to include the MS version number in
> >MailScanner.conf file also. I do see
> >/etc/MailScanner/MailScanner.conf.rpmnew but it has an old date. If the
> >version number was included in the file it would be very easy to figure
> >out which installation generated this file
>
>And while we are at it: Can MailScanner check the version to check
>whether this MailScanner.conf version is compatible with the running
>MailScanner?

So
1) Put a "MailScanner Version Number =" setting in MailScanner.conf. This
setting would be provided in all new MailScanner.conf files. It would not
be copied into new versions of the file created by
upgrade_MailScanner_conf, but the value that was in the shipped version of
the new file would be left intact. This is messy as it means there is now
an exception to the upgrade_... script.
2) MailScanner would complain if the version number in the file was less
than the version number written into the MailScanner code. Also a bit messy
as the number is a x.y.z number not just a float, but I can handle that I
guess.

Is that what people want? Just trying to get the system spec out of the
user spec :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 10:18:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Feature request (was: MailScanner stable 4.32.5 released)
Message-ID: <mailman.239.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:43 03/08/2004, you wrote:
>1) Put a "MailScanner Version Number =" setting in MailScanner.conf. This
>setting would be provided in all new MailScanner.conf files. It would not
>be copied into new versions of the file created by
>upgrade_MailScanner_conf, but the value that was in the shipped version of
>the new file would be left intact. This is messy as it means there is now
>an exception to the upgrade_... script.
>2) MailScanner would complain if the version number in the file was less
>than the version number written into the MailScanner code. Also a bit messy
>as the number is a x.y.z number not just a float, but I can handle that I
>guess.

All done. Will be in the next release.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From anders.andersson at LTKALMAR.SE  Tue Aug  3 10:27:22 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:27 2006
Subject: SA 3.0 pre3 working or wait
Message-ID: <mailman.240.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi
After spending the summer in Guatemala I had to go back to work :(
Im just about to move up to Fedora Core2 and was hoping someone to give me
some info if they got SA 3.0 pre3 to work fine or if I should stay with 2.67
until final?

Anders

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Roman.Petry at DILLINGER.BIZ  Tue Aug  3 10:47:15 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.241.1137101187.24926.mailscanner@lists.mailscanner.info>

Hello, sorry for answering so late, but i was a little bit sick.

First of all, i just upgraed to the latest stable version , but no luck.
Same shit happens again .. 8-)

/cache/mqueue and mqueue.in are on the same filesystem. Permissons are
double checkted.
OS is Suse 8.1.. With Kernel Linux nrz83 2.4.19-4GB... Locking is FLOCK, as
in the versions before.

I hoped that the new perl modules, which came with the latest updated fixed
the problem, but no luck.

What else should i check for you ? Any more infos i can give you. 

Sendmail Version: sendmail-8.12.6-159
SpamAssasin 2.63 is installed
Sophos Sweep as virusscanner
Hardware: P4. 2 GHz
Memory: 774 MB
Mqueue on hardware RAID 1

Stats for yesterday: 16698 Mails passed the Server and 336 had this error ..


Bye
Roman

-----Ursprüngliche Nachricht-----
Von: Mariano Absatz [mailto:el.baby@GMAIL.COM] 
Gesendet: Freitag, 30. Juli 2004 15:43
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to
link message body between queues error..


Do you have file locking correctly configured? (read the docs, I don't know
what does sendmail use for file locking)...

Are /cache/mqueue and /cache/mqueue.in in the same filesystem? (mmhhh I
think MailScanner checks this when it's starting, so I don't think this
is)...

Well... check the locking thing and come back with more info... including OS
and version...

On Fri, 30 Jul 2004 11:17:06 +0200, Petry Roman, ITS-IT
<roman.petry@dillinger.biz> wrote:
> Hello,
> 
> I updated from Version 4.22-4 to 4.31.6 last week and get some strange 
> messages in my mail log. Transfervolume of the server is 10000 mails 
> per day. Sendmail with sophos installed. All logs before the update 
> are o.k... I searched the list archive, but i only found 2 messages 
> about thios problem, but with exim and not sendmail..
> 
> I saw some strange messages like...
> 
> Jul 30 10:29:55 nrz83 sendmail-in[4197]: i6U8TtsP004197: 
> from=<xxxxx.xxxx@xxxxxx.de>, size=3461, class=0, nrcpts=1, 
> msgid=<985A4512575C7B40A722B69A2293895556B482@yyyy.xxxx.de>, 
> proto=SMTP, daemon=MTA, relay=111-111-1111-1111.xx.xxxxx.de 
> [222.222.222.222] (may be
> forged)
> Jul 30 10:29:55 nrz83 sendmail-in[4197]: i6U8TtsP004197:
> to=<yyyyy.yyyyyl@yyy.yyyy.biz>, delay=00:00:00, mailer=smtp, pri=30859,
> stat=queued
> Jul 30 10:30:38 nrz83 MailScanner[30622]: Filetype Checks: Allowing
> i6U8TtsP004197 msg-30622-172.txt
> Jul 30 10:30:38 nrz83 MailScanner[30622]: Filetype Checks: Allowing
> i6U8TtsP004197 msg-30622-171.txt
> Jul 30 10:30:38 nrz83 MailScanner[30642]: Filetype Checks: Allowing
> i6U8TtsP004197 msg-30642-143.txt
> Jul 30 10:30:38 nrz83 MailScanner[30642]: Filetype Checks: Allowing
> i6U8TtsP004197 msg-30642-144.txt
> Jul 30 10:30:38 nrz83 MailScanner[30642]: Failed to link message body
> between queues (/cache/mqueue/dfi6U8TtsP004197 -->
> /cache/mqueue.in/dfi6U8TtsP004197)
> Jul 30 10:30:40 nrz83 sendmail[4639]: i6U8TtsP004197:
> to=<yyyyy.yyyyyl@yyy.yyyyy.biz>, delay=00:00:45, xdelay=00:00:01,
> mailer=smtp, pri=120859, relay=[122.122.122.222] [122.122.122.222],
> dsn=2.0.0, stat=Sent (Ok)
> 
> I saw 350 of this errors in my log files, yesterday .. The other thing 
> I see are sendmail errors like:
> 
> Jul 28 00:12:11 nrz83 sendmail-in[15816]: i6RMC6WY015816: 
> from=<ygcpdqby@seznam.cz>, size=1256, class=0, nrcpts=1, 
> msgid=<149225241151.221670S94N17c6@seznam.cz>, proto=SMTP, daemon=MTA, 
> relay=200-161-150-211.dsl.telesp.net.br [200.161.150.211] Jul 28 
> 00:12:11 nrz83 sendmail-in[15816]: i6RMC6WY015816: 
> to=<info@xxxxxx.de>, delay=00:00:02, mailer=smtp, pri=30533, 
> stat=queued Jul 28 00:12:12 nrz83 MailScanner[29763]: RBL checks: 
> i6RMC6WY015816 found in spamcop.net Jul 28 00:12:14 nrz83 
> MailScanner[29763]: Message i6RMC6WY015816 from 200.161.150.211 
> (ygcpdqby@seznam.cz) to ancofer.de is spam, spamcop.net, SpamAssassin 
> (Wertung=6.288, benoetigt 5, BAYES_80 1.66, DATE_IN_FUTURE_03_06 1.93, 
> FORGED_TELESP_RCVD 2.70) Jul 28 00:12:14 nrz83 MailScanner[29763]: 
> Spam Actions: message i6RMC6WY015816 actions are 
> bounce,deliver,striphtml Jul 28 00:12:15 nrz83 MailScanner[5171]: RBL 
> checks: i6RMC6WY015816 found in spamcop.net
> Jul 28 00:12:16 nrz83 MailScanner[5171]: Message i6RMC6WY015816 from
> 200.161.150.211 (ygcpdqby@seznam.cz) to ancofer.de is spam, spamcop.net,
> SpamAssassin (Wertung=6.288, benoetigt 5, BAYES_80 1.66,
> DATE_IN_FUTURE_03_06 1.93, FORGED_TELESP_RCVD 2.70)
> Jul 28 00:12:16 nrz83 MailScanner[5171]: Spam Actions: message
> i6RMC6WY015816 actions are bounce,deliver,striphtml
> Jul 28 00:12:18 nrz83 MailScanner[29763]: Filetype Checks: Allowing
> i6RMC6WY015816 msg-29763-80.txt
> Jul 28 00:12:18 nrz83 sendmail[15844]: i6RMC6WY015816:
to=<info@xxxxxx.de>,
> delay=00:00:09, xdelay=00:00:00, mailer=smtp, pri=120533,
> relay=[222.222.222.222] [222.222.222.222], dsn=2.0.0, stat=Sent (Ok)
> Jul 28 00:12:20 nrz83 MailScanner[5171]: Filetype Checks: Allowing
> i6RMC6WY015816 msg-5171-60.txt
> Jul 28 00:12:20 nrz83 sendmail[15848]: i6RMC6WY015816: SYSERR(root):
readqf:
> cannot open ./dfi6RMC6WY015816: No such file or directory
> Jul 28 00:12:20 nrz83 sendmail[15848]: i6RMC6WY015816:
to=<info@xxxxxx.de>,
> delay=00:00:11, xdelay=00:00:00, mailer=smtp, pri=120533,
> relay=[222.222.222.222] [222.222.222.222], dsn=2.0.0, stat=Sent (Ok)
> 
> 680 yesterday of this..
> 
> Well, it looks like that 2 Mailscanner are starting for the same file, 
> both scans the file, and one sends it to sendmail outgoing queue. 
> After that the second ends and want also to send the file, but it´s 
> not there anymore ...
> 
> I thinkt those two erros have something common ??? I checked 
> permissions and so on, but no luck. Any hints how to go further.. 
> Debuging ??
> 
> mfg
> 
> Roman Petry
> AG der Dillinger Huettenwerke
> ITS-IT
> Tel. +49-6831-474670
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 


-- 
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From P.G.M.Peters at utwente.nl  Tue Aug  3 10:47:55 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:27 2006
Subject: Feature request (was: MailScanner stable 4.32.5 released)
Message-ID: <mailman.242.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 10:18:21 +0100, you wrote:

>At 09:43 03/08/2004, you wrote:
>>1) Put a "MailScanner Version Number =" setting in MailScanner.conf. This
>>setting would be provided in all new MailScanner.conf files. It would not
>>be copied into new versions of the file created by
>>upgrade_MailScanner_conf, but the value that was in the shipped version of
>>the new file would be left intact. This is messy as it means there is now
>>an exception to the upgrade_... script.
>>2) MailScanner would complain if the version number in the file was less
>>than the version number written into the MailScanner code. Also a bit messy
>>as the number is a x.y.z number not just a float, but I can handle that I
>>guess.
>
>All done. Will be in the next release.

Thanks.

Now you have the code for checking versionnumbers you can also check the
version of ....

Just kidding. :-)

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 11:02:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.243.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:47 03/08/2004, you wrote:
>First of all, i just upgraed to the latest stable version , but no luck.
>Same shit happens again .. 8-)
>/cache/mqueue and mqueue.in are on the same filesystem. Permissons are
>double checkted.
>OS is Suse 8.1.. With Kernel Linux nrz83 2.4.19-4GB... Locking is FLOCK, as
>in the versions before.

What does "df -i" say?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Roman.Petry at DILLINGER.BIZ  Tue Aug  3 11:10:31 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.244.1137101187.24926.mailscanner@lists.mailscanner.info>

Hello Julian,

Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/sda2            4423680  221682 4201998    6% /
/dev/sdb1            8978432   16212 8962220    1% /cache
shmfs                  96781       1   96780    1% /dev/shm
You have new mail in /var/mail/root

Sdb1 is the mqueue home..

Thanks
Roman

-----Ursprüngliche Nachricht-----
Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
Gesendet: Dienstag, 3. August 2004 12:03
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to


At 10:47 03/08/2004, you wrote:
>First of all, i just upgraed to the latest stable version , but no 
>luck. Same shit happens again .. 8-) /cache/mqueue and mqueue.in are on 
>the same filesystem. Permissons are double checkted.
>OS is Suse 8.1.. With Kernel Linux nrz83 2.4.19-4GB... Locking is FLOCK, as
>in the versions before.

What does "df -i" say?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at lists.com.ar  Tue Aug  3 12:23:39 2004
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.245.1137101187.24926.mailscanner@lists.mailscanner.info>

For 5.005_03:

printf("This is Perl version %f (%vd)\n", $], $^V);


This is Perl version 5.005030 (%vd)


--

Leonardo Helman
Pert Consultores
Argentina


On Tue, Aug 03, 2004 at 08:48:21AM +0100, Julian Field wrote:
> At 08:39 03/08/2004, you wrote:
> >I have changed it to say "%vd (%f)", $^V, $]
> >which will hopefully work on old and new versions?
> >
> >I can't find a 5.005 system here to test it on. Can someone do
> >        printf "%vd (%f)\n", $^V, $];
> >and let me know if it works or not please?
>
> Even better, please try this:
>   printf("This is Perl version %f (%vd)\n", $], $^V);
> as that appears to work on 5.004.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cmaurand at XYONET.COM  Tue Aug  3 12:38:54 2004
From: cmaurand at XYONET.COM (Curtis Maurand)
Date: Thu Jan 12 21:26:27 2006
Subject: Rules Du Jour
Message-ID: <mailman.246.1137101187.24926.mailscanner@lists.mailscanner.info>

They're working for me.  More messages that were spam are actually getting
marked as spam.  Very cool.

curtis
----- Original Message -----
From: "Michele Neylon : Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Sunday, August 01, 2004 8:36 AM
Subject: Re: Rules Du Jour


> On Sun, 2004-08-01 at 13:29, JT wrote:
> > How can I find out if the "Rules du jour" are really used and actually
> > working?
>
> Look at your logs.
>
>
>
>
>
> --
> Mr. Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> +353 59 913 7101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From edu at ICARUS.COM.BR  Tue Aug  3 12:43:52 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:27 2006
Subject: perl(MailScanner::MCPMessage)
Message-ID: <mailman.247.1137101187.24926.mailscanner@lists.mailscanner.info>

When I tried install the rebuilded package this menssagem was shown.

root@prompt#rpm -ivh mailscanner-4.32.5-1.noarch.rpm
error: Failed dependencies:
        perl(MailScanner::MCPMessage) is needed by mailscanner-4.32.5-1



Some ideia?

Tnx.

Ed

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug  3 12:52:15 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:27 2006
Subject: AW: Rules Du Jour
Message-ID: <mailman.248.1137101187.24926.mailscanner@lists.mailscanner.info>

> Hi JT,
>
> local root recive a email from "Rules du jour".

That would depend on how you have it set in the rules du jour script.

If you are not 100% sure crank up your logging and look in the logs. The
hits and scores will vary depending on what you are using, but it should be
fairly obvious.

M


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Tue Aug  3 12:54:07 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:27 2006
Subject: AW: perl(MailScanner::MCPMessage)
Message-ID: <mailman.249.1137101187.24926.mailscanner@lists.mailscanner.info>

hi ed,

perl is installed ?

otherwise, try --force option ...


greetings
andy

-----Ursprüngliche Nachricht-----
Von: Ed Andre [mailto:edu@ICARUS.COM.BR] 
Gesendet: Dienstag, 3. August 2004 13:44
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: perl(MailScanner::MCPMessage)


When I tried install the rebuilded package this menssagem was shown.

root@prompt#rpm -ivh mailscanner-4.32.5-1.noarch.rpm
error: Failed dependencies:
        perl(MailScanner::MCPMessage) is needed by mailscanner-4.32.5-1



Some ideia?

Tnx.

Ed

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Tue Aug  3 13:09:19 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.250.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 08:08:44 +0200, shrek-m@gmx.de <shrek-m@gmx.de> wrote:
> Jose Julian Buda wrote:
>
> >-------------------------- MailScanner list ----------------------
> >To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/     and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> >
>
> no virus in the attachment  << photo.zip >>
>
> $ du -b photo.zip
> 893     photo.zip
>
> $ unzip -t photo.zip
> Archive:  photo.zip
> warning [photo.zip]:  zipfile is empty
Right... same here... only funny thing: gmail ate the original message
silently... so spam folder, no virus notice... nothing... I saw the
message in another subscribed account...

Probably it's a badly programmed virus that isn't able to propagate :-)
--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug  3 13:12:31 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.251.1137101187.24926.mailscanner@lists.mailscanner.info>

.
>
> Probably it's a badly programmed virus that isn't able to propagate
> :-) --
No. Gmail blocks all zip files



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From edu at ICARUS.COM.BR  Tue Aug  3 13:18:05 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:27 2006
Subject: AW: perl(MailScanner::MCPMessage)
Message-ID: <mailman.252.1137101187.24926.mailscanner@lists.mailscanner.info>

hi,

perl is installed in a Red Hat 9.0.
All perl dependencies too.

If I install the package do by the Julian this menssagem dont appears only
in the package redo by me from the  .src .




> hi ed,
>
> perl is installed ?
>
> otherwise, try --force option ...
>
>
> greetings
> andy
>
> -----Ursprüngliche Nachricht-----
> Von: Ed Andre [mailto:edu@ICARUS.COM.BR]
> Gesendet: Dienstag, 3. August 2004 13:44
> An: MAILSCANNER@JISCMAIL.AC.UK
> Betreff: perl(MailScanner::MCPMessage)
>
>
> When I tried install the rebuilded package this menssagem was shown.
>
> root@prompt#rpm -ivh mailscanner-4.32.5-1.noarch.rpm
> error: Failed dependencies:
>         perl(MailScanner::MCPMessage) is needed by mailscanner-4.32.5-1
>
>
>
> Some ideia?
>
> Tnx.
>
> Ed
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Tue Aug  3 13:22:25 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: Minor: MS version info
Message-ID: <mailman.253.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 08:48:43 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 08:39 03/08/2004, you wrote:
> >I have changed it to say "%vd (%f)", $^V, $]
> >which will hopefully work on old and new versions?
> >
> >I can't find a 5.005 system here to test it on. Can someone do
> >         printf "%vd (%f)\n", $^V, $];
> >and let me know if it works or not please?
This one doesn't work... apparently the $^V is ignored (null) and
maybe %vd wasn't valid with 5.005's printf so it doesn't get to print
$] :-(
# /usr/bin/perl5.00503 -e 'printf "%vd (%f)\n", $^V, $];'
%vd (0.000000)


>
> Even better, please try this:
>    printf("This is Perl version %f (%vd)\n", $], $^V);
> as that appears to work on 5.004.
This last one works
# /usr/bin/perl5.00503 -e 'printf("This is Perl version %f (%vd)\n", $], $^V);'
This is Perl version 5.005030 (%vd)

# /usr/bin/perl -e 'printf("This is Perl version %f (%vd)\n", $], $^V);'
This is Perl version 5.006001 (5.6.1)

Seems like it'll do.

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris.jones at ATMOSENERGY.COM  Tue Aug  3 15:15:46 2004
From: chris.jones at ATMOSENERGY.COM (Chris Jones)
Date: Thu Jan 12 21:26:27 2006
Subject: end of line comments in spam.blacklist.rules
Message-ID: <mailman.254.1137101187.24926.mailscanner@lists.mailscanner.info>

Has anyone ever successfully used a end of line comment in the
spam.blacklist.rules file? We would like to log who added the entry and when
like this:
From:        user@nasty.domain.com   yes #cjones 20040803-08:59

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Tue Aug  3 15:24:33 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.255.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi there,

i do have the same Problem :(

My first guess was, it would be my discs.
But Disc-Check proved me wrong. All Discs are ok.
Then i thought it would be my sendmail.
But, then i think, it would never work, but..only some mails do have this
problem.
And then these Mails will be recieved twice at the person, who should get
this mail.

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Roman.Petry at DILLINGER.BIZ  Tue Aug  3 15:33:53 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.256.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi. We are lucky ones.. 8-)..

Do you have also the follwing errors ?? They come from sendmail..

sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
./dfi73ERFLI006232: No such file or directory

Bye

Roman

-----Ursprüngliche Nachricht-----
Von: Marcel Blenkers [mailto:marcel@IRC-ADDICTS.DE] 
Gesendet: Dienstag, 3. August 2004 16:25
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to


Hi there,

i do have the same Problem :(

My first guess was, it would be my discs.
But Disc-Check proved me wrong. All Discs are ok.
Then i thought it would be my sendmail.
But, then i think, it would never work, but..only some mails do have this
problem. And then these Mails will be recieved twice at the person, who
should get this mail.

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug  3 15:46:49 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:27 2006
Subject: end of line comments in spam.blacklist.rules
Message-ID: <mailman.257.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris Jones wrote:

> Has anyone ever successfully used a end of line comment in the
> spam.blacklist.rules file? We would like to log who added the entry and when
> like this:
> From:        user@nasty.domain.com   yes #cjones 20040803-08:59

Maybe try commenting below the line?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From el.baby at GMAIL.COM  Tue Aug  3 15:53:33 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: end of line comments in spam.blacklist.rules
Message-ID: <mailman.258.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 15:15:46 +0100, Chris Jones
<chris.jones@atmosenergy.com> wrote:
> Has anyone ever successfully used a end of line comment in the
> spam.blacklist.rules file? We would like to log who added the entry and when
> like this:
> From:        user@nasty.domain.com   yes #cjones 20040803-08:59
>
I'm not at my office nor have access to anything about MS right now...
but I think this is illegal... please take a look at the README and
EXAMPLE files in the rules directory.

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Tue Aug  3 15:54:43 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.259.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 16:33:53 +0200, Petry Roman, ITS-IT
<roman.petry@dillinger.biz> wrote:
> Hi. We are lucky ones.. 8-)..
> 
> Do you have also the follwing errors ?? They come from sendmail..
> 
> sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
> ../dfi73ERFLI006232: No such file or directory
> 
> Bye
> 
> Roman
> 
> -----Ursprüngliche Nachricht-----
> Von: Marcel Blenkers [mailto:marcel@IRC-ADDICTS.DE]
> Gesendet: Dienstag, 3. August 2004 16:25
> An: MAILSCANNER@JISCMAIL.AC.UK
> Betreff: Re: Strange behavior since update to latest version... Failed to
> 
> 
> 
> 
> Hi there,
> 
> i do have the same Problem :(
> 
> My first guess was, it would be my discs.
> But Disc-Check proved me wrong. All Discs are ok.
> Then i thought it would be my sendmail.
> But, then i think, it would never work, but..only some mails do have this
> problem. And then these Mails will be recieved twice at the person, who
> should get this mail.
> 
> Greetings
> 
Maybe you have a sendmail trying to read from the same queue as MailScanner?

-- 
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dnsadmin at 1BIGTHINK.COM  Tue Aug  3 15:54:50 2004
From: dnsadmin at 1BIGTHINK.COM (DNSAdmin)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.260.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:12 AM 8/3/2004, you wrote:
>.
> >
> > Probably it's a badly programmed virus that isn't able to propagate
> > :-) --
>No. Gmail blocks all zip files

I am seeing the payload from MyDoom.O bounced from other (less-educated)
administrators with a mutated, corrupted payload. That is what this could
have been.

Glenn



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
http://www.sng.ecs.soton.ac.uk/mailscanner/
Configuration by Glenn Parsons dnsadmin-at-1bigthink.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mkettler at EVI-INC.COM  Tue Aug  3 15:54:55 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:27 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.261.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 01:46 AM 8/3/2004, BG Mahesh wrote:

>I installed MS 4.32.5-1 yesterday. It uses clamav-0.75.1 and SA 2.63.
>After upgrading to 4.32.5-1 many infected emails are not being deleted.
>When I download my email Norton Anti Virus 2004 is deleting those emails
>
>The viruses that are not being detected are,
>
>W32.Netsky.Z@mm

That's strange. I'm using a similar setup and my copy of clamav seems to
get them just fine.

I currently run commandAV 4.90.2, clamAV 0.75, and SA 2.63 under
MailScanner 4.30.3-2 (plus some patches off the list)

Admittedly my version of ClamAv and MailScanner are both a bit older than
yours, but my copy of Clam does catch Netsky.Z, although it calls it
Worm.SomeFool.Z.

Here's the logs of both scanners firing off on the same message:

   Aug  2 12:28:47 xanadu MailScanner[2498]: Virus and Content Scanning:
Starting
   Aug  2 12:28:47 xanadu MailScanner[2498]:
./i72GSgFB020228/Textfile.zip->Textfile.txt
.exe  Infection: W32/Netsky.Z@mm
   Aug  2 12:28:47 xanadu MailScanner[2498]: Virus Scanning: Command found
1 infections
   Aug  2 12:28:49 xanadu MailScanner[2498]:
/var/spool/MailScanner/incoming/2498/./i72GSgFB020228/Textfile.zip:
Worm.SomeFool.Z FOUND
   Aug  2 12:28:49 xanadu MailScanner[2498]: Virus Scanning: ClamAV found 1
infections
   Aug  2 12:28:49 xanadu MailScanner[2498]: Infected message
i72GSgFB020228 came from 63.205.51.178
   Aug  2 12:28:49 xanadu MailScanner[2498]: Virus Scanning: Found 1 viruses


Is your clamav catching any viruses at all? Does the eicar test match?

Have you tried manually scanning some of the infected files with clamscan?

Have you tried running freshclam manually? Perhaps there's problems
downloading the AV database that might be obvious if you run manually.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From P.G.M.Peters at utwente.nl  Tue Aug  3 16:04:35 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.262.1137101187.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 16:33:53 +0200, you wrote:

>Hi. We are lucky ones.. 8-)..
>
>Do you have also the follwing errors ?? They come from sendmail..
>
>sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
>./dfi73ERFLI006232: No such file or directory

I would think there is a locking problem. What locking mechanisme does
MailScanner report in the logs and what does your sendmail use?

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Tue Aug  3 16:08:25 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:27 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.263.1137101187.24926.mailscanner@lists.mailscanner.info>

On Mon, 2 Aug 2004 10:46:57 -0500, Smart,Dan <smartd@vmcmail.com> wrote:
> PMJI:
> The negative of greylisting is that some "legit" mail servers may give up
> after one attempt.  These will need to be whitelisted to bypass greylisting.
>
> Also, there is a long discussion on DCC list on functionality, and it
> appears that an initial denial of 1 - 3 minute(s) is sufficient to stop most
> Spam senders, who send once then forget.  Most users would not see this
> delay.  Whitelisting will still be an issue for broken sites.
>
> Greylisting needs to run at the mail MTA, so that messages get blocked
> *before* they are accepted by your mail MTA.  That's the whole idea... Block
> messages once before accepting them the second time.
>
> Each message records a tuple in DCC:  The sender, recipient, and IP address
> of sending MTA.  After being saved the first time, every time this recorded
> tuple is seen, the message gets delivered immediately. The tuples have a
> time-to-live, and will expire off the DCC server eventually.
>
> <<Dan>>
>
>
>
>
> >  -----Original Message-----
> >  From: MailScanner mailing list
> >  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matthew Henkler
> >  Sent: Saturday, July 31, 2004 10:03 PM
> >  To: MAILSCANNER@JISCMAIL.AC.UK
> >  Subject: Re: [MAILSCANNER] dccifd / greylisting problems
> >
> >  On Sat, 31 Jul 2004, John Rudd wrote:
> >
> >  > But I think it's more of a sendmail milter type thing than a
> >  > mailscanner thing.  By the time mailscanner sees the
> >  message, it's too
> >  > late to reject it for the sender to try again later.
> >
> >  Yes, that seems likely now that I think about it.  The way I
> >  have it set up at least, it is  most likely too late for
> >  MailScanner to do anything about.  Guess I'll have to play
> >  around with it at the MTA level.
> >
> >  Good explanation of greylisting for everyone though, thanks!
> >
Anyway... greylisting CAN NOT work within MailScanner. Graylisting has
to be done during the incoming SMTP dialog and must choose to accept
or temporarily reject (errcode 4XX) a given SMTP transaction.

MailScanner runs AFTER the SMTP transaction is over so there's no way
that you can do graylisting within it.

Maybe it could be implemented in a milter for sendmail, I dunno.

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mkettler at EVI-INC.COM  Tue Aug  3 16:15:31 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:27 2006
Subject: Fetishes
Message-ID: <mailman.264.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:09 AM 8/3/2004, Mariano Absatz wrote:
>Probably it's a badly programmed virus that isn't able to propagate :-)

That is likely correct. I did get a complete copy of the zipfile and looked
at it in a hex editor. It should be harmless unless it's malformed nature
causes some decompressor to crash.

It starts off with what looks like a pkzip header, but then after the first
26 bytes it shifts to being nothing but 0x20 (ASCII space). The spaces go
on for the rest of the file (866 bytes of spaces).

The zip header looks to be more-or-less of the correct format, and 26 bytes
is the correct length for the header, but several fields are mangled,
containing 0's when that's clearly not valid (ie: the CRC32 field).

An interpretation of the header:
         File signature: 0x04034b50  (correct signature for the zip format)
         Minimum version to extract: 0
         flags: 0
         Compression method: 0, stored (no compression)
         Modified date/time: 0x0000/0x0000  = midnight, January 1, 1980.
         CRC32: 0x00000000  (odd)
         Compressed size: 0    (odd)
         uncompressed size: 886 (matches the "data" length)
         filename length: 0  (odd, but consistent with where the data starts)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug  3 16:25:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: end of line comments in spam.blacklist.rules
Message-ID: <mailman.265.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:15 03/08/2004, you wrote:
>Has anyone ever successfully used a end of line comment in the
>spam.blacklist.rules file? We would like to log who added the entry and when
>like this:
>From:        user@nasty.domain.com   yes #cjones 20040803-08:59

This should be just fine.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Tue Aug  3 16:26:56 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:27 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.266.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi there,


> Hi. We are lucky ones.. 8-)..
>
> Do you have also the follwing errors ?? They come from sendmail..
>
> sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
> ./dfi73ERFLI006232: No such file or directory
>


i looked through all my logfiles (thanks to grep ;).
But there was nothing like this error..

sorry for that

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From SmartD at VMCMAIL.COM  Tue Aug  3 17:00:28 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:27 2006
Subject: dccifd / greylisting problems
Message-ID: <mailman.267.1137101187.24926.mailscanner@lists.mailscanner.info>

That's exactly how the dcc greylist is implemented, as a sendmail milter.
For postfix, you must use a postfix policy server, such as Postgrey.  There
is no policy server integration for DCC to Postfix
(http://isg.ee.ethz.ch/tools/postgrey/).

<<Dan>>




>  -----Original Message-----
>  From: MailScanner mailing list
>  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mariano Absatz
>  Sent: Tuesday, August 03, 2004 10:08 AM
>  To: MAILSCANNER@JISCMAIL.AC.UK
>  Subject: Re: [MAILSCANNER] dccifd / greylisting problems
>
>  On Mon, 2 Aug 2004 10:46:57 -0500, Smart,Dan
>  <smartd@vmcmail.com> wrote:
>  > PMJI:
>  > The negative of greylisting is that some "legit" mail
>  servers may give
>  > up after one attempt.  These will need to be whitelisted
>  to bypass greylisting.
>  >
>  > Also, there is a long discussion on DCC list on
>  functionality, and it
>  > appears that an initial denial of 1 - 3 minute(s) is sufficient to
>  > stop most Spam senders, who send once then forget.  Most
>  users would
>  > not see this delay.  Whitelisting will still be an issue
>  for broken sites.
>  >
>  > Greylisting needs to run at the mail MTA, so that messages
>  get blocked
>  > *before* they are accepted by your mail MTA.  That's the
>  whole idea...
>  > Block messages once before accepting them the second time.
>  >
>  > Each message records a tuple in DCC:  The sender,
>  recipient, and IP
>  > address of sending MTA.  After being saved the first time,
>  every time
>  > this recorded tuple is seen, the message gets delivered
>  immediately.
>  > The tuples have a time-to-live, and will expire off the
>  DCC server eventually.
>  >
>  > <<Dan>>
>  >
>  >
>  >
>  >
>  > >  -----Original Message-----
>  > >  From: MailScanner mailing list
>  > >  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matthew Henkler
>  > >  Sent: Saturday, July 31, 2004 10:03 PM
>  > >  To: MAILSCANNER@JISCMAIL.AC.UK
>  > >  Subject: Re: [MAILSCANNER] dccifd / greylisting problems
>  > >
>  > >  On Sat, 31 Jul 2004, John Rudd wrote:
>  > >
>  > >  > But I think it's more of a sendmail milter type thing
>  than a  >
>  > > mailscanner thing.  By the time mailscanner sees the
>  message, it's
>  > > too  > late to reject it for the sender to try again later.
>  > >
>  > >  Yes, that seems likely now that I think about it.  The
>  way I  have
>  > > it set up at least, it is  most likely too late for
>  MailScanner to
>  > > do anything about.  Guess I'll have to play  around with
>  it at the
>  > > MTA level.
>  > >
>  > >  Good explanation of greylisting for everyone though, thanks!
>  > >
>  Anyway... greylisting CAN NOT work within MailScanner.
>  Graylisting has to be done during the incoming SMTP dialog
>  and must choose to accept or temporarily reject (errcode
>  4XX) a given SMTP transaction.
>
>  MailScanner runs AFTER the SMTP transaction is over so
>  there's no way that you can do graylisting within it.
>
>  Maybe it could be implemented in a milter for sendmail, I dunno.
>
>  --
>  Mariano Absatz - El Baby
>  el (dot) baby (AT) gmail (dot) com
>  el (punto) baby (ARROBA:@) gmail (punto) com
>
>  -------------------------- MailScanner list ----------------------
>  To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>  Before posting, please see the Most Asked Questions at
>  http://www.mailscanner.biz/maq/     and the archives at
>  http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris.jones at ATMOSENERGY.COM  Tue Aug  3 21:12:15 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:26:27 2006
Subject: end of line comments in spam.blacklist.rules
Message-ID: <mailman.268.1137101187.24926.mailscanner@lists.mailscanner.info>

It look like this is going to work. Thanks :)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Tuesday, August 03, 2004 10:25 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: end of line comments in spam.blacklist.rules

At 15:15 03/08/2004, you wrote:
>Has anyone ever successfully used a end of line comment in the
>spam.blacklist.rules file? We would like to log who added the entry and
when
>like this:
>From:        user@nasty.domain.com   yes #cjones 20040803-08:59

This should be just fine.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From jfraley at glenraven.com  Tue Aug  3 21:13:38 2004
From: jfraley at glenraven.com (Jon Fraley)
Date: Thu Jan 12 21:26:27 2006
Subject: list rule hits
Message-ID: <mailman.269.1137101187.24926.mailscanner@lists.mailscanner.info>

My Bayes stopped working the other day because, I'm guessing that a
number of ham messages expired dropping below 200.  So, I came up with
this one liner to check which rules are being hit.  I hope someone will
find it useful:

grep "is spam" /var/log/maillog|awk -F '5.5,' '{print $2}'|cut -d ")"
-f1|tr -cs 'a-zA-Z_0-9 .-=' '\n' | sort | uniq -c|sort -rnk1,1

You will need to change the 5.5 to your required hits.

Jon

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From rzewnickie at RFA.ORG  Tue Aug  3 23:42:24 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:27 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.270.1137101187.24926.mailscanner@lists.mailscanner.info>

On Sat, Jul 31, 2004 at 02:27:54AM +0100, Richard Bourque wrote:
> On Fri, 30 Jul 2004 03:33:12 +0100, Julian Field
> <mailscanner@ECS.SOTON.AC.UK> wrote:
> >At 15:45 29/07/2004, you wrote:
> >>However, it works for me, so what can I say.
> >Precisely.
> >As you may have gathered, there is no love lost between me and Wietse. But
> >then again, from what I have heard from some of his previous colleagues,
> >I'm not the only person in that situation :-)
> >Julian Field
> <snip>
> After reading some of Weitz's comments about MailScanner 6-7 months ago I
> dumped a perfectly working Postfix/MailScanner installation and switched to
> Exim/MailScanner, even though it has been running for almost a year without
> a single problem.
> I made the change on principle.  I feel safer using Exim because I get the
> impression Philip Hazel would assist Julian (and vice versa) if there ever
> were any problems, but I feel Weitz doesn't want any 3rd party apps to work
> with Postfix at all and would hinder development as a whole for the MTA
> community.

I don't agree with Weitse's position regarding postfix w/mailscanner.
(Not that I would presume to argue with him personally on it.)

But, I think this statement is not entirely fair. Postfix is designed in
a very modular fashion with the intention that each piece could
potentially be replaced with a different implementation. As far as I
know Weitse has no problem with the amavisd approach, so saying he is
against 3rd party apps interacting with postfix is not correct. His beef
with Julian's approach is that Julian chooses to interact with the
filesystem rather than with some piece of the postfix system.

That said, I switched from postfix+amavisd to postfix+mailscanner a year
ago because MailScanner is better for a variety of reasons, IMVHO. I
haven't looked back and I haven't run into any good enough reasons to
switch MTA's. We do 30-40k messages/day on a 1.3GHz athlon
w/MS+SA+sophosSAVI+mcafee without issues.

-Eric

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From rzewnickie at RFA.ORG  Tue Aug  3 23:46:39 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:27 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.271.1137101187.24926.mailscanner@lists.mailscanner.info>

On Thu, Jul 29, 2004 at 08:38:57AM -0300, Mariano Absatz wrote:
> I heard, from knowledgable people, that both Postfix and Exim are
> nice, easy to configure and have good documentation and mailing list
> support... the only thing that I disliked was when Julian said that
> the queue format of Postfix is binary and not plain ASCII... this
> scares me a lot since, in a crisis, you aren't able to use your
> average set of text tools to resolve it...

Is this really true? I know postfix queuefiles don't have linebreaks in
them, but does that make them binary?

Anyway, postfix comes with the postcat utility which takes a queuefile
and prints it to standard out nicely formatted with line breaks. So, you
can do whatever standard text manipulations on it you desire. The
postdrop utility is also useful for dealing with queuefiles.

-Eric Rz

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Uwe.Krause at FEP.FRAUNHOFER.DE  Wed Aug  4 07:25:34 2004
From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Uwe)
Date: Thu Jan 12 21:26:27 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.272.1137101187.24926.mailscanner@lists.mailscanner.info>

Look at the output of you maillog if you set the parameter 
debug = yes
in mailscanner.conf

Uwe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 08:21:20 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:27 2006
Subject: ms wont start
Message-ID: <mailman.273.1137101187.24926.mailscanner@lists.mailscanner.info>

hi there,

after implement mailwatch get the following error:

rcMailScanner start
Initializing incoming postfixInitializing outgoing postfix
failed
Initializing MailScanner
# Number found where operator expected at
/usr/lib/MailScanner/MailScanner/CustomConfig.pm line 99, near "#  #return 0
if $IPAddress eq '127.0.0.1"
  (Might be a runaway multi-line '' string starting on line 42)
        (Missing operator before 127.0.0.1?)
String found where operator expected at
/usr/lib/MailScanner/MailScanner/CustomConfig.pm line 135, near "# called '"
  (Might be a runaway multi-line '' string starting on line 99)
        (Missing semicolon on previous line?)
Bad name after default' at /usr/lib/MailScanner/MailScanner/CustomConfig.pm
line 135.
Compilation failed in require at /usr/sbin/MailScanner line 43.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 43.

running on suse 9.1 with
MailScanner-4.32.5-1.suse.tar.gz
Mail-SpamAssassin-2.63.tar.gz
mailwatch-0.5.1.tar.gz
razor-agents-2.61.tar.gz
clamav-0.75.tar.gz

anyone got and idea how to solve the problem ?
im a noob with mailscanner, working with it since
3 days ...

greetings
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From bhuff at COLLTECH.COM  Wed Aug  4 08:27:08 2004
From: bhuff at COLLTECH.COM (Bill Huff)
Date: Thu Jan 12 21:26:27 2006
Subject: ms wont start
Message-ID: <mailman.274.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Your problem is a syntax error in the CustomConfig.pm file.

On line 99,

if $IPAddress eq '127.0.0.1"

should be

if $IPAddress eq '127.0.0.1'

Note the final ' and not ".

That will get you past error one, and very well might be your only problem.

--
Bill

Dörfler Andreas wrote:
> hi there,
> 
> after implement mailwatch get the following error:
> 
> rcMailScanner start
> Initializing incoming postfixInitializing outgoing postfix
> failed
> Initializing MailScanner
> # Number found where operator expected at
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 99, near "#  #return 0
> if $IPAddress eq '127.0.0.1"
>   (Might be a runaway multi-line '' string starting on line 42)
>         (Missing operator before 127.0.0.1?)
> String found where operator expected at
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 135, near "# called '"
>   (Might be a runaway multi-line '' string starting on line 99)
>         (Missing semicolon on previous line?)
> Bad name after default' at /usr/lib/MailScanner/MailScanner/CustomConfig.pm
> line 135.
> Compilation failed in require at /usr/sbin/MailScanner line 43.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 43.
> 
> running on suse 9.1 with
> MailScanner-4.32.5-1.suse.tar.gz
> Mail-SpamAssassin-2.63.tar.gz
> mailwatch-0.5.1.tar.gz
> razor-agents-2.61.tar.gz
> clamav-0.75.tar.gz
> 
> anyone got and idea how to solve the problem ?
> im a noob with mailscanner, working with it since
> 3 days ...
> 
> greetings
> andy
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
      _____
     / ___/___       | Bill Huff - Director of Technology
    / /__  __/       | Voice: (512) 263-0770 x 262
   / /__/ /          |   Fax: (512) 263-8921
   \___/ /ollective  |  Cell: (512) 630-5424
       \/echnologies | --[ http://www.colltech.com ] --

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug  4 08:56:00 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:27 2006
Subject: HTML strip <!--
Message-ID: <mailman.275.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I added the one line by hand (but not sure if I did it right) where it
is supposed to go (I hope).

The 'cleaned' e-mails still arent very clean, they still show a load of
garbage like :

<!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11
6 4 3 5 4 4 2 4; mso-font-charset:0;
mso-generic-font-family:swiss; mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;} @font-face
{font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /*
Style Definitions */ p.MsoNormal, li.MsoNormal,
div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt;
mso-pagination:widow-orphan; font-size:12.0pt;
font-family:Arial; mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman"; mso-ansi-language:NL;
mso-bidi-font-weight:bold;} a:link, span.MsoHyperlink {color:blue;
text-decoration:underline; text-underline:single;}
a:visited, span.MsoHyperlinkFollowed {color:purple;
text-decoration:underline; text-underline:single;} p.MsoAutoSig,
li.MsoAutoSig, div.MsoAutoSig {margin:0cm; margin-bottom:.0001pt;
mso-pagination:widow-orphan; font-size:12.0pt;
font-family:Arial; mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman"; mso-ansi-language:NL;
mso-bidi-font-weight:bold;} span.EmailStyle18 {mso-style-type:personal;
mso-style-noshow:yes; mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt; font-family:Verdana;
mso-ascii-font-family:Verdana; mso-hansi-font-family:Verdana;
mso-bidi-font-family:Arial; color:black;} span.EmailStyle19
{mso-style-type:personal; mso-style-noshow:yes;
mso-ansi-font-size:12.0pt; font-family:Arial; mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial; color:navy;} span.EmailStyle20
{mso-style-type:personal-reply; mso-style-noshow:yes;
mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Verdana;
mso-ascii-font-family:Verdana;
mso-hansi-font-family:Verdana; mso-bidi-font-family:Arial; color:black;}
span.SpellE {mso-style-name:""; mso-spl-e:yes;}
span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1
{size:21.0cm 842.0pt; margin:26.95pt 70.9pt 72.0pt 70.9pt;
mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:7;}
div.Section1 {page:Section1;} -->
Dan had ik nu al met haar bij het stadion moeten wezen wil ik vandaag met
haar een rondje stadion kunnen doen
cid:image001.gif@01C47A08.A3E77AC0


On Mon, 2 Aug 2004, Julian Field wrote:

> At 18:10 02/08/2004, you wrote:
>> Without a doubt I am doing someting wrong (its the second time ever I am
>> using the patch command) but I am getting this error:
>>
>> [root@linuxgw MailScanner]# patch -p0 < patch
>> patching file Message.pm
>> patch: **** malformed patch at line 4: $htmlparser->{textify}{img} =
>> 'src';
>>
>> I have upgraded to the latest stable just before (4.32.5)
>>
>> All the text between the snips I copied to a new file with vi called patch
>> and put that in the /usr/lib/MailScanner/MailScanner dir
>>
>> Tried to execute from there.
>>
>> Where did I screw up? :)
>
> That should have worked. Oh well, it's only a 1 line change so you can
> trivially do it by hand :-)
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http: //www.mailscanner.biz/maq/     and the archives at
> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Roman.Petry at DILLINGER.BIZ  Wed Aug  4 09:25:25 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:27 2006
Subject: AW: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.276.1137101187.24926.mailscanner@lists.mailscanner.info>

Hi,

Nop.. Both queue directorys are correct..

Bye
Roman

-----Ursprüngliche Nachricht-----
Von: Mariano Absatz [mailto:el.baby@GMAIL.COM] 
Gesendet: Dienstag, 3. August 2004 16:55
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to


On Tue, 3 Aug 2004 16:33:53 +0200, Petry Roman, ITS-IT
<roman.petry@dillinger.biz> wrote:
> Hi. We are lucky ones.. 8-)..
> 
> Do you have also the follwing errors ?? They come from sendmail..
> 
> sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
> ../dfi73ERFLI006232: No such file or directory
> 
> Bye
> 
> Roman
> 
> -----Ursprüngliche Nachricht-----
> Von: Marcel Blenkers [mailto:marcel@IRC-ADDICTS.DE]
> Gesendet: Dienstag, 3. August 2004 16:25
> An: MAILSCANNER@JISCMAIL.AC.UK
> Betreff: Re: Strange behavior since update to latest version... Failed 
> to
> 
> 
> 
> 
> Hi there,
> 
> i do have the same Problem :(
> 
> My first guess was, it would be my discs.
> But Disc-Check proved me wrong. All Discs are ok.
> Then i thought it would be my sendmail.
> But, then i think, it would never work, but..only some mails do have 
> this problem. And then these Mails will be recieved twice at the 
> person, who should get this mail.
> 
> Greetings
> 
Maybe you have a sendmail trying to read from the same queue as MailScanner?

-- 
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 09:43:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.277.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:46 03/08/2004, you wrote:
>On Thu, Jul 29, 2004 at 08:38:57AM -0300, Mariano Absatz wrote:
> > I heard, from knowledgable people, that both Postfix and Exim are
> > nice, easy to configure and have good documentation and mailing list
> > support... the only thing that I disliked was when Julian said that
> > the queue format of Postfix is binary and not plain ASCII... this
> > scares me a lot since, in a crisis, you aren't able to use your
> > average set of text tools to resolve it...
>
>Is this really true? I know postfix queuefiles don't have linebreaks in
>them, but does that make them binary?

Yes. They are basically a sequence of records of the form:

special-magic-character-denoting-record-type
string-length-counter-encoded-using-7-bits-per-byte
record-data

There are also cross-reference records that supply byte offset counters to
various other records within the file, all of which have to be correctly
maintained. Oh, and for good measure all the recipients are listed twice in
different records (most of the time) and there is envelope information both
before and after the message body.

But it does all mean you can have a message more than 2^32 bytes long.
Where would we be without support for 4.3 terabyte messages?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 09:47:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:27 2006
Subject: ms wont start
Message-ID: <mailman.278.1137101187.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just to confirm that this syntax error is not present in the 
CustomConfig.pm I am currently shipping.

At 08:27 04/08/2004, you wrote:
>Your problem is a syntax error in the CustomConfig.pm file.
>
>On line 99,
>
>if $IPAddress eq '127.0.0.1"
>
>should be
>
>if $IPAddress eq '127.0.0.1'
>
>Note the final ' and not ".
>
>That will get you past error one, and very well might be your only problem.
>
>Dörfler Andreas wrote:
>>hi there,
>>after implement mailwatch get the following error:
>>rcMailScanner start
>>Initializing incoming postfixInitializing outgoing postfix
>>failed
>>Initializing MailScanner
>># Number found where operator expected at
>>/usr/lib/MailScanner/MailScanner/CustomConfig.pm line 99, near "#  #return 0
>>if $IPAddress eq '127.0.0.1"
>>   (Might be a runaway multi-line '' string starting on line 42)
>>         (Missing operator before 127.0.0.1?)
>>String found where operator expected at
>>/usr/lib/MailScanner/MailScanner/CustomConfig.pm line 135, near "# called '"
>>   (Might be a runaway multi-line '' string starting on line 99)
>>         (Missing semicolon on previous line?)
>>Bad name after default' at /usr/lib/MailScanner/MailScanner/CustomConfig.pm
>>line 135.
>>Compilation failed in require at /usr/sbin/MailScanner line 43.
>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 43.
>>running on suse 9.1 with
>>MailScanner-4.32.5-1.suse.tar.gz
>>Mail-SpamAssassin-2.63.tar.gz
>>mailwatch-0.5.1.tar.gz
>>razor-agents-2.61.tar.gz
>>clamav-0.75.tar.gz
>>anyone got and idea how to solve the problem ?
>>im a noob with mailscanner, working with it since
>>3 days ...

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 10:05:42 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:27 2006
Subject: AW: ms wont start
Message-ID: <mailman.279.1137101187.24926.mailscanner@lists.mailscanner.info>

thanks for your answer.

was my fault, i get old :)
the final '; at require 'MailScanner/MailWatch.pm';
was missing.
think im gonna buy new glasses

got a few more problems but finaly ive found
the mailwatch list :)

greetings
andy

-----Ursprüngliche Nachricht-----
Von: Bill Huff [mailto:bhuff@COLLTECH.COM] 
Gesendet: Mittwoch, 4. August 2004 09:27
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: ms wont start


Your problem is a syntax error in the CustomConfig.pm file.

On line 99,

if $IPAddress eq '127.0.0.1"

should be

if $IPAddress eq '127.0.0.1'

Note the final ' and not ".

That will get you past error one, and very well might be your only problem.

--
Bill

Dörfler Andreas wrote:
> hi there,
> 
> after implement mailwatch get the following error:
> 
> rcMailScanner start
> Initializing incoming postfixInitializing outgoing postfix
> failed
> Initializing MailScanner
> # Number found where operator expected at
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 99, near "#  #return
0
> if $IPAddress eq '127.0.0.1"
>   (Might be a runaway multi-line '' string starting on line 42)
>         (Missing operator before 127.0.0.1?)
> String found where operator expected at
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 135, near "# called
'"
>   (Might be a runaway multi-line '' string starting on line 99)
>         (Missing semicolon on previous line?)
> Bad name after default' at
/usr/lib/MailScanner/MailScanner/CustomConfig.pm
> line 135.
> Compilation failed in require at /usr/sbin/MailScanner line 43.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 43.
> 
> running on suse 9.1 with
> MailScanner-4.32.5-1.suse.tar.gz
> Mail-SpamAssassin-2.63.tar.gz
> mailwatch-0.5.1.tar.gz
> razor-agents-2.61.tar.gz
> clamav-0.75.tar.gz
> 
> anyone got and idea how to solve the problem ?
> im a noob with mailscanner, working with it since
> 3 days ...
> 
> greetings
> andy
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
      _____
     / ___/___       | Bill Huff - Director of Technology
    / /__  __/       | Voice: (512) 263-0770 x 262
   / /__/ /          |   Fax: (512) 263-8921
   \___/ /ollective  |  Cell: (512) 630-5424
       \/echnologies | --[ http://www.colltech.com ] --

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From paul at WELSHFAMILY.COM  Wed Aug  4 11:19:39 2004
From: paul at WELSHFAMILY.COM (Paul Welsh)
Date: Thu Jan 12 21:26:28 2006
Subject: Clearing the SA bayes db
Message-ID: <mailman.280.1137101187.24926.mailscanner@lists.mailscanner.info>

I notice the sa-learn program in the unreleased SpamAssassin 3.0.0 has a
--clear option to clear the bayes db.

However, I'm on the released SpamAssassin 2.63 and sa-learn doesn't have
the --clear option.

Can anyone tell me how to delete the bayes db so I can start again from
scratch and, also, what the default location and name of the bayes db is
(I'm running RH9)?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 11:37:56 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: Clearing the SA bayes db
Message-ID: <mailman.281.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:19 04/08/2004, you wrote:
>Can anyone tell me how to delete the bayes db so I can start again from
>scratch and, also, what the default location and name of the bayes db is
>(I'm running RH9)?

cd /root/.spamassassin
rm bayes*
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug  4 11:38:03 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:28 2006
Subject: Clearing the SA bayes db
Message-ID: <mailman.282.1137101188.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> I notice the sa-learn program in the unreleased SpamAssassin
> 3.0.0 has a --clear option to clear the bayes db.
>
> However, I'm on the released SpamAssassin 2.63 and sa-learn
> doesn't have the --clear option.
>
> Can anyone tell me how to delete the bayes db so I can start
> again from scratch and, also, what the default location and
> name of the bayes db is (I'm running RH9)?
The "default" will depend on which user you installed it as. Normally this
would be root, so you'd find Bayes installed in:
/root/.spamassassin

You can change this via the MailScanner config. If you are running a busy
server it would be strongly recommended

Full documentation on Bayes is at:
http://wiki.apache.org/spamassassin/BayesFaq

M


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 12:31:10 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:28 2006
Subject: new problems, postfix - ms
Message-ID: <mailman.283.1137101188.24926.mailscanner@lists.mailscanner.info>

hi again,

got a problem with postfix and ms.
when i start postfix alone without ms everything is ok.
but when i start ms (rcMailScanner) i get following error
in /var/log/mail:
Aug  4 13:03:02 MailScanner[7675]: Messages found but no hashed queue
directories. Please enable hashed queues for incoming and deferred with a
depth of 1 or 2. See the Postfix documentation for hash_queue_names and
hash_queue_depth

"postconf -d" shows me:
hash_queue_depth = 1
hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold,trace

done the settings in main.cf too
done "post-install create-missing" twice, no result

mailscanner.conf:
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
MTA = postfix

/var/spool/postfix
drwx------  16 postfix root     384 Aug  4 08:02 active
drwx------   2 postfix root      48 Apr  6 04:27 bounce
drwx------   2 postfix root      48 Apr  6 04:27 corrupt
drwx------   2 postfix root      48 Apr  6 04:27 defer
drwx------   2 postfix root      48 Apr  6 04:27 deferred
drwx------   2 postfix root      48 Apr  6 04:27 flush
drwx------   2 postfix root      80 Aug  4 10:42 hold
drwx------  16 postfix root     384 Aug  4 13:12 incoming
drwx-wx---   2 postfix maildrop  48 Aug  4 13:12 maildrop
drwxr-xr-x   2 root    root     208 Aug  4 13:02 pid
drwx------   2 postfix root     528 Aug  4 13:12 private
drwx--x---   2 postfix maildrop 168 Aug  4 13:12 public
drwx------   2 postfix root      48 Apr  6 04:27 trace


/var/spool/MailScanner
drwxr-xr-x   2 postfix clamav   48 Aug  4 13:03 incoming
drwxr-xr-x   2 postfix www      48 Jul 29 11:35 quarantine
drwxr-xr-x   2 postfix postfix  48 Jul 29 15:48 spamassassin

didnt found fixes in the archive history and multible search engines

running suse 9.1

greetings
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Wed Aug  4 13:40:53 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:28 2006
Subject: new problems, postfix - ms
Message-ID: <mailman.284.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, August 4, 2004 12:31, Dörfler Andreas said:
> hi again,
>
> got a problem with postfix and ms.
> when i start postfix alone without ms everything is ok.
> but when i start ms (rcMailScanner) i get following error
> in /var/log/mail:
> Aug  4 13:03:02 MailScanner[7675]: Messages found but no hashed queue
> directories. Please enable hashed queues for incoming and deferred with a
> depth of 1 or 2. See the Postfix documentation for hash_queue_names and
> hash_queue_depth
>
Which version of MS are you running? I thought this has been tidied up in
the latest release. Try sending a message through as I have found this
clears this log message (MS then detects the hash queues).

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 13:59:10 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: new problems, postfix - ms
Message-ID: <mailman.285.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Ursprüngliche Nachricht-----
> Von: Drew Marshall [mailto:drew@THEMARSHALLS.CO.UK] 
> Gesendet: Mittwoch, 4. August 2004 14:41
>
> On Wed, August 4, 2004 12:31, Dörfler Andreas said:
> > hi again,
> >
> > got a problem with postfix and ms.
> > when i start postfix alone without ms everything is ok.
> > but when i start ms (rcMailScanner) i get following error
> > in /var/log/mail:
> > Aug  4 13:03:02 MailScanner[7675]: Messages found but no 
> hashed queue
> > directories. Please enable hashed queues for incoming and 
> deferred with a
> > depth of 1 or 2. See the Postfix documentation for 
> hash_queue_names and
> > hash_queue_depth
> >
> Which version of MS are you running? I thought this has been 
> tidied up in
> the latest release. Try sending a message through as I have found this
> clears this log message (MS then detects the hash queues).
> 
> Drew
> 

im running the latest release (MailScanner-4.32.5-1.suse.tar.gz)
done multible mails now, no effekt, same for mailsys restart.

grettings
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Roman.Petry at DILLINGER.BIZ  Wed Aug  4 14:02:44 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:28 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.286.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi,

I used the normal FLOCK locking type in Mailscanner.conf. I don´t know what
locking mechanismen sendmail uses under suse 8.1.. I searched the
sendmail.org site and they said, that they use fctl() under linux 2.4
because flock() has some bugs.. 

I just changed the locking from flock to posix for mailscanner .. Now i´ll
lay back and wait.. I think in 2 hours i can say if this is the answer.

Bye
Roman  

-----Ursprüngliche Nachricht-----
Von: Peter Peters [mailto:P.G.M.Peters@UTWENTE.NL] 
Gesendet: Dienstag, 3. August 2004 17:05
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to


On Tue, 3 Aug 2004 16:33:53 +0200, you wrote:

>Hi. We are lucky ones.. 8-)..
>
>Do you have also the follwing errors ?? They come from sendmail..
>
>sendmail[6324]: i73ERFLI006232: SYSERR(root): readqf: cannot open
>./dfi73ERFLI006232: No such file or directory

I would think there is a locking problem. What locking mechanisme does
MailScanner report in the logs and what does your sendmail use?

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit
Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 14:08:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: new problems, postfix - ms
Message-ID: <mailman.287.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:59 04/08/2004, you wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: Drew Marshall [mailto:drew@THEMARSHALLS.CO.UK]
> > Gesendet: Mittwoch, 4. August 2004 14:41
> >
> > On Wed, August 4, 2004 12:31, Dörfler Andreas said:
> > > hi again,
> > >
> > > got a problem with postfix and ms.
> > > when i start postfix alone without ms everything is ok.
> > > but when i start ms (rcMailScanner) i get following error
> > > in /var/log/mail:
> > > Aug  4 13:03:02 MailScanner[7675]: Messages found but no
> > hashed queue
> > > directories. Please enable hashed queues for incoming and
> > deferred with a
> > > depth of 1 or 2. See the Postfix documentation for
> > hash_queue_names and
> > > hash_queue_depth
> > >
> > Which version of MS are you running? I thought this has been
> > tidied up in
> > the latest release. Try sending a message through as I have found this
> > clears this log message (MS then detects the hash queues).
> >
> > Drew
> >
>
>im running the latest release (MailScanner-4.32.5-1.suse.tar.gz)
>done multible mails now, no effekt, same for mailsys restart.

Check the permissions on the Postfix /var/spool files and directories. Can 
the user specified in "Run As User" (in MailScanner.conf) read and write 
the files and directories?
For some reason, it is unable to find the hashed queue directories and files.



-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From steve.swaney at FSL.COM  Wed Aug  4 14:15:32 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:28 2006
Subject: new problems, postfix - ms
Message-ID: <mailman.288.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dörfler Andreas
> Sent: Wednesday, August 04, 2004 7:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: new problems, postfix - ms
> 
> hi again,
> 
> got a problem with postfix and ms.
> when i start postfix alone without ms everything is ok.
> but when i start ms (rcMailScanner) i get following error
> in /var/log/mail:
> Aug  4 13:03:02 MailScanner[7675]: Messages found but no hashed queue
> directories. Please enable hashed queues for incoming and deferred with a
> depth of 1 or 2. See the Postfix documentation for hash_queue_names and
> hash_queue_depth
> 
> "postconf -d" shows me:
> hash_queue_depth = 1
> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold,trace
> 
> done the settings in main.cf too
> done "post-install create-missing" twice, no result


Are you running razor? This error message can occur when Razor mistakenly
puts the .razor directory in /var/spool/postfix/hash

If this is the case, try moving the files in /var/spool/postfix/hash/.razor
to /etc/razor and make sure that postfix can read and write to these files.

If your running a razor-discover cron job make sure that it specifies where
to put the servers file and corrects any ownership or permissions problems:

/usr/bin/razor-admin -discover -conf=/etc/razor/razor-agent.conf 

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Wed Aug  4 14:25:20 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: new problems, postfix - ms
Message-ID: <mailman.289.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, August 4, 2004 13:59, Dörfler Andreas said:
>
> im running the latest release (MailScanner-4.32.5-1.suse.tar.gz)
> done multible mails now, no effekt, same for mailsys restart.
>
> grettings
> andy
>
Are you running the better single instance Postfix set up as described
here http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml? If
not I would recomend you do (As MS doesn't want or expect a hashed hold
queue).

HTH

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From pete at EATATHOME.COM.AU  Wed Aug  4 14:52:33 2004
From: pete at EATATHOME.COM.AU (Pete)
Date: Thu Jan 12 21:26:28 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.290.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>
>
> Admittedly my version of ClamAv and MailScanner are both a bit older than
> yours, but my copy of Clam does catch Netsky.Z, although it calls it
> Worm.SomeFool.Z.

How do you match up the popular/common name of the viruses with the
clamav obscure name?

My boss gets these watchguard newsletters telling him to look out for X
virus, which he forwards to me with a "are we protected against this" -
i can never tell, so i answer yes and hope - i would love to improve on
this :)

thanks
Pete

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From lists at DVD-GOETSCH.DE  Wed Aug  4 14:55:55 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:26:28 2006
Subject: MailScanner & Exim
Message-ID: <mailman.291.1137101188.24926.mailscanner@lists.mailscanner.info>

I've suceessfully used the dual and single-instance installs of MailScanner
with postfix and now I want to set it up on a server using exim as MTA.
I've had a look at the installation howto and wondered if there is also a
possibility to run MailScanner with just one instance of exim?

.sebastian

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From lundin at CAVTEL.NET  Wed Aug  4 15:08:19 2004
From: lundin at CAVTEL.NET (John Lundin)
Date: Thu Jan 12 21:26:28 2006
Subject: zlib dependency problem
Message-ID: <mailman.292.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
A problem with the mailscanner-4.32.5-1 installation script (and
probably earlier). Red Hat RPM install, onto Fedora Core 2.

If Compress::Zlib is installed from CPAN and Archive::Zip is not
installed, then the following scenario unfolds:

>Oh good, module Compress::Zlib version 1.33 is already installed.
>Attempting to build and install perl-Archive-Zip-1.12-1

And it builds, since Compress::Zlib is present, but then:

>error: Failed dependencies:
>        perl(Compress::Zlib) is needed by perl-Archive-Zip-1.12-1

Archive::Zip never installs, as the needed RPM db entry is missing.

MailScanner itself then happily builds and installs, but when it tries
to run it trips over its shoelaces:

>MailScanner:       Can't locate Archive/Zip.pm in @INC [...]

A quick workaround is to compile Compress::Zlib and re-install:

rpmbuild --rebuild perl-Compress-Zlib-1.33-2.src.rpm
rpm -Uvh \
  /usr/src/redhat/RPMS/i386/perl-Compress-Zlib-1.33-2.i386.rpm \
  /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.12-1.noarch.rpm

--
   lundin@cavtel.net
"Basically, a tool is an object that enables you to
  take advantage of the laws of physics and mechanics
in such a way that you can seriously injure yourself."

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 15:13:07 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: new problems, postfix - ms
Message-ID: <mailman.293.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Ursprüngliche Nachricht-----
> Von: Stephen Swaney [mailto:steve.swaney@FSL.COM] 
> Gesendet: Mittwoch, 4. August 2004 15:16
> 
> > -----Original Message-----
> 
> > From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> 
> > Behalf Of Dörfler Andreas
> 
> > Sent: Wednesday, August 04, 2004 7:31 AM
> 
> > To: MAILSCANNER@JISCMAIL.AC.UK
> 
> > Subject: new problems, postfix - ms
> 
> > 
> 
> > hi again,
> 
> > 
> 
> > got a problem with postfix and ms.
> 
> > when i start postfix alone without ms everything is ok.
> 
> > but when i start ms (rcMailScanner) i get following error
> 
> > in /var/log/mail:
> 
> > Aug  4 13:03:02 MailScanner[7675]: Messages found but no 
> hashed queue
> 
> > directories. Please enable hashed queues for incoming and 
> deferred with a
> 
> > depth of 1 or 2. See the Postfix documentation for 
> hash_queue_names and
> 
> > hash_queue_depth
> 
> > 
> 
> > "postconf -d" shows me:
> 
> > hash_queue_depth = 1
> 
> > hash_queue_names = 
> incoming,active,deferred,bounce,defer,flush,hold,trace
> 
> > 
> 
> > done the settings in main.cf too
> 
> > done "post-install create-missing" twice, no result
> 
> 
> 
> Are you running razor? This error message can occur when 
> Razor mistakenly
> 
> puts the .razor directory in /var/spool/postfix/hash
> 
> 
> If this is the case, try moving the files in 
> /var/spool/postfix/hash/.razor
> 
> to /etc/razor and make sure that postfix can read and write 
> to these files.
> 
> 
> If your running a razor-discover cron job make sure that it 
> specifies where
> 
> to put the servers file and corrects any ownership or 
> permissions problems:
> 
> 
> /usr/bin/razor-admin -discover -conf=/etc/razor/razor-agent.conf 
> 
> 
> Steve
> 

jea im running razor (2.61) but the files there where i wanted it.
files in /etc/razor and a softlink from /root/.razor to /etc/razor
permissions set to postfix:postfix
hm i see, little error postfix/postsuper[10483]: warning: bogus file name:
hold/razor-agent.log
ok, but that not that critical

greetings 
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Wed Aug  4 15:14:10 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:28 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.294.1137101188.24926.mailscanner@lists.mailscanner.info>

Usually the SARC or McAfee site have an alias list of the viruses as well.
You could check their site and see what other AV scanners call the same
virus.

Here's an example.

W32.Evaman.C@mm
WORM_MYDOOM.O [Trend Micro], W32/Mydoom.q@MM [McAfee], W32/MyDoom-Q[Sophos]

Does that help?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Pete
Sent: Wednesday, August 04, 2004 9:53 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Many viruses not being detected :-(


>
>
> Admittedly my version of ClamAv and MailScanner are both a bit older 
> than yours, but my copy of Clam does catch Netsky.Z, although it calls 
> it Worm.SomeFool.Z.

How do you match up the popular/common name of the viruses with the clamav
obscure name?

My boss gets these watchguard newsletters telling him to look out for X
virus, which he forwards to me with a "are we protected against this" - i
can never tell, so i answer yes and hope - i would love to improve on this
:)

thanks
Pete

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Wed Aug  4 15:14:29 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: AW: new problems, postfix - ms
Message-ID: <mailman.295.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Ursprüngliche Nachricht-----
> Von: Drew Marshall [mailto:drew@THEMARSHALLS.CO.UK] 
> Gesendet: Mittwoch, 4. August 2004 15:25
> 
> On Wed, August 4, 2004 13:59, Dörfler Andreas said:
> >
> > im running the latest release (MailScanner-4.32.5-1.suse.tar.gz)
> > done multible mails now, no effekt, same for mailsys restart.
> >
> > grettings
> > andy
> >
> Are you running the better single instance Postfix set up as described
> here 
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml? If
> not I would recomend you do (As MS doesn't want or expect a 
> hashed hold
> queue).
> 
> HTH
> 
> Drew
> 
ive done all settings from there in the past, no effect :(

grettings 
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Wed Aug  4 15:18:10 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:28 2006
Subject: new problems, postfix - ms
Message-ID: <mailman.296.1137101188.24926.mailscanner@lists.mailscanner.info>

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dörfler Andreas
> Sent: Wednesday, August 04, 2004 10:13 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: AW: new problems, postfix - ms
> 
> > -----Ursprüngliche Nachricht-----
> 
> > Von: Stephen Swaney [mailto:steve.swaney@FSL.COM]
> 
> > Gesendet: Mittwoch, 4. August 2004 15:16
> 
> >
> 
> > > -----Original Message-----
> 
> >
> 
> > > From: MailScanner mailing list
> 
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> 
> >
> 
> > > Behalf Of Dörfler Andreas
> 
> >
> 
> > > Sent: Wednesday, August 04, 2004 7:31 AM
> 
> >
> 
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> 
> >
> 
> > > Subject: new problems, postfix - ms
> 
> >
> 
> > >
> 
> >
> 
> > > hi again,
> 
> >
> 
> > >
> 
> >
> 
> > > got a problem with postfix and ms.
> 
> >
> 
> > > when i start postfix alone without ms everything is ok.
> 
> >
> 
> > > but when i start ms (rcMailScanner) i get following error
> 
> >
> 
> > > in /var/log/mail:
> 
> >
> 
> > > Aug  4 13:03:02 MailScanner[7675]: Messages found but no
> 
> > hashed queue
> 
> >
> 
> > > directories. Please enable hashed queues for incoming and
> 
> > deferred with a
> 
> >
> 
> > > depth of 1 or 2. See the Postfix documentation for
> 
> > hash_queue_names and
> 
> >
> 
> > > hash_queue_depth
> 
> >
> 
> > >
> 
> >
> 
> > > "postconf -d" shows me:
> 
> >
> 
> > > hash_queue_depth = 1
> 
> >
> 
> > > hash_queue_names =
> 
> > incoming,active,deferred,bounce,defer,flush,hold,trace
> 
> >
> 
> > >
> 
> >
> 
> > > done the settings in main.cf too
> 
> >
> 
> > > done "post-install create-missing" twice, no result
> 
> >
> 
> >
> 
> >
> 
> > Are you running razor? This error message can occur when
> 
> > Razor mistakenly
> 
> >
> 
> > puts the .razor directory in /var/spool/postfix/hash
> 
> >
> 
> >
> 
> > If this is the case, try moving the files in
> 
> > /var/spool/postfix/hash/.razor
> 
> >
> 
> > to /etc/razor and make sure that postfix can read and write
> 
> > to these files.
> 
> >
> 
> >
> 
> > If your running a razor-discover cron job make sure that it
> 
> > specifies where
> 
> >
> 
> > to put the servers file and corrects any ownership or
> 
> > permissions problems:
> 
> >
> 
> >
> 
> > /usr/bin/razor-admin -discover -conf=/etc/razor/razor-agent.conf
> 
> >
> 
> >
> 
> > Steve
> 
> >
> 
> 
> jea im running razor (2.61) but the files there where i wanted it.
> 
> files in /etc/razor and a softlink from /root/.razor to /etc/razor
> 
> permissions set to postfix:postfix
> 
> hm i see, little error postfix/postsuper[10483]: warning: bogus file name:
> 
> hold/razor-agent.log
> 
> ok, but that not that critical
> 
> 
> greetings
> 
> andy
> 

Yes but are you sure that there is not a .razor file any where in postfix
queue directories? Try:

        find /var/spool/postfix "razor*"

Are any files found?

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From SmartD at VMCMAIL.COM  Wed Aug  4 15:42:50 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:28 2006
Subject: Error starting MailScanner: Can't find Net/CIDR.pm
Message-ID: <mailman.297.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>I've just built a
new Linux machine, and I'm trying to get MailScanner loaded.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>Caos Centos
v3.1&nbsp; (RHEL 3 clone)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>Perl
5.8.5</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>Postfix (current
version)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=078573614-04082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>I upgrade the Perl
to 5.8.5, and have loaded all the libraries.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=078573614-04082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>I had the previous
version of MailScanner on the machine, but didn't fire it up.&nbsp; I reloaded
it with the current version last night.&nbsp; All modules either loaded or said
they were already loaded.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=078573614-04082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>When I try to start
MailScanner, is says it can't find /Net/CIDR.pm on the @INC path, even though it
is there.&nbsp; I checked permissions and it is 444.&nbsp; I did an rpm -Uvh
--force on the Net::CIDR rpm file to make sure it was not corrupt or
something.&nbsp; Still get this error.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=078573614-04082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=078573614-04082004>Any
suggestions?</SPAN></FONT></DIV>
<DIV><FONT size=2><FONT face=Courier></FONT></FONT>&nbsp;</DIV>
<DIV><FONT size=2><FONT face=Courier>&lt;&lt;Dan&gt;&gt;</FONT><BR></DIV></FONT>
<DIV>&nbsp;</DIV></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From chris at scorpion.nl  Wed Aug  4 16:10:49 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:28 2006
Subject: MailScanner & Exim
Message-ID: <mailman.298.1137101188.24926.mailscanner@lists.mailscanner.info>

Sebastian,

You will always need at least two instances. One to place messages in a
queue for MailScanner to scan, and a second one for the delivery. You can
use one configuration file...

bye,
Chris

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of sebastian ruchti
> Sent: woensdag 4 augustus 2004 15:56
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailScanner & Exim
>
> I've suceessfully used the dual and single-instance installs
> of MailScanner
> with postfix and now I want to set it up on a server using
> exim as MTA.
> I've had a look at the installation howto and wondered if
> there is also a
> possibility to run MailScanner with just one instance of exim?
>
> .sebastian
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 16:14:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: Error starting MailScanner: Can't find Net/CIDR.pm
Message-ID: <mailman.299.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:42 04/08/2004, you wrote:
>I've just built a new Linux machine, and I'm trying to get MailScanner loaded.
>Caos Centos v3.1  (RHEL 3 clone)
>Perl 5.8.5
>Postfix (current version)
>
>I upgrade the Perl to 5.8.5, and have loaded all the libraries.
>
>I had the previous version of MailScanner on the machine, but didn't fire
>it up.  I reloaded it with the current version last night.  All modules
>either loaded or said they were already loaded.
>
>When I try to start MailScanner, is says it can't find /Net/CIDR.pm on the
>@INC path, even though it is there.  I checked permissions and it is
>444.  I did an rpm -Uvh --force on the Net::CIDR rpm file to make sure it
>was not corrupt or something.  Still get this error.

Did you rpm -Uvh the .noarch.rpm or the .src.rpm? If all else fails,
install it from CPAN. It's a tiny module.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dml at UNB.CA  Wed Aug  4 16:37:32 2004
From: dml at UNB.CA (David Lancaster)
Date: Thu Jan 12 21:26:28 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.300.1137101188.24926.mailscanner@lists.mailscanner.info>

I ran into the "Failed to link message body between queues" problem after upgrading the Sendmail
8.13.1 (from 8.12.10) to get the greet_pause feature.

As mentioned, it appears the under Linux, the default locking has been changed from flock to
fnctl.  I recompiled Sendmail, explcitly setting flock, and I'm not getting anymore error messages,
and everything appears good for the last hour or so.

I used:
APPENDDEF(`confENVDEF',`-DHASFLOCK=1')
in my devtools/Site/site.config.m4 file.

Cheers,
D.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug  4 16:57:36 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.301.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

        I'm not sure if this is a MS or ClamAV issue, so let me know...

I think I played too much with my home test server and I crunched some
things.  Now I've fixed everything, but one ClamAV error:

Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
failed with real error: Invalid function CL_ENCRYPTED at
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
line 69.

I tried to re-install ClamAV, didn't change anything.

It is not a priority, since I still have bitdefender working and my
desktop AV.  I'll probably re-install the system soon anyways, but I'm
curious.

Anyone has an idea?

Thanks,

Ugo

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kodak at FRONTIERHOMEMORTGAGE.COM  Wed Aug  4 17:41:11 2004
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:26:28 2006
Subject: Many viruses not being detected :-(
Message-ID: <mailman.302.1137101188.24926.mailscanner@lists.mailscanner.info>

Pete <> wrote:
> How do you match up the popular/common name of the viruses with the
> clamav obscure name?

MailScanner does this for me.  I have the virus reports
sent to me (so I can easily forward to abuse@respective.isp
on certain offenders) and since I'm running both Sophos
and Clamav I get:
[snip]
Report: SophosSAVI: mp3music.pif was infected by W32/Netsky-D
            ClamAV Module: mp3music.pif was infected: Worm.SomeFool.Gen-1
            MailScanner: Shortcuts to MS-Dos programs are very dangerous in
email (mp3music.pif)
[snip]

So, I'm reasonably certain that W32/Netsky-D (as named by Sophos) is
the same as Worm.SomeFool.Gen-1 as named by ClamAV.

If you need help setting your MailScanner.conf up to send you
these reports, feel free to ask, but the easy thing is to search
the .conf for "report".

BTW: As soon as I start getting a lot of messages from a particular
IP I block them at the MTA (usually with a 550: Infected Idiot) so
these reports aren't too overwhelming.  Plus, I like sending them
to abuse@isp -- it actually seems to get something done for the
most part.

HTH,
--J(K)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug  4 17:54:22 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.303.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I forgot to mention:

Taolinux

ClamAV 0.75

[root@lubik clamav-0.75]# MailScanner -V
This is Perl version 5.008
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From chris at FRACTALWEB.COM  Wed Aug  4 18:03:37 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:28 2006
Subject: MyDoom.O sneaking through!
Message-ID: <mailman.304.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi everyone,

I'm running the latest version of MailScanner (just updated yesterday)
and for some reason, MyDoom.O is occasionally getting through. According
to my logs, in the last week, I've had 11,001 messages with MyDoom.O
blocked...but I know that some of them are getting though because I had
someone send me a zip file that they received today and the virus was
completely intact and waltzed right through the system.

How do I troubleshoot and fix this?

Thanks,
Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug  4 18:11:06 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.305.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you tried re-installing the ClamAV perl module? It may just need
re-linking against the newer ClamAV library.

>Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
>failed with real error: Invalid function CL_ENCRYPTED at
>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
>line 69.
>
>I tried to re-install ClamAV, didn't change anything.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jfraley at glenraven.com  Wed Aug  4 18:15:32 2004
From: jfraley at glenraven.com (Jon Fraley)
Date: Thu Jan 12 21:26:28 2006
Subject: Determin version number
Message-ID: <mailman.306.1137101188.24926.mailscanner@lists.mailscanner.info>

Is there a commandline command to get the MailScanner version number?

Thanks --Jon

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug  4 18:21:07 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: Determin version number
Message-ID: <mailman.307.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jon Fraley wrote:

> Is there a commandline command to get the MailScanner version number?
>

Yes, in the most recent version

-V

> Thanks --Jon
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug  4 18:25:57 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.308.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Have you tried re-installing the ClamAV perl module? It may just need
> re-linking against the newer ClamAV library.

yes, if you mean Mail::ClamAV

>
>> Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
>> failed with real error: Invalid function CL_ENCRYPTED at
>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
>> line 69.
>>
>> I tried to re-install ClamAV, didn't change anything.
>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From derek at ADCATANZARO.COM  Wed Aug  4 18:33:14 2004
From: derek at ADCATANZARO.COM (derek)
Date: Thu Jan 12 21:26:28 2006
Subject: Determin version number
Message-ID: <mailman.309.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jon Fraley wrote:

>Is there a commandline command to get the MailScanner version number?
>
>Thanks --Jon
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
rpm -qa | grep mailscanner

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From krausem at GMAIL.COM  Wed Aug  4 18:52:22 2004
From: krausem at GMAIL.COM (Matt Krause)
Date: Thu Jan 12 21:26:28 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.310.1137101188.24926.mailscanner@lists.mailscanner.info>

Can someone help me figure out why MailScanner is not forwarding MCP
messages to my review account.  I just upgraded to the newest version
this morning hoping it would fix the problem from the Debian package
version 4.31.6-1, but it didn't.  So I am using the tarball from
www.mailscanner.info now, but the MCP part still isn't working.

I don't remember when it stopped working, but it was a while ago.  The
logs states that it catches the MCP rule and it quarantines it just
fine, but it never forwards the message even though the log states it
is store forward.  The message never gets requeued.  I am using
Postfix.

Any ideas?

Thanks.
--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From diego.fabara at ALEGROPCS.COM  Wed Aug  4 19:12:50 2004
From: diego.fabara at ALEGROPCS.COM (Diego Fabara)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.311.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="metricconverter"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Webdings;
        panose-1:5 3 1 2 1 5 9 6 7 3;}
@font-face
        {font-family:"Wingdings 2";
        panose-1:5 2 1 2 1 5 7 7 7 7;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EstiloCorreo17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=ES link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>My mailserver is a gateway.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>I need to send mass mailing once per week (outbound
mail) &gt; 300 recipients. But I need to permit this only a few users not all.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>And I need to control this<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Howto this ?? With a ruleset ??<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Give an example&#8230;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>If the limit is 5 MB for message and I send 10
attachments <st1:metricconverter ProductID="0f" w:st="on">0f</st1:metricconverter>
2MB and  .. what happen ? Please explainme this.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><em><b><i><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial;font-weight:bold'>Ing. Diego Rubén Fabara V.</span></font><o:p></o:p></i></b></em></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Adm.&nbsp;de Red.</span></font><o:p></o:p></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><img width=175 height=65 id="_x0000_i1025"
src="cid:image001.jpg@01C47A24.BC458320"><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Wingdings 2"><span lang=EN-US
style='font-size:10.0pt;font-family:"Wingdings 2"'>'</span></font><font size=2
face=Arial><span lang=PT-BR style='font-size:10.0pt;font-family:Arial'>: + 593
2&nbsp;</span></font><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>2990000 Ext 2217</span></font><o:p></o:p></p>

<p class=MsoNormal><font size=2 face=Webdings><span lang=EN-US
style='font-size:10.0pt;font-family:Webdings'>È</span></font><font size=2
face=Arial><span lang=PT-BR style='font-size:10.0pt;font-family:Arial'>: + 593
9 0</span></font><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>96097325</span></font><o:p></o:p></p>

<p class=MsoNormal><font size=2 face=Webdings><span lang=EN-US
style='font-size:10.0pt;font-family:Webdings'>s</span></font><font size=2
face=Arial><span lang=PT-BR style='font-size:10.0pt;font-family:Arial'>: <font
color=blue><span style='color:blue'><a href="mailto:diego.fabara@alegropcs.com">diego.fabara@alegropcs.com</a></span></font></span></font><span
lang=PT-BR><o:p></o:p></span></p>

<p class=MsoAutoSig><font size=2 color=black face=Arial><span lang=PT-BR
style='font-size:10.0pt;font-family:Arial;color:black'>&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font size=2 color=blue face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:blue'><a
href="http://www.alegropcs.com" title="http://www.alegropcs.com"><strong><b><font
face=Arial><span lang=PT-BR style='font-family:Arial'><span
title="http://www.alegropcs.com">www.alegropcs.com</span></span></font></b></strong></a></span></font><font
size=2 color=blue face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:blue'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

<hr><p><font size=2><font color=00008B><b>INFORMACION CONFIDENCIAL:</b></font> SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA - ALEGRO PCS.</font></p></body>

</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>
Embedded Content: image00128.jpg: 00000001,4dc6f461,00000000,00000000

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug  4 19:19:52 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.312.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-08-04 at 19:12, Diego Fabara wrote:

> I need to send mass mailing once per week (outbound mail) > 300
> recipients. But I need to permit this only a few users not all.

Who will be sending the mail? You or a limited number of users?

By control what do you mean?

And would you please STOP sending those html heavy emails with your
logo. They are really annoying.
--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Wed Aug  4 19:23:07 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.313.1137101188.24926.mailscanner@lists.mailscanner.info>

________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Diego Fabara
Sent: Wednesday, August 04, 2004 2:13 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Mass Mailling

> My mailserver is a gateway.


> I need to send mass mailing once per week (outbound mail) > 300 
> 
> 
> recipients. But I need to permit this only a few users not all.
> And I need to control this

> Howto this ?? With a ruleset ??

Give an exampleâ^À¦

> I need to send mass mailing once per week (outbound mail) 
> 300 recipients. But I need to permit this only a few users not all.
> And I need to control this

> Howto this ?? With a ruleset ??


Sounds like this might be better done by a program like Mailman http://www.list.org/ or a mass mailer program.


Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> If the limit is 5 MB for message and I send 10 attachments 0f 2MB and 
>.. what happen ? Please explainme this.




Ing. Diego Rubén Fabara V.
Adm. de Red.

ï^À§: + 593 2 2990000 Ext 2217
ï^Ã^È: + 593 9 096097325
ï^Á³: diego.fabara@alegropcs.com
     www.alegropcs.com



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From P.G.M.Peters at utwente.nl  Wed Aug  4 19:23:22 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:28 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.314.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 16:37:32 +0100, you wrote:

>I ran into the "Failed to link message body between queues" problem after upgrading the Sendmail
>8.13.1 (from 8.12.10) to get the greet_pause feature.
>
>As mentioned, it appears the under Linux, the default locking has been changed from flock to
>fnctl.  I recompiled Sendmail, explcitly setting flock, and I'm not getting anymore error messages,
>and everything appears good for the last hour or so.
>
>I used:
>APPENDDEF(`confENVDEF',`-DHASFLOCK=1')
>in my devtools/Site/site.config.m4 file.

So I expect Petry (who did the opposite) will also have solved his
problems.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From P.G.M.Peters at utwente.nl  Wed Aug  4 19:24:42 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.315.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 13:25:57 -0400, you wrote:

>> Have you tried re-installing the ClamAV perl module? It may just need
>> re-linking against the newer ClamAV library.
>
>yes, if you mean Mail::ClamAV

Have you really re-installed clamav or did the installation just think
it was installed and didn't do it again?

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From spamtrap71892316634 at ANIME.NET  Wed Aug  4 19:25:20 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:26:28 2006
Subject: MyDoom.O sneaking through!
Message-ID: <mailman.316.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004, Chris Yuzik wrote:
> I'm running the latest version of MailScanner (just updated yesterday)
> and for some reason, MyDoom.O is occasionally getting through. According
> to my logs, in the last week, I've had 11,001 messages with MyDoom.O
> blocked...but I know that some of them are getting though because I had
> someone send me a zip file that they received today and the virus was
> completely intact and waltzed right through the system.

Looks like its a new mydoom variant where they doubly zip the virus. Eg
they zip the zipfile.

-Dan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Wed Aug  4 19:26:26 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.317.1137101188.24926.mailscanner@lists.mailscanner.info>

Maybe you should set up mailman for this purpose?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Diego Fabara
Sent: Wednesday, August 04, 2004 2:13 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Mass Mailling


My mailserver is a gateway.
 
 
I need to send mass mailing once per week (outbound mail) > 300 recipients.
But I need to permit this only a few users not all.
And I need to control this
 
Howto this ?? With a ruleset ??
 
Give an example.
 
 
If the limit is 5 MB for message and I send 10 attachments 0f 2MB and ..
what happen ? Please explainme this.
 
 

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From P.G.M.Peters at utwente.nl  Wed Aug  4 19:28:33 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:28 2006
Subject: MyDoom.O sneaking through!
Message-ID: <mailman.318.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 10:03:37 -0700, you wrote:

>Hi everyone,
>
>I'm running the latest version of MailScanner (just updated yesterday)
>and for some reason, MyDoom.O is occasionally getting through. According
>to my logs, in the last week, I've had 11,001 messages with MyDoom.O
>blocked...but I know that some of them are getting though because I had
>someone send me a zip file that they received today and the virus was
>completely intact and waltzed right through the system.
>
>How do I troubleshoot and fix this?

Start by examining the headers to check whether the message got through
your system.

Next check the logs of your system and pay close attention to the
queue-ID (at least with sendmail). A grep for just the ID will show you
all relevant lines. Did you get a few lines for the incoming MTA session
and (at least) one for the outgoing MTA? And did the incoming line
mention "queued"?

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Wed Aug  4 19:28:34 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:28 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.319.1137101188.24926.mailscanner@lists.mailscanner.info>

On Tue, 3 Aug 2004 18:46:39 -0400, Eric Dantan Rzewnicki
<rzewnickie@rfa.org> wrote:
> On Thu, Jul 29, 2004 at 08:38:57AM -0300, Mariano Absatz wrote:
> > I heard, from knowledgable people, that both Postfix and Exim are
> > nice, easy to configure and have good documentation and mailing list
> > support... the only thing that I disliked was when Julian said that
> > the queue format of Postfix is binary and not plain ASCII... this
> > scares me a lot since, in a crisis, you aren't able to use your
> > average set of text tools to resolve it...
>
> Is this really true? I know postfix queuefiles don't have linebreaks in
> them, but does that make them binary?
>
> Anyway, postfix comes with the postcat utility which takes a queuefile
> and prints it to standard out nicely formatted with line breaks. So, you
> can do whatever standard text manipulations on it you desire. The
> postdrop utility is also useful for dealing with queuefiles.
>
There's more to mail queue files than the message itself... you
usually have the envelope, maybe including status info... I guess the
utility you name doesn't nicely print them... nor is there a utility
to reverse the process (or is it?).

Since MailScanner _needs_ the envelope info and has to rebuild it when
it finishes, it has no other route than mess with the binary files...

As to the 'standard' way of interacting with Postfix, I don't know,
but I suspect it is something similar to milter, that gets called for
every message...

The beauty and speed of MailScanner comes from the fact that it
batches quite a few messages ans processes all of them together,
invoking the virus scanner for all the attachments of all the messages
in one sweep thus saving loads of 'system' invocations for this...

Maybe I'm too used to zmailer, which uses the same model MailScanner
does (process interaction is mostly performed via the filesystem), but
I love it... if something's going wrong in some place I can stop only
one piece and let the rest keep working while I repair it...



--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From spamtrap71892316634 at ANIME.NET  Wed Aug  4 19:29:38 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.320.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004, Michele Neylon : Blacknight Solutions wrote:
> On Wed, 2004-08-04 at 19:12, Diego Fabara wrote:
> > I need to send mass mailing once per week (outbound mail) > 300
> > recipients. But I need to permit this only a few users not all.
> And would you please STOP sending those html heavy emails with your
> logo. They are really annoying.

The retarded 'disclaimer' is more annoying. If his company is so paranoid
about email perhaps he should not be using a company account to subscribe
to a public mailing list.

IMHO there should be a standard policy on the mailscanner ML forbidding
disclaimers -- eg if the account you are using requires disclaimers, then
they have no business using it for a public mailing list. Not only that,
but the severe legal risk it puts the mailscanner mailing list and all its
subscribers into, by distributing and archiving such 'confidential'
emails.

-Dan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug  4 19:33:31 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.321.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Peters wrote:

> On Wed, 4 Aug 2004 13:25:57 -0400, you wrote:
>
>
>>>Have you tried re-installing the ClamAV perl module? It may just need
>>>re-linking against the newer ClamAV library.
>>
>>yes, if you mean Mail::ClamAV
>
>
> Have you really re-installed clamav or did the installation just think
> it was installed and didn't do it again?

I originally had version 0.4 of Mail::ClamAV.

I installed using cpan, so I'm now at 0.11.

Is that a sufficient answer?

I also make a 'make uninstall' of clamav and then reinstalled.

Thanks,

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dh at UPTIME.AT  Wed Aug  4 19:33:51 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.322.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Dan Hollis wrote:

<snip>
| IMHO there should be a standard policy on the mailscanner ML forbidding
| disclaimers -- eg if the account you are using requires disclaimers, then
| they have no business using it for a public mailing list. Not only that,
| but the severe legal risk it puts the mailscanner mailing list and all its
| subscribers into, by distributing and archiving such 'confidential'
| emails.
|
Actually in no court of law in whole Europe any of those disclaimers
would be considered something other than useless text. I do not know
about the rest of the world, but I for my part just find them annoying :)

- -d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBESwPPMoaMn4kKR4RAx7rAJ9/yddYwkALRuznv+pxTPtt1r/AtwCgkS7l
2G44QpcInT4qn8cqpd7z2bo=
=VdP3
-----END PGP SIGNATURE-----

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug  4 19:37:46 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:28 2006
Subject: Disclaimers and sigs was Re: [MAILSCANNER] Mass Mailling
Message-ID: <mailman.323.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-08-04 at 19:29, Dan Hollis wrote:
> On Wed, 4 Aug 2004, Michele Neylon : Blacknight Solutions wrote:
> > On Wed, 2004-08-04 at 19:12, Diego Fabara wrote:
> > > I need to send mass mailing once per week (outbound mail) > 300
> > > recipients. But I need to permit this only a few users not all.
> > And would you please STOP sending those html heavy emails with your
> > logo. They are really annoying.
>
> The retarded 'disclaimer' is more annoying. If his company is so paranoid
> about email perhaps he should not be using a company account to subscribe
> to a public mailing list.

It may be annoying, but it doesn't take all day to download a few more
lines of text. HTML heavy crap with images takes time and bandwidth plus
it makes replying to it a pain.
>
> IMHO there should be a standard policy on the mailscanner ML forbidding
> disclaimers -- eg if the account you are using requires disclaimers, then
> they have no business using it for a public mailing list. Not only that,
> but the severe legal risk it puts the mailscanner mailing list and all its
> subscribers into, by distributing and archiving such 'confidential'
> emails.
Some mailing list servers respect an "no archive" header.
In many cases the disclaimers and legal mumbo-jumbo is added by the
mailserver on the way out and the users have no control over it.
It would only be a legal minefield if anybody started enforcing it
anyway and in most cases it is more of a protection in case of abuse
than anything of legal weight.


--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Aug  4 19:40:53 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:28 2006
Subject: Mass Mailling
Message-ID: <mailman.324.1137101188.24926.mailscanner@lists.mailscanner.info>

Diego Fabara wrote:
> My mailserver is a gateway.
>
> I need to send mass mailing once per week (outbound mail) > 300
> recipients. But I need to permit this only a few users not all.
> And I need to control this

Yeah, what the others said; a mail list program (sorta like this mail list
that we're all using!)

> Howto this ?? With a ruleset ??
>
> Give an example...
>
>
> If the limit is 5 MB for message and I send 10 attachments 0f 2MB and
> .. what happen ? Please explainme this.

You will swamp your mail server for one, and the messages won't go anywhere.
When you send a message with an attachment, the attachment is encoded to
MIME format which adds about 25% overhead to the size, so a 10 MB message
will expand to a 12.5 MB message and will bounce.  Not what you want.  It it
was me, I'd put up an ftp server and send a URL out to everybody and let
them download the files themselves rather than making your mail server do
wind sprints...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From spamtrap71892316634 at ANIME.NET  Wed Aug  4 19:52:39 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:26:28 2006
Subject: Disclaimers and sigs was Re: [MAILSCANNER] Mass Mailling
Message-ID: <mailman.325.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004, Michele Neylon : Blacknight Solutions wrote:
> On Wed, 2004-08-04 at 19:29, Dan Hollis wrote:
> > disclaimers -- eg if the account you are using requires disclaimers, then
> > they have no business using it for a public mailing list. Not only that,
> > but the severe legal risk it puts the mailscanner mailing list and all its
> > subscribers into, by distributing and archiving such 'confidential'
> > emails.
> Some mailing list servers respect an "no archive" header.

Did his have one?

Does this list server respect such a header?

> In many cases the disclaimers and legal mumbo-jumbo is added by the
> mailserver on the way out and the users have no control over it.

Then they shouldnt be using that mailserver IMO. If their company is so
paranoid about emails they shouldnt be using a private company account for
public email lists, with the chance of 'confidential' information being
leaked out to the public.

> It would only be a legal minefield if anybody started enforcing it
> anyway and in most cases it is more of a protection in case of abuse
> than anything of legal weight.

Then there's no problem to strip the attachments, or block such emails
totally?

It's annoying to constantly receive emails where the disclaimer is 3 times
the size of the body of the message.

-Dan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug  4 19:59:13 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:28 2006
Subject: Disclaimers and sigs was Re: [MAILSCANNER] Mass Mailling
Message-ID: <mailman.326.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-08-04 at 19:52, Dan Hollis wrote
> Did his have one?
>
> Does this list server respect such a header?

No idea.

> Then they shouldnt be using that mailserver IMO.

That might be both impractical and illogical in many instances

> Then there's no problem to strip the attachments, or block such emails
> totally?

There shouldn't be. As was already mentioned our laws don't care about
the disclaimers. Maybe US law is different, but as it doesn't apply to
me :)

>
> It's annoying to constantly receive emails where the disclaimer is 3 times
> the size of the body of the message.

That doesn't bother me as much as HTML emails with stupid logos

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug  4 20:14:56 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.327.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

>         I'm not sure if this is a MS or ClamAV issue, so let me know...
>
> I think I played too much with my home test server and I crunched some
> things.  Now I've fixed everything, but one ClamAV error:
>
> Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
> failed with real error: Invalid function CL_ENCRYPTED at
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
> line 69.
>
> I tried to re-install ClamAV, didn't change anything.
>
> It is not a priority, since I still have bitdefender working and my
> desktop AV.  I'll probably re-install the system soon anyways, but I'm
> curious.

You are running an outdated version of the Mail::ClamAV module (perl).
Update and its all ok.

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug  4 20:19:18 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.328.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

> ClamAV 0.75

> 0.11    Mail::ClamAV

Hmn.... strange, after upgrading to Mail::ClamAV 0.11 my errors went away.
Did you reload yours after upgrading to .11 ? Saw these errors after i
upgraded Clam to .75, and a little later, after i upgraded to .11 they
were gone.

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug  4 20:20:20 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.329.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

> Have you tried re-installing the ClamAV perl module? It may just need
> re-linking against the newer ClamAV library.
>
> >Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
> >failed with real error: Invalid function CL_ENCRYPTED at
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
> >line 69.
> >
> >I tried to re-install ClamAV, didn't change anything.

That would explain the things i experienced...

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mike at ZANKER.ORG  Wed Aug  4 20:20:33 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error
Message-ID: <mailman.330.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 04 August 2004 11:57 -0400 Ugo Bellavance <ugob@CAMO-ROUTE.COM>
wrote:

> Aug  4 11:53:40 lubik MailScanner[29899]: Commercial virus checker
> failed with real error: Invalid function CL_ENCRYPTED at
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm
> line 69.

Yes, I got the same error message after installing the latest ClamAV.
All I needed to do was to re-install Mail::ClamAV and that fixed it.

Mike.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From SmartD at VMCMAIL.COM  Wed Aug  4 20:21:52 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:28 2006
Subject: Error starting MailScanner: Can't find Net/CIDR .pm
Message-ID: <mailman.331.1137101188.24926.mailscanner@lists.mailscanner.info>

I used the rpm created in the noarch directory.  It seem to load just fine.
I will give it a try from CPAN.  The machine is has home, so I will spend a
little more effort, and give the full error files.

BTW: How do your modify the perl module search path that is listed for @INC.
Since I've upgraded perl, I've got libraries spread around.  Would like to
consolidate them into the 5.8.5 tree.

<<Dan>>




>  -----Original Message-----
>  From: MailScanner mailing list
>  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
>  Sent: Wednesday, August 04, 2004 10:15 AM
>  To: MAILSCANNER@JISCMAIL.AC.UK
>  Subject: Re: [MAILSCANNER] Error starting MailScanner: Can't
>  find Net/CIDR.pm
>
>  At 15:42 04/08/2004, you wrote:
>  >I've just built a new Linux machine, and I'm trying to get
>  MailScanner loaded.
>  >Caos Centos v3.1  (RHEL 3 clone)
>  >Perl 5.8.5
>  >Postfix (current version)
>  >
>  >I upgrade the Perl to 5.8.5, and have loaded all the libraries.
>  >
>  >I had the previous version of MailScanner on the machine,
>  but didn't
>  >fire it up.  I reloaded it with the current version last
>  night.  All
>  >modules either loaded or said they were already loaded.
>  >
>  >When I try to start MailScanner, is says it can't find
>  /Net/CIDR.pm on
>  >the @INC path, even though it is there.  I checked
>  permissions and it
>  >is 444.  I did an rpm -Uvh --force on the Net::CIDR rpm
>  file to make
>  >sure it was not corrupt or something.  Still get this error.
>
>  Did you rpm -Uvh the .noarch.rpm or the .src.rpm? If all
>  else fails, install it from CPAN. It's a tiny module.
>  --
>  Julian Field
>  www.MailScanner.info
>  MailScanner thanks transtec Computers for their support
>
>  PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>  -------------------------- MailScanner list ----------------------
>  To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>  Before posting, please see the Most Asked Questions at
>  http://www.mailscanner.biz/maq/     and the archives at
>  http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris at FRACTALWEB.COM  Wed Aug  4 20:23:56 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:28 2006
Subject: MyDoom.O sneaking through!... SOLVED!
Message-ID: <mailman.332.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dan Hollis wrote:

>Looks like its a new mydoom variant where they doubly zip the virus. Eg
>they zip the zipfile.
>
Yes, that's right. The zip file is named using the recipient's email
address with a "-2.zip" appended to the end. Inside that archive is
another zip file with a similar name (the recipient's email address with
a ".zip" appended to the end. Inside that is the actual virus named
using the recipient's email address with a ".txt" appended and a ton of
spaces, then a ".pif" (etc.).

For example, I have one here named
  john@someserver.com-2.zip
and inside that is
  john@someserver.com.zip
and inside that is

john@someserver.com.txt
.pif (except there are many more spaces)

I've tried saving this message and sending it back to myself, and
MailScanner does catch it.

After grepping log files galore, I have discovered that some messages
were coming through as "unscanned". Upon further analysis of
MailScanner.conf and the "Virus Scanning" setting, it seems that this
person's domain was set to not scan for viruses. I'm going to hunt down
and boot the person that did that...but there you go.

Thanks to Dan and Peter for their help on this issue. Hope this helps
someone else in the future.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug  4 20:25:49 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error SOLVED
Message-ID: <mailman.333.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raymond Dijkxhoorn wrote:

> Hi!
>
>
>>ClamAV 0.75
>
>
>>0.11    Mail::ClamAV
>
>
> Hmn.... strange, after upgrading to Mail::ClamAV 0.11 my errors went away.
> Did you reload yours after upgrading to .11 ? Saw these errors after i
> upgraded Clam to .75, and a little later, after i upgraded to .11 they
> were gone.

I guess I forgot to restart MS at some point, but I was sure that...

Anyways, no more errors.

>
> Bye,
> Raymond.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Wed Aug  4 20:26:43 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: MyDoom.O sneaking through!
Message-ID: <mailman.334.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

> I'm running the latest version of MailScanner (just updated yesterday)
> and for some reason, MyDoom.O is occasionally getting through. According
> to my logs, in the last week, I've had 11,001 messages with MyDoom.O
> blocked...but I know that some of them are getting though because I had
> someone send me a zip file that they received today and the virus was
> completely intact and waltzed right through the system.
>
> How do I troubleshoot and fix this?

Install some more virus scanners ? :) Or submit the samples that get
through to your current antivirus vendor...

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug  4 20:41:19 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error SOLVED
Message-ID: <mailman.335.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

> >>0.11    Mail::ClamAV
> >
> >
> > Hmn.... strange, after upgrading to Mail::ClamAV 0.11 my errors went away.
> > Did you reload yours after upgrading to .11 ? Saw these errors after i
> > upgraded Clam to .75, and a little later, after i upgraded to .11 they
> > were gone.
>
> I guess I forgot to restart MS at some point, but I was sure that...
> Anyways, no more errors.

Ok. Nice one to get added to the MAQ i think...

Bye.
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug  4 20:43:37 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error SOLVED
Message-ID: <mailman.336.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raymond Dijkxhoorn wrote:

> Hi!
>
>
>>>>0.11    Mail::ClamAV
>>>
>>>
>>>Hmn.... strange, after upgrading to Mail::ClamAV 0.11 my errors went away.
>>>Did you reload yours after upgrading to .11 ? Saw these errors after i
>>>upgraded Clam to .75, and a little later, after i upgraded to .11 they
>>>were gone.
>>
>>I guess I forgot to restart MS at some point, but I was sure that...
>>Anyways, no more errors.
>
>
> Ok. Nice one to get added to the MAQ i think...

Not to forget to reload ?

:).

Ok, I'm taking note of your suggestion.  Might be online tonight.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug  4 20:50:13 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: clamAV weird error SOLVED
Message-ID: <mailman.337.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raymond Dijkxhoorn wrote:

> Hi!
>
>
>>>>0.11    Mail::ClamAV
>>>
>>>
>>>Hmn.... strange, after upgrading to Mail::ClamAV 0.11 my errors went away.
>>>Did you reload yours after upgrading to .11 ? Saw these errors after i
>>>upgraded Clam to .75, and a little later, after i upgraded to .11 they
>>>were gone.
>>
>>I guess I forgot to restart MS at some point, but I was sure that...
>>Anyways, no more errors.
>
>
> Ok. Nice one to get added to the MAQ i think...
>
I decided to go with a FAQ entry instead.

http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?file=345

I think it is more appropriate.

Thanks all.

Ugo

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dustin.baer at IHS.COM  Wed Aug  4 21:49:33 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:28 2006
Subject: Disclaimers and sigs was Re: [MAILSCANNER] Mass Mailling
Message-ID: <mailman.338.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon : Blacknight Solutions wrote:

>There shouldn't be. As was already mentioned our laws don't care about
>the disclaimers. Maybe US law is different, but as it doesn't apply to
>me :)
>
>
According to the lawyers at my company (Denver, Colorado), disclaimers
carry no weight.

Dustin

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From krausem at GMAIL.COM  Wed Aug  4 22:52:29 2004
From: krausem at GMAIL.COM (Matt Krause)
Date: Thu Jan 12 21:26:28 2006
Subject: MailScanner bypassing postfix always_bcc option
Message-ID: <mailman.339.1137101188.24926.mailscanner@lists.mailscanner.info>

Does anyone else have the issue of if MailScanner detects a mcp
message or spam, it bypasses the always_bcc option in Postfix and just
forwards it on to the account specified in MailScanner.conf if you so
chose to forward spam and mcp messages?

Is MailScanner supposed to act like this?  If so, I guess the only way
to get it to forward to both is to set multiple address in
MailScanner.conf under the spam and MCP sections?

--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From lists at BSDADMINS.NET  Thu Aug  5 03:49:24 2004
From: lists at BSDADMINS.NET (David Loszewski)
Date: Thu Jan 12 21:26:28 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.340.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I installed MailScanner 4.31.6 along with SpamAssassin 3.0.0 according
to the directions provided both in the install documents and on the
MailScanner site.  MailScanner seems to be loading up however it doesn't
seem to be scanning the messages or perhaps just not scanning them with
SpamAssassin.  This is what it shows in the logs when starting up:
Aug  3 23:26:53 outpost MailScanner[484]: MailScanner E-Mail Virus
Scanner version 4.31.6 starting...
Aug  3 23:26:56 outpost MailScanner[484]: Enabling SpamAssassin
auto-whitelist functionality...
Aug  3 23:27:01 outpost MailScanner[484]: Using locktype = flock
Aug  3 23:27:03 outpost MailScanner[527]: MailScanner E-Mail Virus
Scanner version 4.31.6 starting...
Aug  3 23:27:05 outpost MailScanner[527]: Enabling SpamAssassin
auto-whitelist functionality...
Aug  3 23:27:08 outpost MailScanner[527]: Using locktype = flock
Aug  3 23:27:13 outpost MailScanner[528]: MailScanner E-Mail Virus
Scanner version 4.31.6 starting...
Aug  3 23:27:15 outpost MailScanner[528]: Enabling SpamAssassin
auto-whitelist functionality...
MailScanner[528]: Using locktype = flock
MailScanner[529]: MailScanner E-Mail Virus Scanner version 4.31.6
starting...
MailScanner[529]: Enabling SpamAssassin auto-whitelist functionality...
MailScanner[529]: Using locktype = flock
MailScanner[530]: MailScanner E-Mail Virus Scanner version 4.31.6
starting...
MailScanner[530]: Enabling SpamAssassin auto-whitelist functionality...
MailScanner[530]: Using locktype = flock

I did all the recommended testing with SpamAssassin and they seemed to
have worked fine, I also changed the 'Use SpamAssassin = NO" to YES in
the mailscanner.conf file.  I've been working on this problem for the
past few nights now and haven't seemed to have gotten any further.  Any
suggestions would be greatly appreciated.  I also obvioulsy read all the
faqs that I could and searched the mailing list for previous posts
relating to this topic without much luck.

thx,
Dave

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From lists at BSDADMINS.NET  Thu Aug  5 04:02:56 2004
From: lists at BSDADMINS.NET (David Loszewski)
Date: Thu Jan 12 21:26:28 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.341.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I apologize for some of the double posting within my original message.

Dave

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug  5 04:04:39 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.342.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Loszewski wrote:

> I installed MailScanner 4.31.6 along with SpamAssassin 3.0.0 according
> to the directions provided both in the install documents and on the
> MailScanner site.  MailScanner seems to be loading up however it doesn't
> seem to be scanning the messages or perhaps just not scanning them with
> SpamAssassin.  This is what it shows in the logs when starting up:
> Aug  3 23:26:53 outpost MailScanner[484]: MailScanner E-Mail Virus
> Scanner version 4.31.6 starting...
> Aug  3 23:26:56 outpost MailScanner[484]: Enabling SpamAssassin
> auto-whitelist functionality...

Use of auto-whitelist is not recommended with MailScanner.  Have you
tried disabling it?

Did you have working setup with Spamassassin 2.63 before?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Andreas.Doerfler at KEMPTEN.DE  Thu Aug  5 07:14:18 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:28 2006
Subject: AW: new problems, postfix - ms
Message-ID: <mailman.343.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Ursprüngliche Nachricht-----
> Von: Stephen Swaney [mailto:steve.swaney@FSL.COM] 
> Gesendet: Mittwoch, 4. August 2004 16:18
> 

done a cute here, empty lines scare my eyes :)

> 
> Yes but are you sure that there is not a .razor file any 
> where in postfix
> 
> queue directories? Try: 
> 
>         find /var/spool/postfix "razor*"
> 
> Are any files found?
> 
> Steve


in the past there was only a logfile, nothing special. already
removed the log


> -----Ursprüngliche Nachricht-----
> Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
> Gesendet: Mittwoch, 4. August 2004 15:09
>
> Check the permissions on the Postfix /var/spool files and 
> directories. Can 
> the user specified in "Run As User" (in MailScanner.conf) 
> read and write 
> the files and directories?
> For some reason, it is unable to find the hashed queue 
> directories and files.

the postfix and ms dirs and subdirs set to postfix.postfix
postfix/ maildrop and public set to group maildrop

drew yesterday told me send mutible mails to ms, after sending
20+ mails no more errors inside logs. its not a real fix but it works :)
(tried only a few yesterday, thanks drew).

ok, now i must understand why ms let pass spams and no statistics in
mailwatch :)

greetings
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From tal at MUSICGENOME.COM  Thu Aug  5 07:16:11 2004
From: tal at MUSICGENOME.COM (Tal Kelrich)
Date: Thu Jan 12 21:26:28 2006
Subject: Determin version number
Message-ID: <mailman.344.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 12:33:14 -0500
derek <derek@ADCATANZARO.COM> wrote:

> Jon Fraley wrote:
>
> >Is there a commandline command to get the MailScanner version number?
> >
> rpm -qa | grep mailscanner
>

rpm -q mailscanner would be faster, though

--
Tal Kelrich
PGP fingerprint: 3EDF FCC5 60BB 4729 AB2F  CAE6 FEC1 9AAC 12B9 AA69
Key Available at: http://www.hasturkun.com/pub.txt
----
You cannot kill time without injuring eternity.
----

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Roman.Petry at DILLINGER.BIZ  Thu Aug  5 08:02:32 2004
From: Roman.Petry at DILLINGER.BIZ (Petry Roman, ITS-IT)
Date: Thu Jan 12 21:26:28 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.345.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi, here is Roman again...

As i said, i changed the locking type to posix in Mailscanner.conf and now
everything is O.K... No error again since yesterday morning.. 40000 mails
passed without a problem..

Thanks to the List for help. 8-).. The strange thing is , that the old
version did not have the same problems with flock.. 8-)).. Biut who cares..

Bye
Roman

-----Ursprüngliche Nachricht-----
Von: Peter Peters [mailto:P.G.M.Peters@UTWENTE.NL] 
Gesendet: Mittwoch, 4. August 2004 20:23
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: Re: Strange behavior since update to latest version... Failed to


On Wed, 4 Aug 2004 16:37:32 +0100, you wrote:

>I ran into the "Failed to link message body between queues" problem 
>after upgrading the Sendmail 8.13.1 (from 8.12.10) to get the 
>greet_pause feature.
>
>As mentioned, it appears the under Linux, the default locking has been 
>changed from flock to fnctl.  I recompiled Sendmail, explcitly setting 
>flock, and I'm not getting anymore error messages, and everything 
>appears good for the last hour or so.
>
>I used:
>APPENDDEF(`confENVDEF',`-DHASFLOCK=1')
>in my devtools/Site/site.config.m4 file.

So I expect Petry (who did the opposite) will also have solved his problems.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit
Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Uwe.Krause at FEP.FRAUNHOFER.DE  Thu Aug  5 08:37:13 2004
From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Uwe)
Date: Thu Jan 12 21:26:28 2006
Subject: SA 2.64 and spamcopuri ?
Message-ID: <mailman.346.1137101188.24926.mailscanner@lists.mailscanner.info>

Hello,

is there someone tried and tested the new SA 2.64 with spamcopuri 0.20 ?

Thanks
Uwe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Thu Aug  5 09:00:55 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:28 2006
Subject: SA 2.64 and spamcopuri ?
Message-ID: <mailman.347.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi!

> is there someone tried and tested the new SA 2.64 with spamcopuri 0.20 ?

Sure, runs fine. Please check the SURBL list if you have trouble
installing it...

http://lists.surbl.org.

Thanks,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Uwe.Krause at FEP.FRAUNHOFER.DE  Thu Aug  5 09:12:52 2004
From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Uwe)
Date: Thu Jan 12 21:26:28 2006
Subject: SA 2.64 and spamcopuri ?
Message-ID: <mailman.348.1137101188.24926.mailscanner@lists.mailscanner.info>

> Sure, runs fine. Please check the SURBL list if you have trouble
> installing it...

because ...

# *** YOU MUST USE SPAMASSASSIN 2.63 to run this - see INSTALL at Makefile.PL line 6.

it seems to work, thank´s

Uwe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 09:17:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: MailScanner bypassing postfix always_bcc option
Message-ID: <mailman.349.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:52 04/08/2004, you wrote:
>Does anyone else have the issue of if MailScanner detects a mcp
>message or spam, it bypasses the always_bcc option in Postfix and just
>forwards it on to the account specified in MailScanner.conf if you so
>chose to forward spam and mcp messages?
>
>Is MailScanner supposed to act like this?

Yes. It only forwards the message to the addresses you told it to. It has
no way of knowing where the recipients list came from, whether it was an
original recipient in the message from when it was created or whether it
was added by a later gateway.

>   If so, I guess the only way
>to get it to forward to both is to set multiple address in
>MailScanner.conf under the spam and MCP sections?

Correct.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug  5 10:00:43 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:28 2006
Subject: Determin version number
Message-ID: <mailman.350.1137101188.24926.mailscanner@lists.mailscanner.info>

>>
>>> Is there a commandline command to get the MailScanner version
>>> number?
>>>
>> rpm -qa | grep mailscanner
>>
If you look at the changelog you will see that Julian added in -v options
recently.

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Thu Aug  5 11:06:29 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:28 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.351.1137101188.24926.mailscanner@lists.mailscanner.info>

On Wed, August 4, 2004 9:43, Julian Field said:
> But it does all mean you can have a message more than 2^32 bytes long.
> Where would we be without support for 4.3 terabyte messages?

Being one of the definant Postfix users (From MailScanner's point of view
becasue I use Postfix and Postfix's point of view because I use MS) :-) I
would just like to ask if any one has a 4.3Tb message NOT to send it to me
to test the theory. The idea of waiting for just under a week for it to
arrive and then have it melt my disk array would not be fun :-D

TIA

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From lists at BSDADMINS.NET  Thu Aug  5 12:12:00 2004
From: lists at BSDADMINS.NET (David Loszewski)
Date: Thu Jan 12 21:26:28 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.352.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
well originally I tried it without the aut-whitelist enabled and it
didn't work.  3.00 is the only version I've tried so far, kind of new to
spamassassin.  do you recommend that I try an earlier version?

Dave

>
> Use of auto-whitelist is not recommended with MailScanner.  Have you
> tried disabling it?
>
> Did you have working setup with Spamassassin 2.63 before?
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug  5 12:40:36 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:28 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.353.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Loszewski wrote:
> well originally I tried it without the aut-whitelist enabled and it
> didn't work.  3.00 is the only version I've tried so far, kind of new to
> spamassassin.  do you recommend that I try an earlier version?

Of course, 3.00 is probably still Beta.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From greyhair at GREYHAIR.NET  Thu Aug  5 12:44:34 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:28 2006
Subject: [OT] Re: MTA preferences for use with MailScanner
Message-ID: <mailman.354.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, I, too, am curious of how many people send 4.3 TB messages via
email?  Also, does it really make it a better MTA to have the
ability to handle >2^32 byte files?

humbly,
greyhair[ed]

9.8hrs over a 1 gigabit connection, right?

Drew Marshall wrote:
> On Wed, August 4, 2004 9:43, Julian Field said:
>
>>But it does all mean you can have a message more than 2^32 bytes long.
>>Where would we be without support for 4.3 terabyte messages?
>
>
> Being one of the definant Postfix users (From MailScanner's point of view
> becasue I use Postfix and Postfix's point of view because I use MS) :-) I
> would just like to ask if any one has a 4.3Tb message NOT to send it to me
> to test the theory. The idea of waiting for just under a week for it to
> arrive and then have it melt my disk array would not be fun :-D
>
> TIA
>
> Drew
>
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From idan at SECURENET.CO.IL  Thu Aug  5 13:19:28 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:28 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.355.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi All,

In the older versions I could bounce high score spam and in
mailscanner-4.30.3-2 I cant.
Someone know why ? And if there is another way to config this option ?

Thanks.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 13:50:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:28 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.356.1137101188.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:19 05/08/2004, you wrote:
>Hi All,
>
>In the older versions I could bounce high score spam and in
>mailscanner-4.30.3-2 I cant.
>Someone know why ? And if there is another way to config this option ?

Bouncing spam is *such* a bad idea, that the short answer is you can't.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Thu Aug  5 14:09:02 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:28 2006
Subject: Error with RAR-Files
Message-ID: <mailman.357.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi there,

i just tested to send me an Eicar-File within a rar-file.

Then i saw the following lines within the mail-log:

Aug  5 15:05:49 marcel MailScanner[14237]: Virus and Content Scanning:
Starting
Aug  5 15:05:50 marcel MailScanner[14237]:
/var/spool/MailScanner/incoming/14237
/./i75D5bZD014309/eicar.rar: RAR module failure
Aug  5 15:05:50 marcel MailScanner[14237]: ProcessClamAVOutput:
unrecognised lin
e "/var/spool/MailScanner/incoming/14237/./i75D5bZD014309/eicar.rar: RAR
module
failure". Please contact the authors!
Aug  5 15:05:50 marcel MailScanner[14237]:
/tmp/clamav.14318/clamav-d97a4c0e3852
2ad2/eicar.rar: RAR module failure
Aug  5 15:05:50 marcel MailScanner[14237]: ProcessClamAVOutput:
unrecognised lin
e "/tmp/clamav.14318/clamav-d97a4c0e38522ad2/eicar.rar: RAR module
failure". Ple
ase contact the authors!
Aug  5 15:05:50 marcel MailScanner[14237]: UNRAR 3.00 freeware
Copyright (c
) 1993-2002 Eugene Roshal
Aug  5 15:05:50 marcel MailScanner[14237]: ProcessClamAVOutput:
unrecognised lin
e "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene Roshal". Please
conta
ct the authors!
Aug  5 15:05:50 marcel MailScanner[14237]: Extracting from
/tmp/clamav.14318/cla
mav-d97a4c0e38522ad2/eicar.rar
Aug  5 15:05:50 marcel MailScanner[14237]: ProcessClamAVOutput:
unrecognised lin
e "Extracting from /tmp/clamav.14318/clamav-d97a4c0e38522ad2/eicar.rar".
Please
contact the authors!
Aug  5 15:05:50 marcel MailScanner[14237]: Extracting  eicar.com
                                    ^H^H^H^H 65%^H^H^H^H^H  OK
Aug  5 15:05:50 marcel MailScanner[14237]: ProcessClamAVOutput:
unrecognised lin
e "Extracting  eicar.com
^H^H
^H^H 65%^H^H^H^H^H  OK ". Please contact the authors!
Aug  5 15:05:50 marcel MailScanner[14237]:
/tmp/clamav.14318/clamav-b2a097e89b44
7d3a/eicar.com: Eicar-Test-Signature FOUND



Has anyone an idea what happened now?
As in the past the unrar-Test worked just fine.

Greetings Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Thu Aug  5 14:14:50 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:28 2006
Subject: Error with RAR-Files
Message-ID: <mailman.358.1137101188.24926.mailscanner@lists.mailscanner.info>

Hi there,

another bad thing which happened, as i now tried within the clam.conf to
activated the scanrar option.

The same fault..

and..

the infected rar-file got through.. :(

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andreas.Doerfler at KEMPTEN.DE  Thu Aug  5 14:16:19 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.359.1137101188.24926.mailscanner@lists.mailscanner.info>

> -----Ursprüngliche Nachricht-----
> Von: Marcel Blenkers [mailto:marcel@IRC-ADDICTS.DE] 
> Gesendet: Donnerstag, 5. August 2004 15:09
> 
> Has anyone an idea what happened now?
> As in the past the unrar-Test worked just fine.
> 
> Greetings Marcel
> 

was the packed created with a newer version of rar ?
unrar 3.00 isnt that new and winrar >3.20 uses newer
algorithm (as far as i know :))
can u manual decompress the archive with unrar ?

greetings 
andy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Thu Aug  5 14:21:45 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.360.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi there,

>
> was the packed created with a newer version of rar ?
> unrar 3.00 isnt that new and winrar >3.20 uses newer
> algorithm (as far as i know :))
> can u manual decompress the archive with unrar ?
>

the File was sent via heise.de, as they provide the test for various
infected mails.

I tested the eicar.rar-file, detached it, and..yes i was able to
uncompress it with the unrar-command on the shell :(

Then i tried clamscan on the decompressed eicar.com-file, which resulted
with the eicar-test-file.
Then i tried the clamscan-command and actived option for scan of rar-files
within the clam.conf..there i just got an error..

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 14:50:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.361.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:21 05/08/2004, you wrote:
>Hi there,
>
> >
> > was the packed created with a newer version of rar ?
> > unrar 3.00 isnt that new and winrar >3.20 uses newer
> > algorithm (as far as i know :))
> > can u manual decompress the archive with unrar ?
> >
>
>the File was sent via heise.de, as they provide the test for various
>infected mails.

Can you send me the URL please? I have hunted around an auto-translated
version of the heise.de site and cannot find the test messages.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From el.baby at GMAIL.COM  Thu Aug  5 14:53:01 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:29 2006
Subject: zlib dependency problem
Message-ID: <mailman.362.1137101189.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 10:08:19 -0400, John Lundin <lundin@cavtel.net> wrote:
> A problem with the mailscanner-4.32.5-1 installation script (and
> probably earlier). Red Hat RPM install, onto Fedora Core 2.
>
> If Compress::Zlib is installed from CPAN and Archive::Zip is not
> installed, then the following scenario unfolds:
>
> >Oh good, module Compress::Zlib version 1.33 is already installed.
> >Attempting to build and install perl-Archive-Zip-1.12-1
>
> And it builds, since Compress::Zlib is present, but then:
>
> >error: Failed dependencies:
> >        perl(Compress::Zlib) is needed by perl-Archive-Zip-1.12-1
>
> Archive::Zip never installs, as the needed RPM db entry is missing.
>
> MailScanner itself then happily builds and installs, but when it tries
> to run it trips over its shoelaces:
>
> >MailScanner:       Can't locate Archive/Zip.pm in @INC [...]
>
> A quick workaround is to compile Compress::Zlib and re-install:
>
> rpmbuild --rebuild perl-Compress-Zlib-1.33-2.src.rpm
> rpm -Uvh \
>   /usr/src/redhat/RPMS/i386/perl-Compress-Zlib-1.33-2.i386.rpm \
>   /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.12-1.noarch.rpm
>

FWIW, I'v ALWAYS had problems mixing CPAN or manually built perl
modules with rpm installed perl modules...

My current (imperfect) solution is to not use CPAN directly, but
download the modules and then use perl2rpm
(http://trific.ath.cx/resources/perl2rpm/)to build an rpm package of
the downloaded module and then install the rpm...

I have had a few problems, but it mostly works... (note: I don't know
a thing about building rpm packages or spec files).


--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Thu Aug  5 14:58:18 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:29 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.363.1137101189.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 10:52:22 -0700, Matt Krause <krausem@gmail.com> wrote:
> Can someone help me figure out why MailScanner is not forwarding MCP
> messages to my review account.  I just upgraded to the newest version
> this morning hoping it would fix the problem from the Debian package
> version 4.31.6-1, but it didn't.  So I am using the tarball from
> www.mailscanner.info now, but the MCP part still isn't working.
>
> I don't remember when it stopped working, but it was a while ago.  The
> logs states that it catches the MCP rule and it quarantines it just
> fine, but it never forwards the message even though the log states it
> is store forward.  The message never gets requeued.  I am using
> Postfix.
>
> Any ideas?
And your MCP actions settings are...?

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Thu Aug  5 14:59:28 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.364.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi there,

>
> Can you send me the URL please? I have hunted around an auto-translated
> version of the heise.de site and cannot find the test messages.
>
> --

and of course a can do that :)

first the Link where you could choose what kind of virus you want to
receive:

http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?kategorie=virendummies

Now, if you want to receive an email containing the eicar-test-file within
a rar-file, please check this link:

http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_eicar

just take a look at the bottom of the page..there is a field, in which you
enter your mail-adress to get this virus-mail.

Then you will receive a mail, containing a long link, just to confirm that
you really want this mail.

You click on this one, and woah..there is your virus-mail :)

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Thu Aug  5 15:20:10 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:29 2006
Subject: Strange behavior since update to latest version... Failed to
Message-ID: <mailman.365.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 5 Aug 2004 09:02:32 +0200, Petry Roman, ITS-IT
<roman.petry@dillinger.biz> wrote:
> Hi, here is Roman again...
>
> As i said, i changed the locking type to posix in Mailscanner.conf and now
> everything is O.K... No error again since yesterday morning.. 40000 mails
> passed without a problem..
>
> Thanks to the List for help. 8-).. The strange thing is , that the old
> version did not have the same problems with flock.. 8-)).. Biut who cares..
>
Well David just said that Sendmail changed its default locking method
in the last upgrade, so that's the cause... he changed the default and
recompiled Sendmail, you changed the setting in MailScanner, both are
running fine :-)

FWIW, I think changing a setting in MailScanner.conf is a better
alternative (at least, a cheaper one) than recompiling Sendmail...
maybe this should be added to the maq or faq, since, as people start
upgrading Sendmail, I guess this problem will be frequent.

Regards.


--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Thu Aug  5 15:28:25 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:29 2006
Subject: FW: Returned mail: see transcript for details
Message-ID: <mailman.366.1137101189.24926.mailscanner@lists.mailscanner.info>

I got this stupid error message while trying to send in an abuse report.

Since I don't understand a lot about mail servers, is this because I haven't
set the information line to something other than the default?
Or are they rejecting my email because I have that header in there in the
first place?

Thanks.

-----Original Message-----
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON@ns1.customnetworks.ca] 
Sent: Thursday, August 05, 2004 10:16 AM
To: postmaster@ns1.customnetworks.ca
Subject: Returned mail: see transcript for details


The original message was received at Thu, 5 Aug 2004 10:16:12 -0400 from
[10.10.10.8]

   ----- The following addresses had permanent fatal errors -----
<abuse@cgocable.net>
    (reason: 550 Error: 552 possible virus)

   ----- Transcript of session follows -----
553 5.3.0 header syntax error, line "X-Custom
Networks-MailScanner-Information: Please contact the ISP for more
information" 553 5.3.0 header syntax error, line "X-Custom
Networks-MailScanner: Found to be clean" ... while talking to
216.221.81.26.:
>>> DATA
<<< 550 Error: 552 possible virus
554 5.0.0 Service unavailable

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From prandal at HEREFORDSHIRE.GOV.UK  Thu Aug  5 15:34:04 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:29 2006
Subject: Returned mail: see transcript for details
Message-ID: <mailman.367.1137101189.24926.mailscanner@lists.mailscanner.info>

Is that "X-Custom Networks-MailScanner:" (wrong) or
"X-CustomNetworks-MailScanner:" (right)?

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Thom Paine
> Sent: 05 August 2004 15:28
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: FW: Returned mail: see transcript for details
>
> I got this stupid error message while trying to send in an
> abuse report.
>
> Since I don't understand a lot about mail servers, is this
> because I haven't set the information line to something other
> than the default?
> Or are they rejecting my email because I have that header in
> there in the first place?
>
> Thanks.
>
> -----Original Message-----
> From: Mail Delivery Subsystem
> [mailto:MAILER-DAEMON@ns1.customnetworks.ca]
> Sent: Thursday, August 05, 2004 10:16 AM
> To: postmaster@ns1.customnetworks.ca
> Subject: Returned mail: see transcript for details
>
>
> The original message was received at Thu, 5 Aug 2004 10:16:12
> -0400 from
> [10.10.10.8]
>
>    ----- The following addresses had permanent fatal errors -----
> <abuse@cgocable.net>
>     (reason: 550 Error: 552 possible virus)
>
>    ----- Transcript of session follows -----
> 553 5.3.0 header syntax error, line "X-Custom
> Networks-MailScanner-Information: Please contact the ISP for more
> information" 553 5.3.0 header syntax error, line "X-Custom
> Networks-MailScanner: Found to be clean" ... while talking to
> 216.221.81.26.:
> >>> DATA
> <<< 550 Error: 552 possible virus
> 554 5.0.0 Service unavailable
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Thu Aug  5 15:54:47 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:29 2006
Subject: Returned mail: see transcript for details
Message-ID: <mailman.368.1137101189.24926.mailscanner@lists.mailscanner.info>

I should take out the space?
I believe there is a space there.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Randal, Phil
Sent: Thursday, August 05, 2004 10:34 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Returned mail: see transcript for details


Is that "X-Custom Networks-MailScanner:" (wrong) or
"X-CustomNetworks-MailScanner:" (right)?

Phil

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From prandal at HEREFORDSHIRE.GOV.UK  Thu Aug  5 15:58:07 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:29 2006
Subject: Returned mail: see transcript for details
Message-ID: <mailman.369.1137101189.24926.mailscanner@lists.mailscanner.info>

You should indeed.  Either remove it or hyphenate it for good measure.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Thom Paine
> Sent: 05 August 2004 15:55
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Returned mail: see transcript for details
>
> I should take out the space?
> I believe there is a space there.
>
>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil
> Sent: Thursday, August 05, 2004 10:34 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Returned mail: see transcript for details
>
>
> Is that "X-Custom Networks-MailScanner:" (wrong) or
> "X-CustomNetworks-MailScanner:" (right)?
>
> Phil
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From krausem at GMAIL.COM  Thu Aug  5 16:03:56 2004
From: krausem at GMAIL.COM (Matt Krause)
Date: Thu Jan 12 21:26:29 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.370.1137101189.24926.mailscanner@lists.mailscanner.info>

# Configuration directory containing files related to MCP
# (Message Content Protection)
%mcp-dir% = /opt/MailScanner/etc/mcp

#
# MCP (Message Content Protection)
# -----------------------------
#
# This scans text and HTML messages segments for any banned text, using
# a 2nd copy of SpamAssassin to provide the searching abilities.
# This 2nd copy has its own entire set of rules, preferences and settings.
# When used together with the patches for SpamAssassin, it can also check
# the content of attachments such as office documents.
#

MCP Checks = yes

MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1

MCP Header = X-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = store forward review@domain.com
High Scoring MCP Actions = store forward review@domain.com

Log MCP = yes
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = yes

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100000
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Sender MCP Report = %report-dir%/sender.mcp.report.txt

The strange part is I have install MailScanner on two brand new
machines since and duplicated the MailScanner.conf files and the new
machines work fine, just as the broken one did for a while.

On Thu, 5 Aug 2004 10:58:18 -0300, Mariano Absatz <el.baby@gmail.com> wrote:
>
>
> On Wed, 4 Aug 2004 10:52:22 -0700, Matt Krause <krausem@gmail.com> wrote:
> > Can someone help me figure out why MailScanner is not forwarding MCP
> > messages to my review account.  I just upgraded to the newest version
> > this morning hoping it would fix the problem from the Debian package
> > version 4.31.6-1, but it didn't.  So I am using the tarball from
> > www.mailscanner.info now, but the MCP part still isn't working.
> >
> > I don't remember when it stopped working, but it was a while ago.  The
> > logs states that it catches the MCP rule and it quarantines it just
> > fine, but it never forwards the message even though the log states it
> > is store forward.  The message never gets requeued.  I am using
> > Postfix.
> >
> > Any ideas?
> And your MCP actions settings are...?
>
> --
> Mariano Absatz - El Baby
> el (dot) baby (AT) gmail (dot) com
> el (punto) baby (ARROBA:@) gmail (punto) com
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From el.baby at GMAIL.COM  Thu Aug  5 16:14:29 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:29 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.371.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 5 Aug 2004 08:03:56 -0700, Matt Krause <krausem@gmail.com> wrote:
> # Configuration directory containing files related to MCP
> # (Message Content Protection)
> %mcp-dir% = /opt/MailScanner/etc/mcp
...
<SNIP>
Strange... everything seems just fine... and you say the log states
that actions are 'store forward'...

Sorry 'bout really stupid questions, but is the forwarded address
correctly spelled? can you send a message from within the mailscanner
server to the forwarded address and is it delivered?

Sorry, but I can't think of what can be wrong...

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 16:20:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.372.1137101189.24926.mailscanner@lists.mailscanner.info>

Patch for SweepViruses.pm is attached.

It still complains about some lines, but I can't make it take into account
every type of irrelevant output line from every possible archive unpacker
unfortunately.
But it detects the virus just fine.

This will be included in the next release, once you have agreed it works okay.

At 14:59 05/08/2004, you wrote:
>Hi there,
>
> >
> > Can you send me the URL please? I have hunted around an auto-translated
> > version of the heise.de site and cannot find the test messages.
> >
> > --
>
>and of course a can do that :)
>
>first the Link where you could choose what kind of virus you want to
>receive:
>
>http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?kategorie=virendummies
>
>Now, if you want to receive an email containing the eicar-test-file within
>a rar-file, please check this link:
>
>http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_eicar
>
>just take a look at the bottom of the page..there is a field, in which you
>enter your mail-adress to get this virus-mail.
>
>Then you will receive a mail, containing a long link, just to confirm that
>you really want this mail.
>
>You click on this one, and woah..there is your virus-mail :)
>
>Greetings
>
>Marcel
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, Application/OCTET-STREAM (Name: "SweepViruses.pm.patch")  ]
    [ 1.6KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
From mailscanner at ecs.soton.ac.uk  Thu Aug  5 16:24:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:29 2006
Subject: ZMailer.pm bug
Message-ID: <mailman.373.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
These will be in the next release.

At 15:22 05/08/2004, you wrote:

>Hi, I've just detected a bug in two of my regexes in
>ZMailer.pm code.
>
>I'm sending the patch.
>Hope this is the last one (I've touched 2 o 3 times that code already)
>
>
>Here is the patch.
>
>------------------------------------------------------------------------------
>diff -Naur MailScanner-4.32.5.ORIG/lib/MailScanner/ZMailer.pm
>MailScanner-4.32.5/lib/MailScanner/ZMailer.pm
>--- MailScanner-4.32.5.ORIG/lib/MailScanner/ZMailer.pm  Tue Jul 27
>13:31:05 2004
>+++ MailScanner-4.32.5/lib/MailScanner/ZMailer.pm       Thu Aug  5
>11:06:41 2004
>@@ -567,13 +567,14 @@
>    my $this = shift;
>    my($message, $user) = @_;
>
>+  $user= quotemeta($user) if( $user );
>    #my $userre=$user ? qr/.*\b$user\b/ : qr //;
>-  my $userre=$user ?  qr/(:?.*RCPT=rfc822;|\s*<?)$user(:?\s+.*|>?\s*)/i :
>qr /.*/;
>+  my $userre=$user
>?  qr/(?:.*RCPT=rfc822;$user\s|\s*<?$user(?:[>\s]|$))/i : qr //;
>    my($linenum);
>    for ($linenum=0; $linenum<@{$message->{metadata}}; $linenum++) {
>      # Looking for "recipient" lines
>      #next unless $message->{metadata}[$linenum] =~ /^to(:?dsn)?\s$userre/;
>-    next unless $message->{metadata}[$linenum] =~ /^to(:?dsn)?\s$userre/i;
>+    next unless $message->{metadata}[$linenum] =~ /^to(?:dsn)?\s$userre/i;
>      # Have found the right line
>      splice(@{$message->{metadata}}, $linenum, 1);
>      $linenum--; # Study the same line again
>------------------------------------------------------------------------------
>
>
>Saludos
>
>--
>Leonardo Helman
>Pert Consultores
>Argentina

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 16:25:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:29 2006
Subject: Returned mail: see transcript for details
Message-ID: <mailman.374.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Let me quote from the comment in MailScanner.conf, just above where you set
%org-name%
# RULE: It must not contain any spaces!

Please read the docs.

At 15:54 05/08/2004, you wrote:
>I should take out the space?
>I believe there is a space there.
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Randal, Phil
>Sent: Thursday, August 05, 2004 10:34 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Returned mail: see transcript for details
>
>
>Is that "X-Custom Networks-MailScanner:" (wrong) or
>"X-CustomNetworks-MailScanner:" (right)?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From diego.fabara at ALEGROPCS.COM  Thu Aug  5 16:26:13 2004
From: diego.fabara at ALEGROPCS.COM (Diego Fabara)
Date: Thu Jan 12 21:26:29 2006
Subject: E-mails without contents ??
Message-ID: <mailman.375.1137101189.24926.mailscanner@lists.mailscanner.info>

Why someone mails arrived to my users with body empty??

My option is HTML Disarm

Is this the problem ??


INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Thu Aug  5 16:33:53 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: E-mails without contents ??
Message-ID: <mailman.376.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi!

> Why someone mails arrived to my users with body empty??
>
> My option is HTML Disarm
>
> Is this the problem ??

A lot of spam is sended in like that, on purpose. Are you sure there is
text BEFORE MailScanner touches it ? Spammers do this, for whatever
reasons. Got tons of them the last months.

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Thu Aug  5 16:35:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:29 2006
Subject: Dodgy virus scanner
Message-ID: <mailman.377.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Me thinks F-Prot is being a little over eager. I assume they are running
some F-Prot email virus scanner in addition to MailScanner.

>Subject: POSIBLE VIRUS !!
>Date: Thu, 5 Aug 2004 10:30:10 -0500
>Thread-Topic: POSIBLE VIRUS !!
>From: "Diego Fabara" <diego.fabara@alegropcs.com>
>To: "Julian Field" <mailscanner@ecs.soton.ac.uk>
>Cc: <antivirus@alegropcs.com>
>X-OriginalArrivalTime: 05 Aug 2004 15:31:18.0802 (UTC)
>FILETIME=[40F24720:01C47B01]
>X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)
>X-Antivirus-Summary: Mod score: 0
>X-alegropcs-MailScanner-Information: Please contact the ISP for more
>information
>X-alegropcs-MailScanner: Found to be clean
>X-alegropcs-MailScanner-SpamScore: ss
>
>Por favor revise su PC, es posible que tenga virus en su sistema.
>
>Attachment file : SweepViruses.pm.patch
>Scanner Detected: Heuristic - (Could be a new virus)
>Action taken : Unable to Clean...
>
>Attachment file : SweepViruses.pm.patch
>Scanner Detected: Heuristic - (Could be a new virus)
>Secondary Action taken : Moved...

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug  5 16:36:39 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: E-mails without contents ??
Message-ID: <mailman.378.1137101189.24926.mailscanner@lists.mailscanner.info>

> Why someone mails arrived to my users with body empty??
>
> My option is HTML Disarm
>
> Is this the problem ??

In a word. No


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From idan at SECURENET.CO.IL  Thu Aug  5 16:57:38 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:29 2006
Subject: to gilatadv.com is spam -> SpamAssassin (score=0.733, required 6
Message-ID: <mailman.379.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns0="urn:schemas-microsoft-com:office:smarttags">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        text-align:right;
        direction:rtl;
        unicode-bidi:embed;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1 dir=RTL>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Hi
All,<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>How
come?<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug&nbsp;
3 20:35:46 localhost MailScanner[5282]: RBL checks: i73HZfMJ007587 found in SBL+XBL</span></font><font
size=2 face=Arial><span lang=HE dir=RTL style='font-size:10.0pt;font-family:
Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug&nbsp;
3 20:35:47 localhost MailScanner[5282]: Message i73HZfMJ007587 from 69.60.15.92
(2115@1337.ifllcmarketing.net) to gilatadv.com is spam, SBL+XBL, SpamAssassin (score=0.733,
required 6, COMBINED_FROM 0.32, SARE_HOMELOAN 0.41)</span></font><font size=2
face=Arial><span lang=HE dir=RTL style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug&nbsp;
3 20:35:48 localhost MailScanner[5282]: Spam Checks: Found 1 spam messages</span></font><font
size=2 face=Arial><span lang=HE dir=RTL style='font-size:10.0pt;font-family:
Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug&nbsp;
3 20:35:48 localhost MailScanner[5282]: Spam Actions: message i73HZfMJ007587 actions
are forward,info@xxx.com<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Thanks.<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=RTL><font size=3 face="Times New Roman"><span lang=HE
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From cparker at SWATGEAR.COM  Thu Aug  5 17:01:26 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:29 2006
Subject: to gilatadv.com is spam -> SpamAssassin (score=0.733, required 6
Message-ID: <mailman.380.1137101189.24926.mailscanner@lists.mailscanner.info>

Idan Plotnik <mailto:idan@SECURENET.CO.IL>
    on Thursday, August 05, 2004 8:58 AM said:

> How come?
> 
> Aug  3 20:35:46 localhost MailScanner[5282]: RBL checks:
> i73HZfMJ007587 found in SBL+XBL Aug  3 20:35:47 localhost

well i'm assuming you mean "why is this email considered spam?"...

because of: SBL+XBL



hth,
chris.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cpd at UNIVAP.BR  Thu Aug  5 17:05:49 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:29 2006
Subject: Problem after upgrade to 4.32.5-1
Message-ID: <mailman.381.1137101189.24926.mailscanner@lists.mailscanner.info>

After upgrade from version 4.29.7-1 to 4.32.5-1, I'm getting an error message in my maillog.


8<----------------------------------------------------------------------------------
Aug  5 10:53:32 arara MailScanner[29869]: Spam Checks: Starting
Aug  5 10:53:33 arara MailScanner[29869]: RBL checks: i75DrHgW031927 found in SORBS-DNSBL
Aug  5 10:53:34 arara MailScanner[29869]: Message i75DrHgW031927 from xxx.xxx.xxx.xxx (mailer-daemon@xx.xx.xx) to
univap.br is spam, SORBS-DNSBL,
SpamAssassin (score=10.895, required 10, BAYES_90 2.10, BR_RECEIVED_SPAMMER 0.50, MIME_BOUND_NEXTPART 0.50,
MISSING_MIMEOLE 1.59, MSGID_FROM_MTA_SHORT
3.03, NO_REAL_NAME 0.16, PRIORITY_NO_NAME 1.21, X_MSMAIL_PRIORITY_HIGH 0.50, X_PRIORITY_HIGH 1.30)
Aug  5 10:53:34 arara MailScanner[29869]: Spam Checks: Found 1 spam messages
Aug  5 10:53:34 arara MailScanner[29869]: Spam Actions: message i75DrHgW031927 actions are deliver
Aug  5 10:53:34 arara MailScanner[29869]: Virus and Content Scanning: Starting
Aug  5 10:53:35 arara MailScanner[29869]: /i75DrHgW031927/msg2601.zip        Found the W32/Netsky.q@MM!zip virus !!!
Aug  5 10:53:35 arara MailScanner[29869]: Virus Scanning: McAfee found 1 infections
Aug  5 10:53:36 arara MailScanner[29869]: /var/spool/MailScanner/incoming/29869/./i75DrHgW031927/msg2601.zip:
Worm.SomeFool.Q FOUND
Aug  5 10:53:36 arara MailScanner[29869]: Virus Scanning: ClamAV found 1 infections
Aug  5 10:53:36 arara MailScanner[29869]: ^M^M^M^M^M^M^M^M./i75DrHgW031927/msg2601.zip  Virus identified  I-Worm/Netsky.R
Aug  5 10:53:36 arara MailScanner[29869]: Virus Scanning: Avg found 1 infections
Aug  5 10:53:36 arara MailScanner[29869]: Infected message i75DrHgW031927 came from xxx.xxx.xxx.xxx
Aug  5 10:53:36 arara MailScanner[29869]: Virus Scanning: Found 1 viruses
8<----------------------------------------------------------------------------------

Here is the setup

Redhat 9
sendmail

# MailScanner -v
This is Perl version 5.008
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV


Thanks,

Vladimir M Costa

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From vosburgh at DALSEMI.COM  Thu Aug  5 17:09:29 2004
From: vosburgh at DALSEMI.COM (David Vosburgh)
Date: Thu Jan 12 21:26:29 2006
Subject: to gilatadv.com is spam -> SpamAssassin (score=0.733, required 6
Message-ID: <mailman.382.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
If you have Spam Lists To Reach High Score = 1, that might do it.

Dave

Idan Plotnik wrote:

> Hi All,
>
>
>
> How come?
>
>
>
> Aug  3 20:35:46 localhost MailScanner[5282]: RBL checks:
> i73HZfMJ007587 found in SBL+XBL
>
> Aug  3 20:35:47 localhost MailScanner[5282]: Message i73HZfMJ007587
> from 69.60.15.92 (2115@1337.ifllcmarketing.net) to gilatadv.com is
> spam, SBL+XBL, SpamAssassin (score=0.733, required 6, COMBINED_FROM
> 0.32, SARE_HOMELOAN 0.41)
>
> Aug  3 20:35:48 localhost MailScanner[5282]: Spam Checks: Found 1 spam
> messages
>
> Aug  3 20:35:48 localhost MailScanner[5282]: Spam Actions: message
> i73HZfMJ007587 actions are forward,info@xxx.com
>
>
>
> Thanks.
>
>
>
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
> <mailto:jiscmail@jiscmail.ac.uk>
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html


--

Dave Vosburgh
Sr. Unix System Administrator
Dallas Semiconductor
vosburgh@dalsemi.com  972-371-4418

"By order of the prophet, we ban that boogie sound."

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Thu Aug  5 17:09:39 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.383.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi there,

is this patch for all MS-Versions or just the current one?


> Patch for SweepViruses.pm is attached.
>

Thanks :) hope my patch-program works :) somehow the last patches did not
got patched :(

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From rzewnickie at RFA.ORG  Thu Aug  5 17:18:00 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:29 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.384.1137101189.24926.mailscanner@lists.mailscanner.info>

On Wed, Aug 04, 2004 at 09:43:58AM +0100, Julian Field wrote:
> At 23:46 03/08/2004, you wrote:
> >On Thu, Jul 29, 2004 at 08:38:57AM -0300, Mariano Absatz wrote:
> >> I heard, from knowledgable people, that both Postfix and Exim are
> >> nice, easy to configure and have good documentation and mailing list
> >> support... the only thing that I disliked was when Julian said that
> >> the queue format of Postfix is binary and not plain ASCII... this
> >> scares me a lot since, in a crisis, you aren't able to use your
> >> average set of text tools to resolve it...
> >Is this really true? I know postfix queuefiles don't have linebreaks in
> >them, but does that make them binary?
>
> Yes. They are basically a sequence of records of the form:
>
> special-magic-character-denoting-record-type
> string-length-counter-encoded-using-7-bits-per-byte
> record-data
>
> There are also cross-reference records that supply byte offset counters to
> various other records within the file, all of which have to be correctly
> maintained. Oh, and for good measure all the recipients are listed twice in
> different records (most of the time) and there is envelope information both
> before and after the message body.
>
> But it does all mean you can have a message more than 2^32 bytes long.
> Where would we be without support for 4.3 terabyte messages?

I see. :-\
thanks for the explanation.

-Eric Rz.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Thu Aug  5 17:33:29 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:29 2006
Subject: Returned mail: see transcript for details
Message-ID: <mailman.385.1137101189.24926.mailscanner@lists.mailscanner.info>

My bad. Sorry, and thanks.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Thursday, August 05, 2004 11:26 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Returned mail: see transcript for details


Let me quote from the comment in MailScanner.conf, just above where you set
%org-name% # RULE: It must not contain any spaces!

Please read the docs.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Thu Aug  5 17:58:08 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:29 2006
Subject: Problem after upgrade to 4.32.5-1
Message-ID: <mailman.386.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Could you tell us where is the error, 'cause I can't see any.

Ugo

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From steve.swaney at FSL.COM  Thu Aug  5 18:26:08 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:29 2006
Subject: Problem after upgrade to 4.32.5-1
Message-ID: <mailman.387.1137101189.24926.mailscanner@lists.mailscanner.info>

Please call when you can.

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ugo Bellavance
> Sent: Thursday, August 05, 2004 12:58 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Problem after upgrade to 4.32.5-1
>
> Could you tell us where is the error, 'cause I can't see any.
>
> Ugo
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris at FRACTALWEB.COM  Thu Aug  5 18:26:13 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.388.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Not sure if this is common knowledge or not. I searched the 1500-odd
messages I have here from this list and haven't found anything about it.

Since I upgraded to the latest/greatest version of MailScanner, the
server is showing a significantly higher server load. Before the
upgrade, we averaged around 0.6, with occasional spikes up to 3 or 4.
Now we're averaging 3 or 4 with spikes up as high as 18!!! I have 3
child processes and the usual everything else (DCC, Razor, SA, ClamAV, etc.)

Right now, there are 3 messages in the "in queue" and 7 in the "out
queue" and the 1 minute load average is 6.13, 5 minute is 4.90.

Any thoughts?

Cheers,
Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From prandal at HEREFORDSHIRE.GOV.UK  Thu Aug  5 18:29:29 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.389.1137101189.24926.mailscanner@lists.mailscanner.info>

I've had problems with Razor this week.

Check with

  spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

and see if that's working properly.

  razor-admin -discover

sorted it for me.

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris Yuzik
> Sent: 05 August 2004 18:26
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: higher load average since upgrading to latest version
>
> Not sure if this is common knowledge or not. I searched the
> 1500-odd messages I have here from this list and haven't
> found anything about it.
>
> Since I upgraded to the latest/greatest version of
> MailScanner, the server is showing a significantly higher
> server load. Before the upgrade, we averaged around 0.6, with
> occasional spikes up to 3 or 4.
> Now we're averaging 3 or 4 with spikes up as high as 18!!! I
> have 3 child processes and the usual everything else (DCC,
> Razor, SA, ClamAV, etc.)
>
> Right now, there are 3 messages in the "in queue" and 7 in
> the "out queue" and the 1 minute load average is 6.13, 5
> minute is 4.90.
>
> Any thoughts?
>
> Cheers,
> Chris
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cpd at UNIVAP.BR  Thu Aug  5 18:39:36 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:29 2006
Subject: Problem after upgrade to 4.32.5-1
Message-ID: <mailman.390.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi Ugo ,


>Aug  5 10:53:36 arara MailScanner[29869]: ^M^M^M^M^M^M^M^M./i75DrHgW031927/msg2601.zip  Virus identified  I-Worm/Netsky.R
>Aug  5 10:53:36 arara MailScanner[29869]: Virus Scanning: Avg found 1 infections

  See the  third virus scanning output, many "^M" in file path and the System Administrators mail not display the third
result. Follow another example.



maillog output
8<--------------------------------------------------------------
Aug  5 14:17:48 canario MailScanner[17337]: Spam Checks: Starting
Aug  5 14:17:48 canario MailScanner[17337]: RBL checks: i75HHOIP007863 found in SBL+XBL
Aug  5 14:17:49 canario MailScanner[17337]: Message i75HHOIP007863 from xxx.xxx.xxx.xxx (3dxxx@univap.br) to univap.br
is spam, SBL+XBL
Aug  5 14:17:50 canario MailScanner[17337]: Spam Checks: Found 1 spam messages
Aug  5 14:17:50 canario MailScanner[17337]: Spam Actions: message i75HHOIP007863 actions are deliver
Aug  5 14:17:50 canario MailScanner[17337]: Virus and Content Scanning: Starting
Aug  5 14:17:51 canario MailScanner[17337]: /i75HHOIP007863/important_mmsilva.txt.scr        Found the W32/Netsky.p@MM
virus !!!
Aug  5 14:17:51 canario MailScanner[17337]: Virus Scanning: McAfee found 1 infections
Aug  5 14:17:51 canario MailScanner[17337]:
/var/spool/MailScanner/incoming/17337/./i75HHOIP007863/important_mmsilva.txt.scr: Worm.SomeFool.P FOUND
Aug  5 14:17:52 canario MailScanner[17337]: Virus Scanning: ClamAV found 1 infections

        Here
Aug  5 14:17:52 canario MailScanner[17337]: ^M^M^M^M^M^M^M./i75HHOIP007863/important_mmsilva.txt.scr  Virus identified
I-Worm/Netsky.Q


Aug  5 14:17:52 canario MailScanner[17337]: Virus Scanning: Avg found 1 infections
Aug  5 14:17:52 canario MailScanner[17337]: Infected message i75HHOIP007863 came from xxx.xxx.xxx.xxx
Aug  5 14:17:52 canario MailScanner[17337]: Virus Scanning: Found 1 viruses
Aug  5 14:17:52 canario MailScanner[17337]: Filename Checks: Possible virus hidden in a screensaver (i75HHOIP007863
important_mmsilva.txt.scr)
Aug  5 14:17:52 canario MailScanner[17337]: Filetype Checks: No executables (i75HHOIP007863 important_mmsilva.txt.scr)
8<--------------------------------------------------------------



System Administrators report

8<--------------------------------------------------------------
 Sender: 3dxxx@univap.br
IP Address: xxx.xxx.xxx.xxx
 Recipient:xxxa@univap.br
   Subject:
 MessageID: i75HHOIP007863
    Report: /i75HHOIP007863/important_mmsilva.txt.scr        Found the W32/Netsky.p@MM virus !!!
            important_mmsilva.txt.scr contains Worm.SomeFool.P
            Windows Screensavers are often used to hide viruses (important_mmsilva.txt.scr)
            No programs allowed (important_mmsilva.txt.scr)

Full headers are:
8<--------------------------------------------------------------



Vladimir


> Could you tell us where is the error, 'cause I can't see any.
>
> Ugo
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cconn at ABACOM.COM  Thu Aug  5 18:50:29 2004
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.391.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Patch for SweepViruses.pm is attached.
>
> It still complains about some lines, but I can't make it take into account
> every type of irrelevant output line from every possible archive unpacker
> unfortunately.
> But it detects the virus just fine.
>
> This will be included in the next release, once you have agreed it works
> okay.

Hello,

It seems to work here.  I have been for the longest time been using
clamdscan instead of clamscan in the clamav-wrapper, and I was under the
impression in the past that it would work and I have a vague
recollection of having tested it on .rar files.  However, clamdscan does
not extract from .rar files it seems even if the scan options for unrar
is present.  If I change my configuration back to clamscan in the
wrapper, the patch works on this test.

Is there a way to make clamdscan work properly from the wrapper script?
  Has anyone used it in this way?

Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From chris at FRACTALWEB.COM  Thu Aug  5 19:22:30 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.392.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Randal, Phil wrote:
<blockquote
 cite="mid86144ED6CE5B004DA23E1EAC0B569B581CBF03@isabella.herefordshire.gov.uk"
 type="cite">
  <pre wrap="">I've had problems with Razor this week.

Check with

  spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

and see if that's working properly.

  razor-admin -discover

sorted it for me.
  </pre>
</blockquote>
<br>
Hi Phil,<br>
<br>
Thanks, I've done that and it did seem to help a bit.<br>
<br>
Here's the output (in HTML...sorry) of the lint test, as reported by
the ever-so-nifty MailWatch interface (thanks Steve!).<br>
<br>
Any suggestions? It looks like it's taking a while to connect to Bayes.
Not sure how to deal with that.<br>
<br>
Cheers,<br>
Chris<br>
<br>
<table class="mail" width="100%">
  <thead><th colspan="2">SpamAssassin Lint</th>
  </thead><!-- Timer: 1091729960.3733, Line Start: 18.364197969437 --> <tbody>
    <tr>
      <td>debug: Score set 0 chosen.</td>
      <td class="lint_1">0</td>
    </tr>
<!-- Timer: 1091729960.3748, Line Start: 18.365741968155 --> <tr>
      <td>debug: running in taint mode? yes</td>
      <td class="lint_1">0.00154</td>
    </tr>
<!-- Timer: 1091729960.3753, Line Start: 18.366188049316 --> <tr>
      <td>debug: Running in taint mode, removing unsafe env vars, and
resetting PATH</td>
      <td class="lint_1">0.00045</td>
    </tr>
<!-- Timer: 1091729960.3761, Line Start: 18.367066144943 --> <tr>
      <td>debug: PATH included '/sbin', keeping.</td>
      <td class="lint_1">0.00088</td>
    </tr>
<!-- Timer: 1091729960.3768, Line Start: 18.367715120316 --> <tr>
      <td>debug: PATH included '/usr/sbin', keeping.</td>
      <td class="lint_1">0.00065</td>
    </tr>
<!-- Timer: 1091729960.3774, Line Start: 18.368318080902 --> <tr>
      <td>debug: PATH included '/bin', keeping.</td>
      <td class="lint_1">0.0006</td>
    </tr>
<!-- Timer: 1091729960.378, Line Start: 18.368938922882 --> <tr>
      <td>debug: PATH included '/usr/bin', keeping.</td>
      <td class="lint_1">0.00062</td>
    </tr>
<!-- Timer: 1091729960.3788, Line Start: 18.369745969772 --> <tr>
      <td>debug: PATH included '/usr/X11R6/bin', keeping.</td>
      <td class="lint_1">0.00081</td>
    </tr>
<!-- Timer: 1091729960.3794, Line Start: 18.370320081711 --> <tr>
      <td>debug: Final PATH set to:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin</td>
      <td class="lint_1">0.00057</td>
    </tr>
<!-- Timer: 1091729960.4239, Line Start: 18.414853096008 --> <tr>
      <td>debug: ignore: using a test message to lint rules</td>
      <td class="lint_1">0.04453</td>
    </tr>
<!-- Timer: 1091729960.4248, Line Start: 18.415733098984 --> <tr>
      <td>debug: using "/usr/share/spamassassin" for default rules dir</td>
      <td class="lint_1">0.00088</td>
    </tr>
<!-- Timer: 1091729960.5028, Line Start: 18.493720054626 --> <tr>
      <td>debug: using "/etc/mail/spamassassin" for site rules dir</td>
      <td class="lint_1">0.07799</td>
    </tr>
<!-- Timer: 1091729960.8199, Line Start: 18.810828924179 --> <tr>
      <td>debug:
mkdir /var/www/.spamassassin failed: mkdir /var/www/.spamassassin:
Permission denied at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin.pm line 1279</td>
      <td class="lint_1">0.31711</td>
    </tr>
<!-- Timer: 1091729960.8205, Line Start: 18.811445951462 --> <tr>
      <td>debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for
user prefs file</td>
      <td class="lint_1">0.00062</td>
    </tr>
<!-- Timer: 1091729965.0106, Line Start: 23.001569032669 --> <tr>
      <td>debug: bayes: 25698 tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes_toks</td>
      <td class="lint_5">4.19012</td>
    </tr>
<!-- Timer: 1091729965.0133, Line Start: 23.004224061966 --> <tr>
      <td>debug: bayes: 25698 tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes_seen</td>
      <td class="lint_1">0.00266</td>
    </tr>
<!-- Timer: 1091729965.0165, Line Start: 23.007381916046 --> <tr>
      <td>debug: bayes: found bayes db version 2</td>
      <td class="lint_1">0.00316</td>
    </tr>
<!-- Timer: 1091729965.0196, Line Start: 23.010488986969 --> <tr>
      <td>debug: Score set 3 chosen.</td>
      <td class="lint_1">0.00311</td>
    </tr>
<!-- Timer: 1091729965.02, Line Start: 23.01096701622 --> <tr>
      <td>debug: Initialising learner</td>
      <td class="lint_1">0.00048</td>
    </tr>
<!-- Timer: 1091729965.026, Line Start: 23.016892910004 --> <tr>
      <td>debug: is Net::DNS::Resolver available? yes</td>
      <td class="lint_1">0.00593</td>
    </tr>
<!-- Timer: 1091729965.0265, Line Start: 23.017400979996 --> <tr>
      <td>debug: trying (3) slashdot.org...</td>
      <td class="lint_1">0.00051</td>
    </tr>
<!-- Timer: 1091729965.0269, Line Start: 23.017843961716 --> <tr>
      <td>debug: looking up MX for 'slashdot.org'</td>
      <td class="lint_1">0.00044</td>
    </tr>
<!-- Timer: 1091729965.1555, Line Start: 23.146426916122 --> <tr>
      <td>debug: MX for 'slashdot.org' exists? 1</td>
      <td class="lint_1">0.12858</td>
    </tr>
<!-- Timer: 1091729965.1564, Line Start: 23.147290945053 --> <tr>
      <td>debug: MX lookup of slashdot.org succeeded =&gt; Dns
available (set dns_available to hardcode)</td>
      <td class="lint_1">0.00086</td>
    </tr>
<!-- Timer: 1091729965.157, Line Start: 23.147894144058 --> <tr>
      <td>debug: is DNS available? 1</td>
      <td class="lint_1">0.0006</td>
    </tr>
<!-- Timer: 1091729965.1634, Line Start: 23.154318094254 --> <tr>
      <td>debug: all '*From' addrs:
<a class="moz-txt-link-abbreviated" href="mailto:ignore@compiling.spamassassin.taint.org">ignore@compiling.spamassassin.taint.org</a></td>
      <td class="lint_1">0.00642</td>
    </tr>
<!-- Timer: 1091729965.1708, Line Start: 23.16175198555 --> <tr>
      <td>debug: running header regexp tests; score so far=0</td>
      <td class="lint_1">0.00743</td>
    </tr>
<!-- Timer: 1091729966.0113, Line Start: 24.002231121063 --> <tr>
      <td>debug: running body-text per-line regexp tests; score so
far=2.79</td>
      <td class="lint_2">0.84048</td>
    </tr>
<!-- Timer: 1091729966.7173, Line Start: 24.70826292038 --> <tr>
      <td>debug: bayes corpus size: nspam = 312129, nham = 24264</td>
      <td class="lint_2">0.70603</td>
    </tr>
<!-- Timer: 1091729966.7192, Line Start: 24.710093021393 --> <tr>
      <td>debug: uri tests: Done uriRE</td>
      <td class="lint_1">0.00183</td>
    </tr>
<!-- Timer: 1091729966.729, Line Start: 24.719913959503 --> <tr>
      <td>debug: tokenize: header tokens for *F = "U*ignore
D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org
D*org"</td>
      <td class="lint_1">0.00982</td>
    </tr>
<!-- Timer: 1091729966.7296, Line Start: 24.720509052277 --> <tr>
      <td>debug: tokenize: header tokens for *m = " 1091729960
lint_rules "</td>
      <td class="lint_1">0.0006</td>
    </tr>
<!-- Timer: 1091729966.7389, Line Start: 24.729829072952 --> <tr>
      <td>debug: cannot use bayes on this message; db not initialised
yet</td>
      <td class="lint_1">0.00932</td>
    </tr>
<!-- Timer: 1091729966.7393, Line Start: 24.730262041092 --> <tr>
      <td>debug: bayes: not scoring message, returning 0.5</td>
      <td class="lint_1">0.00043</td>
    </tr>
<!-- Timer: 1091729966.7398, Line Start: 24.730704069138 --> <tr>
      <td>debug: bayes: 25698 untie-ing</td>
      <td class="lint_1">0.00044</td>
    </tr>
<!-- Timer: 1091729966.7903, Line Start: 24.781220912933 --> <tr>
      <td>debug: bayes: 25698 untie-ing db_toks</td>
      <td class="lint_1">0.05052</td>
    </tr>
<!-- Timer: 1091729966.7913, Line Start: 24.782181024551 --> <tr>
      <td>debug: bayes: 25698 untie-ing db_seen</td>
      <td class="lint_1">0.00096</td>
    </tr>
<!-- Timer: 1091729966.7946, Line Start: 24.785494089127 --> <tr>
      <td>debug: Razor2 is available</td>
      <td class="lint_1">0.00331</td>
    </tr>
<!-- Timer: 1091729966.867, Line Start: 24.857923030853 --> <tr>
      <td>debug: entering helper-app run mode</td>
      <td class="lint_1">0.07243</td>
    </tr>
<!-- Timer: 1091729967.0947, Line Start: 25.085600137711 --> <tr>
      <td> Razor-Log: Computed razorhome from env: /var/www/.razor</td>
      <td class="lint_1">0.22768</td>
    </tr>
<!-- Timer: 1091729967.0949, Line Start: 25.085845947266 --> <tr>
      <td> Razor-Log: No razorhome found, using all defaults</td>
      <td class="lint_1">0.00025</td>
    </tr>
<!-- Timer: 1091729967.0951, Line Start: 25.08603310585 --> <tr>
      <td> Razor-Log: No razor-agent.conf found, using defaults. </td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.0953, Line Start: 25.086215019226 --> <tr>
      <td>Aug 05 11:19:26.856841 check[25698]: [ 2] [bootup] Logging
initiated LogDebugLevel=9 to stdout</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0955, Line Start: 25.086417913437 --> <tr>
      <td>Aug 05 11:19:26.858050 check[25698]: [ 5] computed
razorhome=, conf=, ident=identity</td>
      <td class="lint_1">0.0002</td>
    </tr>
<!-- Timer: 1091729967.0957, Line Start: 25.08660697937 --> <tr>
      <td>Aug 05 11:19:26.858542 check[25698]: [ 8] Client
supported_engines: 4</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.0959, Line Start: 25.086787939072 --> <tr>
      <td>Aug 05 11:19:26.859540 check[25698]: [ 8] prep_mail done:
mail 1 headers=93, mime0=1376</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.096, Line Start: 25.086974143982 --> <tr>
      <td>Aug 05 11:19:26.860209 check[25698]: [ 7] Can't read file
servers.discovery.lst, looking relatve to </td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.0962, Line Start: 25.087163925171 --> <tr>
      <td>Aug 05 11:19:26.860567 check[25698]: [ 5] Can't read file
/servers.discovery.lst: No such file or directory</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.0964, Line Start: 25.087347984314 --> <tr>
      <td>Aug 05 11:19:26.860894 check[25698]: [ 7] Can't read file
servers.nomination.lst, looking relatve to </td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0966, Line Start: 25.087537050247 --> <tr>
      <td>Aug 05 11:19:26.861218 check[25698]: [ 5] Can't read file
/servers.nomination.lst: No such file or directory</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.097, Line Start: 25.08788895607 --> <tr>
      <td>Aug 05 11:19:26.861539 check[25698]: [ 7] Can't read file
servers.catalogue.lst, looking relatve to </td>
      <td class="lint_1">0.00035</td>
    </tr>
<!-- Timer: 1091729967.0972, Line Start: 25.088104009628 --> <tr>
      <td>Aug 05 11:19:26.861850 check[25698]: [ 5] Can't read file
/servers.catalogue.lst: No such file or directory</td>
      <td class="lint_1">0.00022</td>
    </tr>
<!-- Timer: 1091729967.0974, Line Start: 25.088282108307 --> <tr>
      <td>Aug 05 11:19:26.862408 check[25698]: [ 5] no listfile:
servers.catalogue.lst</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0975, Line Start: 25.088462114334 --> <tr>
      <td>Aug 05 11:19:26.862750 check[25698]: [ 6] no discovery
listfile: servers.discovery.lst</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0977, Line Start: 25.088643074036 --> <tr>
      <td>Aug 05 11:19:26.862970 check[25698]: [ 5] Finding Discovery
Servers via DNS in the razor2.cloudmark.com zone</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0979, Line Start: 25.088824987411 --> <tr>
      <td>Aug 05 11:19:26.956346 check[25698]: [ 6] Found 1 Discovery
Servers via DNS in the razor2.cloudmark.com zone</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0981, Line Start: 25.089009046555 --> <tr>
      <td>Aug 05 11:19:26.956771 check[25698]: [ 8] Checking with Razor
Discovery Server 66.151.150.12</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0983, Line Start: 25.089183092117 --> <tr>
      <td>Aug 05 11:19:26.957105 check[25698]: [ 6] No port specified,
using 2703</td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.0984, Line Start: 25.089358091354 --> <tr>
      <td>Aug 05 11:19:26.957310 check[25698]: [ 5] Connecting to
66.151.150.12 ...</td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.0986, Line Start: 25.08952999115 --> <tr>
      <td>Aug 05 11:19:27.008132 check[25698]: [ 8] Connection
established</td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.0988, Line Start: 25.089719057083 --> <tr>
      <td>Aug
05 11:19:27.008533 check[25698]: [ 4] 66.151.150.12 &gt;&gt; 35 server
greeting: sn=D&amp;srl=445&amp;a=l&amp;a=cg&amp;ep4=7542-10
      </td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.099, Line Start: 25.089900016785 --> <tr>
      <td>Aug 05 11:19:27.009137 check[25698]: [ 4] 66.151.150.12
&lt;&lt; 12</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0992, Line Start: 25.090078115463 --> <tr>
      <td>Aug 05 11:19:27.009372 check[25698]: [ 6] a=g&amp;pm=csl
      </td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0993, Line Start: 25.09025812149 --> <tr>
      <td>Aug 05 11:19:27.032983 check[25698]: [ 4] 66.151.150.12
&gt;&gt; 76</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0995, Line Start: 25.090438127518 --> <tr>
      <td>Aug 05 11:19:27.033262 check[25698]: [ 6] response to sent.1</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.0997, Line Start: 25.090601921082 --> <tr>
      <td>-csl=?
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.0998, Line Start: 25.090768098831 --> <tr>
      <td>wonder.cloudmark.com
      </td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.1, Line Start: 25.090955972672 --> <tr>
      <td>thrill.cloudmark.com
      </td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1002, Line Start: 25.091125011444 --> <tr>
      <td>pride.cloudmark.com
      </td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.1004, Line Start: 25.091288089752 --> <tr>
      <td>.
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.1006, Line Start: 25.091532945633 --> <tr>
      <td>Aug 05 11:19:27.033808 check[25698]: [ 8] Discovery Server
66.151.150.12 replying with csl=wonder.cloudmark.com</td>
      <td class="lint_1">0.00024</td>
    </tr>
<!-- Timer: 1091729967.1008, Line Start: 25.091741085052 --> <tr>
      <td>Aug 05 11:19:27.034045 check[25698]: [ 8] Discovery Server
66.151.150.12 replying with csl=thrill.cloudmark.com</td>
      <td class="lint_1">0.00021</td>
    </tr>
<!-- Timer: 1091729967.101, Line Start: 25.09192609787 --> <tr>
      <td>Aug 05 11:19:27.034269 check[25698]: [ 8] Discovery Server
66.151.150.12 replying with csl=pride.cloudmark.com</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1012, Line Start: 25.092103004456 --> <tr>
      <td>Aug 05 11:19:27.034741 check[25698]: [ 4] 66.151.150.12
&lt;&lt; 12</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1014, Line Start: 25.092289924622 --> <tr>
      <td>Aug 05 11:19:27.034964 check[25698]: [ 6] a=g&amp;pm=nsl
      </td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1015, Line Start: 25.092468976974 --> <tr>
      <td>Aug 05 11:19:27.059506 check[25698]: [ 4] 66.151.150.12
&gt;&gt; 51</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1018, Line Start: 25.092689990997 --> <tr>
      <td>Aug 05 11:19:27.059771 check[25698]: [ 6] response to sent.2</td>
      <td class="lint_1">0.00022</td>
    </tr>
<!-- Timer: 1091729967.1019, Line Start: 25.092854976654 --> <tr>
      <td>-nsl=?
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.1021, Line Start: 25.093017101288 --> <tr>
      <td>folly.cloudmark.com
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.1023, Line Start: 25.093178987503 --> <tr>
      <td>joy.cloudmark.com
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.1024, Line Start: 25.093337059021 --> <tr>
      <td>.
      </td>
      <td class="lint_1">0.00016</td>
    </tr>
<!-- Timer: 1091729967.1026, Line Start: 25.093514919281 --> <tr>
      <td>Aug 05 11:19:27.060307 check[25698]: [ 8] Discovery Server
66.151.150.12 replying with nsl=folly.cloudmark.com</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1028, Line Start: 25.093701124191 --> <tr>
      <td>Aug 05 11:19:27.060556 check[25698]: [ 8] Discovery Server
66.151.150.12 replying with nsl=joy.cloudmark.com</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.103, Line Start: 25.093883991241 --> <tr>
      <td>Aug 05 11:19:27.061127 check[25698]: [ 5] no razorhome, not
caching server info to disk</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1032, Line Start: 25.094078063965 --> <tr>
      <td>Aug 05 11:19:27.061558 check[25698]: [ 6] losing old server
connection, 66.151.150.12, for new server, pride.cloudmark.com</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1033, Line Start: 25.094257116318 --> <tr>
      <td>Aug 05 11:19:27.061828 check[25698]: [ 5] disconnecting from
server 66.151.150.12</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1035, Line Start: 25.094433069229 --> <tr>
      <td>Aug 05 11:19:27.062262 check[25698]: [ 4] 66.151.150.12
&lt;&lt; 5</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1037, Line Start: 25.094604969025 --> <tr>
      <td>Aug 05 11:19:27.062490 check[25698]: [ 6] a=q
      </td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729967.1039, Line Start: 25.094784021378 --> <tr>
      <td>Aug 05 11:19:27.062923 check[25698]: [ 5] Connecting to
pride.cloudmark.com ...</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.104, Line Start: 25.094973087311 --> <tr>
      <td>Aug 05 11:19:27.090512 check[25698]: [ 3] Unable to connect
to pride.cloudmark.com:2703; Reason: Connection refused.</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1042, Line Start: 25.095155954361 --> <tr>
      <td>Aug 05 11:19:27.091112 check[25698]: [ 5] no razorhome, not
caching server info to disk</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.1045, Line Start: 25.095417022705 --> <tr>
      <td>Aug 05 11:19:27.091363 check[25698]: [ 8] Using next closest
server pride.cloudmark.com:2703, cached info srl <unknown></unknown></td>
      <td class="lint_1">0.00026</td>
    </tr>
<!-- Timer: 1091729967.1047, Line Start: 25.095607042313 --> <tr>
      <td>Aug 05 11:19:27.091705 check[25698]: [ 8] mail 1 has no
subject</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1049, Line Start: 25.095788002014 --> <tr>
      <td>Aug 05 11:19:27.094160 check[25698]: [ 6] preproc: mail 1.0
went from 1376 bytes to 1339 </td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729967.166, Line Start: 25.156889915466 --> <tr>
      <td>Aug 05 11:19:27.094437 check[25698]: [ 8] wadebug: razor2
check could not connect to any servers</td>
      <td class="lint_1">0.0611</td>
    </tr>
<!-- Timer: 1091729967.1664, Line Start: 25.157370090485 --> <tr>
      <td>debug: leaving helper-app run mode</td>
      <td class="lint_1">0.00048</td>
    </tr>
<!-- Timer: 1091729967.1673, Line Start: 25.158224105835 --> <tr>
      <td>rning: no ep4 for server pride.cloudmark.com, using 7542-10</td>
      <td class="lint_1">0.00085</td>
    </tr>
<!-- Timer: 1091729967.1675, Line Start: 25.1584649086 --> <tr>
      <td>Aug 05 11:19:27.105557 check[25698]: [ 6] computing sigs for
mail 1.0, len 1339</td>
      <td class="lint_1">0.00024</td>
    </tr>
<!-- Timer: 1091729967.1677, Line Start: 25.158659934998 --> <tr>
      <td>Aug 05 11:19:27.108308 check[25698]: [ 6] skipping whitelist
file (empty?): razor-whitelist</td>
      <td class="lint_1">0.0002</td>
    </tr>
<!-- Timer: 1091729967.1679, Line Start: 25.158846139908 --> <tr>
      <td>Aug 05 11:19:27.108646 check[25698]: [ 5] Connecting to
pride.cloudmark.com ...</td>
      <td class="lint_1">0.00019</td>
    </tr>
<!-- Timer: 1091729967.1681, Line Start: 25.15904211998 --> <tr>
      <td>Aug 05 11:19:27.134709 check[25698]: [ 3] Unable to connect
to pride.cloudmark.com:2703; Reason: Connection refused.</td>
      <td class="lint_1">0.0002</td>
    </tr>
<!-- Timer: 1091729967.1685, Line Start: 25.159454107285 --> <tr>
      <td>debug: Razor2 results: spam? 0 highest cf score: 0</td>
      <td class="lint_1">0.00041</td>
    </tr>
<!-- Timer: 1091729967.1738, Line Start: 25.164735078812 --> <tr>
      <td>debug: running raw-body-text per-line regexp tests; score so
far=2.79</td>
      <td class="lint_1">0.00528</td>
    </tr>
<!-- Timer: 1091729967.3393, Line Start: 25.330199956894 --> <tr>
      <td>debug: running uri tests; score so far=2.79</td>
      <td class="lint_1">0.16546</td>
    </tr>
<!-- Timer: 1091729967.3405, Line Start: 25.331457138062 --> <tr>
      <td>debug: uri tests: Done uriRE</td>
      <td class="lint_1">0.00126</td>
    </tr>
<!-- Timer: 1091729971.4543, Line Start: 29.445227146149 --> <tr>
      <td>debug: running full-text regexp tests; score so far=2.79</td>
      <td class="lint_5">4.11377</td>
    </tr>
<!-- Timer: 1091729971.4561, Line Start: 29.447041988373 --> <tr>
      <td>debug: Current PATH is:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin</td>
      <td class="lint_1">0.00181</td>
    </tr>
<!-- Timer: 1091729971.4576, Line Start: 29.448554039001 --> <tr>
      <td>debug: Pyzor is not available: pyzor not found</td>
      <td class="lint_1">0.00151</td>
    </tr>
<!-- Timer: 1091729971.4582, Line Start: 29.449120044708 --> <tr>
      <td>debug: DCCifd is not available: no r/w dccifd socket found.</td>
      <td class="lint_1">0.00057</td>
    </tr>
<!-- Timer: 1091729971.4587, Line Start: 29.449651002884 --> <tr>
      <td>debug: DCC is available: /usr/local/bin/dccproc</td>
      <td class="lint_1">0.00053</td>
    </tr>
<!-- Timer: 1091729971.4596, Line Start: 29.450487136841 --> <tr>
      <td>debug: entering helper-app run mode</td>
      <td class="lint_1">0.00084</td>
    </tr>
<!-- Timer: 1091729972.1621, Line Start: 30.152981996536 --> <tr>
      <td>debug: DCC: got response: X-DCC-dmv.com-Metrics:
ns1.fractalweb.com 1181; Body=13218 Fuz1=445885 Fuz2=445880</td>
      <td class="lint_2">0.70249</td>
    </tr>
<!-- Timer: 1091729972.1623, Line Start: 30.153232097626 --> <tr>
      <td>debug: leaving helper-app run mode</td>
      <td class="lint_1">0.00025</td>
    </tr>
<!-- Timer: 1091729972.1625, Line Start: 30.153414011002 --> <tr>
      <td>debug: Razor2 is available</td>
      <td class="lint_1">0.00018</td>
    </tr>
<!-- Timer: 1091729972.1627, Line Start: 30.153581142426 --> <tr>
      <td>debug: all '*To' addrs: </td>
      <td class="lint_1">0.00017</td>
    </tr>
<!-- Timer: 1091729972.2727, Line Start: 30.263597011566 --> <tr>
      <td>debug: RBL: success for 1 of 1 queries</td>
      <td class="lint_1">0.11002</td>
    </tr>
<!-- Timer: 1091729972.2738, Line Start: 30.264693975449 --> <tr>
      <td>debug: running meta tests; score so far=2.79</td>
      <td class="lint_1">0.0011</td>
    </tr>
<!-- Timer: 1091729972.3892, Line Start: 30.380161046982 --> <tr>
      <td>debug: is spam? score=2.79 required=5
tests=DATE_MISSING,NO_REAL_NAME,RM_tl_ToNone</td>
      <td class="lint_1">0.11547</td>
    </tr>
    <tr>
      <td><b>Finish - Total Time</b></td>
      <td align="right"><b>30.51904</b></td>
    </tr>
  </tbody>
</table>
<br>
</body>
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From el.baby at GMAIL.COM  Thu Aug  5 19:56:46 2004
From: el.baby at GMAIL.COM (Mariano Absatz)
Date: Thu Jan 12 21:26:29 2006
Subject: Dodgy virus scanner
Message-ID: <mailman.393.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 5 Aug 2004 16:35:58 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> Me thinks F-Prot is being a little over eager. I assume they are running
> some F-Prot email virus scanner in addition to MailScanner.
yup... I don't know what AV he's running,  I contacted him off-list
'cause every attachment I sent triggered that... I explained him, in
plain Spanish, that he should not be bouncing viruses or spams 'cause
originating addresses for real viruses and spams are 99.9% fake, but
he doesn't...

The 'heuristic' applied, apparently, is the double extension
thingie... but much less specific... kinda, if it has 2 dots in it, it
is a virus :-(

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From idan at SECURENET.CO.IL  Thu Aug  5 20:15:18 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.394.1137101189.24926.mailscanner@lists.mailscanner.info>

I can see that in the normal Score spam I can configure bounce, there is
a way to configure it somehow in high score spam in this version 

In MailScanner 4.32.5 there is option to config bounce ?

Thanks a lot.


-----Original Message-----
From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
Sent: Thursday, August 05, 2004 2:50 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: High Score bounce in mailscanner-4.30.3-2

At 13:19 05/08/2004, you wrote:
>Hi All,
>
>In the older versions I could bounce high score spam and in
>mailscanner-4.30.3-2 I cant.
>Someone know why ? And if there is another way to config this option ?

Bouncing spam is *such* a bad idea, that the short answer is you can't.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug  5 20:22:43 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.395.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-05 at 20:15, Idan Plotnik wrote:
> I can see that in the normal Score spam I can configure bounce, there is
> a way to configure it somehow in high score spam in this version
>
> In MailScanner 4.32.5 there is option to config bounce ?

Julian already replied to you.
Bouncing spam is _bad_
Please do not do it.

There are _no_ valid reasons for bouncing spam. NONE

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From idan at SECURENET.CO.IL  Thu Aug  5 20:29:54 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.396.1137101189.24926.mailscanner@lists.mailscanner.info>

Hello Michele,

This is the policy of the customer organization.
There are 2 options:
1. Roll back to MailScanner-4.25 (I don't want to but the customer
insist)
2. Manage this feather to work.



-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Thursday, August 05, 2004 9:23 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: High Score bounce in mailscanner-4.30.3-2

On Thu, 2004-08-05 at 20:15, Idan Plotnik wrote:
> I can see that in the normal Score spam I can configure bounce, there
is
> a way to configure it somehow in high score spam in this version
>
> In MailScanner 4.32.5 there is option to config bounce ?

Julian already replied to you.
Bouncing spam is _bad_
Please do not do it.

There are _no_ valid reasons for bouncing spam. NONE

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From rzewnickie at RFA.ORG  Thu Aug  5 20:48:59 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:29 2006
Subject: MTA preferences for use with MailScanner
Message-ID: <mailman.397.1137101189.24926.mailscanner@lists.mailscanner.info>

On Wed, Aug 04, 2004 at 03:28:34PM -0300, Mariano Absatz wrote:
> On Tue, 3 Aug 2004 18:46:39 -0400, Eric Dantan Rzewnicki
> <rzewnickie@rfa.org> wrote:
> > On Thu, Jul 29, 2004 at 08:38:57AM -0300, Mariano Absatz wrote:
> > > I heard, from knowledgable people, that both Postfix and Exim are
> > > nice, easy to configure and have good documentation and mailing list
> > > support... the only thing that I disliked was when Julian said that
> > > the queue format of Postfix is binary and not plain ASCII... this
> > > scares me a lot since, in a crisis, you aren't able to use your
> > > average set of text tools to resolve it...
> > Is this really true? I know postfix queuefiles don't have linebreaks in
> > them, but does that make them binary?
> > Anyway, postfix comes with the postcat utility which takes a queuefile
> > and prints it to standard out nicely formatted with line breaks. So, you
> > can do whatever standard text manipulations on it you desire. The
> > postdrop utility is also useful for dealing with queuefiles.
> There's more to mail queue files than the message itself... you
> usually have the envelope, maybe including status info... I guess the
> utility you name doesn't nicely print them... nor is there a utility
> to reverse the process (or is it?).

I'm not sure about reversing the process ... but, the output of postcat
does include the envelope information, I think. (appologies if I'm wrong
on that)

> Since MailScanner _needs_ the envelope info and has to rebuild it when
> it finishes, it has no other route than mess with the binary files...
> As to the 'standard' way of interacting with Postfix, I don't know,
> but I suspect it is something similar to milter, that gets called for
> every message...

amavis uses postfix's content filter which, as you said, can only do a
single message at a time iiuc.

> The beauty and speed of MailScanner comes from the fact that it
> batches quite a few messages ans processes all of them together,
> invoking the virus scanner for all the attachments of all the messages
> in one sweep thus saving loads of 'system' invocations for this...

and that's one of many reasons I'm using MailScanner instead of amavis,
even though postfix's author doesn't approve.

> Maybe I'm too used to zmailer, which uses the same model MailScanner
> does (process interaction is mostly performed via the filesystem), but
> I love it... if something's going wrong in some place I can stop only
> one piece and let the rest keep working while I repair it...

I'm still using 2 postfix instances with MailScanner for the same
reason (well, in addition the hold queue not being available in the old
postfix version included in debian stable). I can start and stop postfix
incoming and outgoing separately from each other and from mailscanner.

-Eric Rz.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From krausem at GMAIL.COM  Thu Aug  5 21:33:34 2004
From: krausem at GMAIL.COM (Matt Krause)
Date: Thu Jan 12 21:26:29 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.398.1137101189.24926.mailscanner@lists.mailscanner.info>

Yep, everything else is fine. The log states it is store forward but
then it never requeues the message after that like in a working
example. Maybe it is a postfix issue, but I'm not sure.  I upgraded to
Postfix 2.1.3 yesterday hoping it would fix it, but it didn't.

I have attached a working box log and a log from the non-working box.
Everything looks the same except the non working box doesn't requeue
the message to forward it on.

Thanks a lot.

Matt

On Thu, 5 Aug 2004 12:14:29 -0300, Mariano Absatz <el.baby@gmail.com> wrote:
> On Thu, 5 Aug 2004 08:03:56 -0700, Matt Krause <krausem@gmail.com> wrote:
> > # Configuration directory containing files related to MCP
> > # (Message Content Protection)
> > %mcp-dir% = /opt/MailScanner/etc/mcp
> ....
> <SNIP>
> Strange... everything seems just fine... and you say the log states
> that actions are 'store forward'...
>
> Sorry 'bout really stupid questions, but is the forwarded address
> correctly spelled? can you send a message from within the mailscanner
> server to the forwarded address and is it delivered?
>
> Sorry, but I can't think of what can be wrong...
>
>
>
> --
> Mariano Absatz - El Baby
> el (dot) baby (AT) gmail (dot) com
> el (punto) baby (ARROBA:@) gmail (punto) com
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, Text/PLAIN (Name: "goodboxlog.txt")  47 lines. ]
    [ Unable to print this part. ]


    [ Part 3, Text/PLAIN (Name: "badboxlog.txt")  86 lines. ]
    [ Unable to print this part. ]


From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug  5 21:34:17 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.399.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-05 at 20:29, Idan Plotnik wrote:
> Hello Michele,
>
> This is the policy of the customer organization.
> There are 2 options:
> 1. Roll back to MailScanner-4.25 (I don't want to but the customer
> insist)
> 2. Manage this feather to work.

Why can't you simply delete the spam?

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From krausem at GMAIL.COM  Thu Aug  5 21:34:50 2004
From: krausem at GMAIL.COM (Matt Krause)
Date: Thu Jan 12 21:26:29 2006
Subject: MailScanner bypassing postfix always_bcc option
Message-ID: <mailman.400.1137101189.24926.mailscanner@lists.mailscanner.info>

Thanks, that is what I thought.  Is that mentioned anywhere in the
README files?  I don't remember seeing anything like that, but if it's
not, it might be a good idea to stick that in.

Thanks for the quick response.

Matt

On Thu, 5 Aug 2004 09:17:43 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 22:52 04/08/2004, you wrote:
> >Does anyone else have the issue of if MailScanner detects a mcp
> >message or spam, it bypasses the always_bcc option in Postfix and just
> >forwards it on to the account specified in MailScanner.conf if you so
> >chose to forward spam and mcp messages?
> >
> >Is MailScanner supposed to act like this?
>
> Yes. It only forwards the message to the addresses you told it to. It has
> no way of knowing where the recipients list came from, whether it was an
> original recipient in the message from when it was created or whether it
> was added by a later gateway.
>
> >   If so, I guess the only way
> >to get it to forward to both is to set multiple address in
> >MailScanner.conf under the spam and MCP sections?
>
> Correct.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From peter at UCGBOOK.COM  Thu Aug  5 22:26:39 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:29 2006
Subject: SURBL installation
Message-ID: <mailman.401.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Today I installed the SURBL as packaged on FSL.com. Thanks Steve for
making it easy. I had good use of the INSTALL file but I would like to
point out a couple of minor issues.

1. "perl -MCPAM" (note that it says CPAM, not CPAN) should be "perl
-MCPAN -e shell" on line 9. CPAN easily pulls URI on the fly so there's
little reason providing it if not also providing SpamCopURI for those
who can't or don't want to use CPAN.

2. Later it says to check for successful installation by looking for
"debug: uri tests: Done uriRE". I had that output before installation
too..? I didn't see any changes in the debug output after installation.

3. In the list of files to remove you mention antidrug.cf. I don't think
that is included in SURBL. Matt Kettler explained to me that it can't be
either since it's using such complex RE that the zone file would be huge.

4. I edited your cf-file to use the bitmask-combined multi-list instead
since that's makes more efficient use of net resources. Less lookups,
better cache hit rate. You may want to change the included file since
SpamCopURI supports bitmasked results as of version 0.20.

5. I also added the Phishing list that's only available using the
multi-list.

I set all lists to 4 points and they are working beautifully! Since
BigEvil grew tenfold a couple of weeks ago every MS process used 60 MB,
I'm now down to 30 MB and the load average is around half of what it
used to be. Very nice. Everyone should do this very easy upgrade. I
regret not doing it earlier.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From idan at SECURENET.CO.IL  Thu Aug  5 22:38:55 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.402.1137101189.24926.mailscanner@lists.mailscanner.info>

I told you, because this is the customer organization policy.

BTW, I made an upgrade to MailScanner 4-32-5.1 and I can't configure
this feather either :(
Please help me if you can.

Look at this...

Aug  6 00:35:25 localhost MailScanner[24675]: Message i75LZLh7024691
from 192.117.173.1 (idan@securenet.co.il) to rcip.co.il is spam,
SpamAssassin (score=16.979, required 6, autolearn=spam, BE_BOSS 0.89,
BigEvilList_50 3.00, BigEvilList_96 3.00, CLICK_BELOW_CAPS 0.57,
HTML_70_80 0.10, HTML_FONTCOLOR_UNKNOWN 0.10, HTML_LINK_CLICK_CAPS 0.50,
HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, HTML_WEB_BUGS 0.59,
MY_DIMENSION_GIF 0.86, MY_SHRT_IMG 0.85, PORN_4 1.30, PRIORITY_NO_NAME
0.83, REMOVE_PAGE 0.82, SARE_ADLTSUB2 1.67, WORK_AT_HOME 1.28,
X_PRIORITY_HIGH 0.52)
Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks: Found 1 spam
messages
Aug  6 00:35:26 localhost MailScanner[24675]: Spam Actions: message
i75LZLh7024691 actions are bounce
Aug  6 00:35:26 localhost MailScanner[24675]: Will not bounce
high-scoring spam
Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks completed at
19259 bytes per second
Aug  6 00:35:26 localhost MailScanner[24675]: Virus and Content
Scanning: Starting
Aug  6 00:35:26 localhost MailScanner[24675]: Virus Scanning completed
at 19259 bytes per second
Aug  6 00:35:26 localhost MailScanner[24675]: Virus Processing completed
at 19259 bytes per second
Aug  6 00:35:26 localhost MailScanner[24675]: Disinfection completed at
19259 bytes per second
Aug  6 00:35:26 localhost MailScanner[24675]: Batch completed at 9629
bytes per second (19259 / 2)

Thanks



-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Thursday, August 05, 2004 10:34 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: High Score bounce in mailscanner-4.30.3-2

On Thu, 2004-08-05 at 20:29, Idan Plotnik wrote:
> Hello Michele,
>
> This is the policy of the customer organization.
> There are 2 options:
> 1. Roll back to MailScanner-4.25 (I don't want to but the customer
> insist)
> 2. Manage this feather to work.

Why can't you simply delete the spam?

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug  5 22:44:33 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.403.1137101189.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-05 at 22:38, Idan Plotnik wrote:
> I told you, because this is the customer organization policy.

Dumb and dangerous policy. Let me know who it is offlist so that I can
blacklist them entirely :)

>
> BTW, I made an upgrade to MailScanner 4-32-5.1 and I can't configure
> this feather either :(
> Please help me if you can.
What's wrong with it?
It's doing what it's meant to do except bounce spam which Julian has
already told you is not possible.

>
> Look at this...
>
> Aug  6 00:35:25 localhost MailScanner[24675]: Message i75LZLh7024691
> from 192.117.173.1 (idan@securenet.co.il) to rcip.co.il is spam,
> SpamAssassin (score=16.979, required 6, autolearn=spam, BE_BOSS 0.89,
> BigEvilList_50 3.00, BigEvilList_96 3.00, CLICK_BELOW_CAPS 0.57,
> HTML_70_80 0.10, HTML_FONTCOLOR_UNKNOWN 0.10, HTML_LINK_CLICK_CAPS 0.50,
> HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, HTML_WEB_BUGS 0.59,
> MY_DIMENSION_GIF 0.86, MY_SHRT_IMG 0.85, PORN_4 1.30, PRIORITY_NO_NAME
> 0.83, REMOVE_PAGE 0.82, SARE_ADLTSUB2 1.67, WORK_AT_HOME 1.28,
> X_PRIORITY_HIGH 0.52)
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks: Found 1 spam
> messages
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Actions: message
> i75LZLh7024691 actions are bounce
> Aug  6 00:35:26 localhost MailScanner[24675]: Will not bounce
> high-scoring spam
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks completed at
> 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus and Content
> Scanning: Starting
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus Scanning completed
> at 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus Processing completed
> at 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Disinfection completed at
> 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Batch completed at 9629
> bytes per second (19259 / 2)
>
> Thanks
>
>
>
> -----Original Message-----
> From: Michele Neylon : Blacknight Solutions
> [mailto:michele@BLACKNIGHTSOLUTIONS.COM]
> Sent: Thursday, August 05, 2004 10:34 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: High Score bounce in mailscanner-4.30.3-2
>
> On Thu, 2004-08-05 at 20:29, Idan Plotnik wrote:
> > Hello Michele,
> >
> > This is the policy of the customer organization.
> > There are 2 options:
> > 1. Roll back to MailScanner-4.25 (I don't want to but the customer
> > insist)
> > 2. Manage this feather to work.
>
> Why can't you simply delete the spam?
>
> --
> Mr. Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> +353 59 913 7101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Thu Aug  5 22:52:46 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.404.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:
> I told you, because this is the customer organization policy.
>

I am not the manager of your organization, but I'd drop this customer if
he can't understand that you can store, or tag & deliver high-scoring
spam, but bouncing it is against the (evolving) implicit rules of
internet mail.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Thu Aug  5 23:02:50 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.405.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi!

> I've had problems with Razor this week.
>
> Check with
>
>   spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
>
> and see if that's working properly.
>
>   razor-admin -discover
>
> sorted it for me.

> > Not sure if this is common knowledge or not. I searched the
> > 1500-odd messages I have here from this list and haven't
> > found anything about it.

And check what SA rulesets you are using, are you using BigEvil ?

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Aug  5 23:18:02 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.406.1137101189.24926.mailscanner@lists.mailscanner.info>

Idan Plotnik wrote:
> I told you, because this is the customer organization policy.
>
> BTW, I made an upgrade to MailScanner 4-32-5.1 and I can't configure
> this feather either :(
> Please help me if you can.

Idan,

It sounds like it's more of a customer education policy than a technical
issue.  Perhaps someone here knows of a good, simple explanation on the web
somewhere that Idan could share with his customers?  It's easy for us to
realize why it's a bad policy to bounce spam, especially high scoring spam,
but business people tend to be a bit more cautious and don't really
understand the many good reasons for deleting it.

One alternative you might offer them is to forward it to an account they can
read, and then manually deal with.  After browsing through several thousand
messages I'm sure they'll realize that dropping them is a *really* good
idea!

By the way, "feather" is what's on a bird - you mean "feature".

La'heetroat...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From KGoods at AIAINSURANCE.COM  Thu Aug  5 23:22:53 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:29 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.407.1137101189.24926.mailscanner@lists.mailscanner.info>

Kevin Miller scribbled on Thursday, August 05, 2004 3:18 PM:

> Idan Plotnik wrote:
>> I told you, because this is the customer organization policy.
>>
>> BTW, I made an upgrade to MailScanner 4-32-5.1 and I can't configure
>> this feather either :( Please help me if you can.
>
> Idan,
>
> It sounds like it's more of a customer education policy than
> a technical
> issue.  Perhaps someone here knows of a good, simple
> explanation on the web
> somewhere that Idan could share with his customers?  It's
> easy for us to
> realize why it's a bad policy to bounce spam, especially high scoring
> spam, but business people tend to be a bit more cautious and don't
> really understand the many good reasons for deleting it.
>
> One alternative you might offer them is to forward it to an account
> they can read, and then manually deal with.  After browsing through
> several thousand
> messages I'm sure they'll realize that dropping them is a *really*
> good idea!
>
> By the way, "feather" is what's on a bird - you mean "feature".
>
> La'heetroat...
>
> ...Kevin

He could try this.

From: http://www.aota.net/Email_Spam_Prevention_and_Mgmt/receivedspam.php4

It is NOT recommended to reply to spam, or to request to be removed from the
sender's list, unless you believe the mailing has been sent by a reputable
list manager. It is believed that in many cases, requesting to be "removed"
from a spam mailing only confirms a valid email address to the spammers and
may result in your receiving even more unwanted email.

Likewise, it is not recommended to bounce spam back to the sender. Sending
bounce notices has been observed to be ineffective in having spammers remove
your email address from their list. Most spammers do not use a real email
address for the sender of the email, and oftentimes forge the email address
of an arbitrary third party. Since the bounce messages would most likely not
be sent back to the spammer, and may be sent to an innocent third party, it
is better not to send any bounce notice.

Regards,
Ken

Ken Goods
Network Administrator
MIS Dept.
AIA Insurance, Inc.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From gcle at SMCAUS.COM.AU  Thu Aug  5 23:30:49 2004
From: gcle at SMCAUS.COM.AU (Gerard Cleary)
Date: Thu Jan 12 21:26:29 2006
Subject: A virus inside a zip file inside another zip file of SAME name is
    not discovered
Message-ID: <mailman.408.1137101189.24926.mailscanner@lists.mailscanner.info>

We received such a virus but luckily the user became suspicious at a zip
being inside a zip file.
I tried putting the eicar test virus inside such a setup but Linux zip
doesn't bother doing the second level zip if I use the same name. So I
changed the name of the second level zip file, created the second level
archive file then used vi on that archive file to change the name of the
first level archive to be the same as the second level archive file. I ended
up with the eicar test virus inside a zip file called level2.zip which was
enclosed in another zip file called level2. MailScanner allows this file to
pass without comment. I can unzip the file to get to the enclosed eicar test
virus. On the second unzip, I get asked if I want to overwrite the existing
level2 file. If I use the same 2 level archive file but change the name of
the inside archive file to say level3.zip, MailScanner correctly catches the
eicar test virus and leaves its calling card message.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Thu Aug  5 23:43:34 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: A virus inside a zip file inside another zip file of SAME name
    is not discovered
Message-ID: <mailman.409.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi!

> We received such a virus but luckily the user became suspicious at a zip
> being inside a zip file.

What version MailScanner are you using? I assume its a little older
version?

There were some changes recently to avoid this behaviour, and also most of
the virus scanning engines were updates to support this. Did you update
both recently ? (Your AV solution and MS ?)

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From peter at UCGBOOK.COM  Thu Aug  5 23:52:03 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:29 2006
Subject: A virus inside a zip file inside another zip file of SAME name
    is not discovered
Message-ID: <mailman.410.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Gerard Cleary wrote:
> We received such a virus but luckily the user became suspicious at a zip
> being inside a zip file.
> I tried putting the eicar test virus inside such a setup but Linux zip
> doesn't bother doing the second level zip if I use the same name. So I
> changed the name of the second level zip file, created the second level
> archive file then used vi on that archive file to change the name of the
> first level archive to be the same as the second level archive file. I ended
> up with the eicar test virus inside a zip file called level2.zip which was
> enclosed in another zip file called level2. MailScanner allows this file to
> pass without comment. I can unzip the file to get to the enclosed eicar test
> virus. On the second unzip, I get asked if I want to overwrite the existing
> level2 file. If I use the same 2 level archive file but change the name of
> the inside archive file to say level3.zip, MailScanner correctly catches the
> eicar test virus and leaves its calling card message.

What version MS are you using? This sounds like the bug Julian posted a
patch for and it's fixed in 4.32.5.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From steve.swaney at FSL.COM  Thu Aug  5 23:59:40 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:29 2006
Subject: SURBL installation
Message-ID: <mailman.411.1137101189.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Peter Bonivart
> Sent: Thursday, August 05, 2004 5:27 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SURBL installation
> 
> Today I installed the SURBL as packaged on FSL.com. Thanks Steve for
> making it easy. I had good use of the INSTALL file but I would like to
> point out a couple of minor issues.
> 
> 1. "perl -MCPAM" (note that it says CPAM, not CPAN) should be "perl
> -MCPAN -e shell" on line 9. CPAN easily pulls URI on the fly so there's
> little reason providing it if not also providing SpamCopURI for those
> who can't or don't want to use CPAN.
> 
> 2. Later it says to check for successful installation by looking for
> "debug: uri tests: Done uriRE". I had that output before installation
> too..? I didn't see any changes in the debug output after installation.
> 
> 3. In the list of files to remove you mention antidrug.cf. I don't think
> that is included in SURBL. Matt Kettler explained to me that it can't be
> either since it's using such complex RE that the zone file would be huge.
> 
> 4. I edited your cf-file to use the bitmask-combined multi-list instead
> since that's makes more efficient use of net resources. Less lookups,
> better cache hit rate. You may want to change the included file since
> SpamCopURI supports bitmasked results as of version 0.20.
> 
> 5. I also added the Phishing list that's only available using the
> multi-list.
> 
> I set all lists to 4 points and they are working beautifully! Since
> BigEvil grew tenfold a couple of weeks ago every MS process used 60 MB,
> I'm now down to 30 MB and the load average is around half of what it
> used to be. Very nice. Everyone should do this very easy upgrade. I
> regret not doing it earlier.
> 
> --
> /Peter Bonivart
> 
Peter,

I and the MS list reader's thank you for catching my typos and pointing out
the imporvements. I'll update and fix tonight. 

As Peter pointed out and people who watch the SUBL mail list now know,
Mail-SpamAssassin-SpamCopURI-0.22 is now available. This new release
provides multi.surbl.org, combined list support, for SpamAssassin 2.63 and
2.64. I'm off for the weekend but will try to re-package
Mail-SpamAssassin-SpamCopURI-0.22 as early as I can. 

For those of you who are not familiar with the clever bit-masking that the
multi.surbl.org server uses I highly recommend visiting www.surbl.com. My
hat is totally off to the SURBL team and the work that they have done to
help all of us beat spam.

On a side note, SpamAssassin 3.0 include naïve support for SURBL. We're
running SpamAssassin 3.0 pre-release 4 on our spam traps and it looks good.
MailScanner (recent versions) support for this release is solid and the
upgrade was very straight forward. Thank you Julian.

I'll detail what we had to do to upgrade to 3.0 on our web site as soon as
3.0 is released and we can test and document. Most of the details are listed
in the UPGRADE file in the release; a few are a bit more subtle. For those
who are running rebuild Bayes from a cron job that runs:

/usr/bin sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild
--force-expire

You will need to change the command to read:

/usr/bin/sa-learn --sync -D /etc/MailScanner/spam.assassin.prefs.conf

There are also changes that you may need to make in
spam.assassin.prefs.conf. There are new configuration settings and some of
your existing settings may cause errors.

SpamAssassin 3.0 also complains about one of the standard Rules_Du_Jour .cf
files but this will probably be straightened out before the final release.

Tracking down these errors was very simple using:

/usr/bin/spamassassin --debug -D -p
/etc/MailScanner/spam.assassin.prefs.conf --lint

The functionality of this command has been improved in SA 3.0. It now shows
the number of problems.
 
Well that's it for tonight
 
Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From gcle at SMCAUS.COM.AU  Fri Aug  6 00:11:34 2004
From: gcle at SMCAUS.COM.AU (Gerard Cleary)
Date: Thu Jan 12 21:26:29 2006
Subject: A virus inside a zip file inside another zip file of SAME name
    is not discovered
Message-ID: <mailman.412.1137101189.24926.mailscanner@lists.mailscanner.info>

Sorry! We are using version 4.28.6. I tried searching the archives using the
keywords "zip" and "inside" but I obviously missed references to the problem.
I'll upgrade to the current MailScanner version. Thank you all for your
amazingly fast response!

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris at FRACTALWEB.COM  Fri Aug  6 02:16:49 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.413.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Raymond Dijkxhoorn wrote:<br>
<blockquote
 cite="midPine.LNX.4.58.0408060002180.18788@mailbox.prolocation.net"
 type="cite">
  <pre wrap=""><!---->
And check what SA rulesets you are using, are you using BigEvil ?

  </pre>
</blockquote>
Raymond,<br>
<br>
As a matter of fact, I am. Should I not?<br>
<br>
I certainly like the extremely high percentage of spam I catch...but
perhaps I can do just as well without it?<br>
<br>
What about Bayes? Do I need to force an expire or anything?<br>
<br>
Thanks,<br>
Chris<br>
</body>
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From lists at BSDADMINS.NET  Fri Aug  6 02:20:44 2004
From: lists at BSDADMINS.NET (David Loszewski)
Date: Thu Jan 12 21:26:29 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.414.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
ok, it's still not working, I loaded 2.63 on.  I have it so that spamd
runs and then I run the mailscanner.  seems to load up fine but it is
still not scanning the mail messages.

Dave

Ugo Bellavance wrote:

> David Loszewski wrote:
>
>> well originally I tried it without the aut-whitelist enabled and it
>> didn't work.  3.00 is the only version I've tried so far, kind of new to
>> spamassassin.  do you recommend that I try an earlier version?
>
>
> Of course, 3.00 is probably still Beta.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mark at TIPPINGMAR.COM  Fri Aug  6 04:32:57 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:29 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.415.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Thursday, August 5, 2004, at 06:20  PM, David Loszewski wrote:

> ok, it's still not working, I loaded 2.63 on.  I have it so that spamd
> runs and then I run the mailscanner.  seems to load up fine but it is
> still not scanning the mail messages.

Wait, see this:
http://www.mailscanner.biz/maq/#howdoigetto

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From greyhair at GREYHAIR.NET  Fri Aug  6 05:19:01 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.416.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris,

   Please forgive if I'm incorrect, but I think most us either the
Perl interface to clamav (Mail::Clamav???) or the command line
interface (clamscan) due to the fact that the daemon had a larger
overhead when scanning files.  I think this overhead was expressed
in both time per file and resources.

   Therefore my guess would be that the answer to your clamdscan
question would be no.

   Is there a reason you would not like to use the Perl or command
line wrapper?  clam works perfectly when installing using defaults
and only a couple of file edits if you want to install clam in an
alternate location.

greyhair.

Chris Conn wrote:
> Julian Field wrote:
>
>> Patch for SweepViruses.pm is attached.
>>
>> It still complains about some lines, but I can't make it take into
>> account
>> every type of irrelevant output line from every possible archive unpacker
>> unfortunately.
>> But it detects the virus just fine.
>>
>> This will be included in the next release, once you have agreed it works
>> okay.
>
>
> Hello,
>
> It seems to work here.  I have been for the longest time been using
> clamdscan instead of clamscan in the clamav-wrapper, and I was under the
> impression in the past that it would work and I have a vague
> recollection of having tested it on .rar files.  However, clamdscan does
> not extract from .rar files it seems even if the scan options for unrar
> is present.  If I change my configuration back to clamscan in the
> wrapper, the patch works on this test.
>
> Is there a way to make clamdscan work properly from the wrapper script?
>  Has anyone used it in this way?
>
> Chris
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Fri Aug  6 06:16:16 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.417.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi!

> >And check what SA rulesets you are using, are you using BigEvil ?

> As a matter of fact, I am. Should I not?
>
> I certainly like the extremely high percentage of spam I catch...but
> perhaps I can do just as well without it?

Look at the size of BigEvil, its no surprise you experience trouble i
think. Convert those to SURBL (www.surbl.org) and you will see a drop in
CPU for sure.

> What about Bayes? Do I need to force an expire or anything?

No, first check the above.

Thanks,
Raymond

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Fri Aug  6 06:17:44 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: SpamAssassin not working with MailScanner
Message-ID: <mailman.418.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi!

> ok, it's still not working, I loaded 2.63 on.  I have it so that spamd
> runs and then I run the mailscanner.  seems to load up fine but it is
> still not scanning the mail messages.

> >> well originally I tried it without the aut-whitelist enabled and it
> >> didn't work.  3.00 is the only version I've tried so far, kind of new to
> >> spamassassin.  do you recommend that I try an earlier version?

MailScanner does NOT need spamd, so you could safely stop that.

Bye,
Raymond

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From davidj at IMPOL.NET  Fri Aug  6 08:23:42 2004
From: davidj at IMPOL.NET (David Jacobson)
Date: Thu Jan 12 21:26:29 2006
Subject: Virus Scanner Order + Reports
Message-ID: <mailman.419.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-html>

<br><font size=2 face="sans-serif">Hi,</font>
<br>
<br><font size=2 face="sans-serif">I apologise if this has been discussed
in the past, however I cannot find any information relating to this.</font>
<br><font size=2 face="sans-serif">In terms of appending multiple virus
scanners to MailScanner how does it work with reports for example</font>
<br><font size=2 face="sans-serif">in the mailwatch interface. &nbsp;If
I put bitdefender before clamav and do the reporting will I see bitdefender</font>
<br><font size=2 face="sans-serif">signature names and if bitdefender does
not pick it up then clamav, or a mixture of both?</font>
<br>
<br><font size=2 face="sans-serif">Also, I assume even if one virus scanner
picks up a virus does the other scanner still scan it?</font>
<br>
<br><font size=2 face="sans-serif">Kind regards,<br>
<br>
David Jacobson<br>
Network Security Administrator<br>
<br>
Imperial Online - The Imperial Connection<br>
<br>
Switchboard (+27) 11 723-8000<br>
Helpdesk (+27) 11 723-8181<br>
Mobile &nbsp;(+27) 83 235-0760<br>
Facsimile (+27) 11 454 1236 <br>
Email &nbsp;davidj@impol.net</font>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>

</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Aug  6 08:50:55 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: Virus Scanner Order + Reports
Message-ID: <mailman.420.1137101189.24926.mailscanner@lists.mailscanner.info>

David Jacobson wrote:
> Also, I assume even if one virus scanner picks up a virus does the
> other scanner still scan it?
It should be scanned by all the AV engines, so you should see a virus
detected string for each one




Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cconn at ABACOM.COM  Fri Aug  6 14:19:51 2004
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.421.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
greyhair wrote:

> Chris,
>
>   Please forgive if I'm incorrect, but I think most us either the
> Perl interface to clamav (Mail::Clamav???) or the command line
> interface (clamscan) due to the fact that the daemon had a larger
> overhead when scanning files.  I think this overhead was expressed
> in both time per file and resources.
>
>   Therefore my guess would be that the answer to your clamdscan
> question would be no.
>
>   Is there a reason you would not like to use the Perl or command
> line wrapper?  clam works perfectly when installing using defaults
> and only a couple of file edits if you want to install clam in an
> alternate location.
>
> greyhair.


Hello,

It is my experience that clamdscan is less load-intensive on the servers
I manage.  I will look at installing the perl interfaces necessary to
have MailScanner use clamav without the wrapper.

Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From cconn at ABACOM.COM  Fri Aug  6 15:28:59 2004
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.422.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
greyhair wrote:

> Chris,
>
>   Please forgive if I'm incorrect, but I think most us either the
> Perl interface to clamav (Mail::Clamav???) or the command line
> interface (clamscan) due to the fact that the daemon had a larger
> overhead when scanning files.  I think this overhead was expressed
> in both time per file and resources.
>
>   Therefore my guess would be that the answer to your clamdscan
> question would be no.
>
>   Is there a reason you would not like to use the Perl or command
> line wrapper?  clam works perfectly when installing using defaults
> and only a couple of file edits if you want to install clam in an
> alternate location.
>
> greyhair.

Hello,

This is what I get now:

  ClamAVModule::ERROR:: RAR module failure:: ./i76EOX2r026872/eicar.rar

I have the patched SweepViruses.pm.

There seem to be no more surrounding messages.  To scan RAR with
MailScanner, do you enable "ScanRAR" in clamav.conf, as I have also
installed unrar 3.30 and it does unrar the file properly.

Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From marcel at IRC-ADDICTS.DE  Fri Aug  6 15:40:11 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:29 2006
Subject: AW: Error with RAR-Files
Message-ID: <mailman.423.1137101189.24926.mailscanner@lists.mailscanner.info>

Hi there,

ok..my report:

First i updated on my SuSE8.1-System to the brand new MS-Version.

Then i patched the SweepVirus.pm-File with the patch, delivered by Julian.

Then i tried to restart the MS with my sendmail

Did not work, due to the fact, that there was no pid-File under /var/run.

I created that PID-File with touch.

Then i tried to restart again.

Now this is what happened.

Sendmail started without any problem.

MS did not start.. :(

It only started after i sended an email to my account. Due to this fact, i
do not know, if it took this long :(

The last Version started without any problems :(

Ok..but it started..

then i tried the rar-file again from heise..

the same problem..

no scanning :(

or should i activate within clam.conf the scanning of rar-files?

i am using unrar for this problem..usually..

and in the past everything worked fine :(

Sorry for this news

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dpowell at LSSI.NET  Fri Aug  6 16:18:59 2004
From: dpowell at LSSI.NET (Darrin)
Date: Thu Jan 12 21:26:29 2006
Subject: Spamassassin timed out and was killed
Message-ID: <mailman.424.1137101189.24926.mailscanner@lists.mailscanner.info>

Do you have large rulesets ? BigEvil ?
yes, I just put in BigEvil and Anti-drug

Do you have local caching DNS servers.
yes

Do you rsync RBL zones locally for fast lookups ?
No, Is there a how to available for this?


Thanks
Darrin



On Fri, 2004-07-30 at 17:11, Raymond Dijkxhoorn wrote:
> Hi!
>
> > I see a large number of these messages in my server's log files. My
> > server shows available memory and no significant swapping is going on.
> > Has anyone else experienced this?
>
> Do you have large rulesets ? BigEvil ?
> Do you have local caching DNS servers.
> Do you rsync RBL zones locally for fast lookups ?
>
> Bye,
> Raymond.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Darrin Powell
LSSi Corp
(919) 466-6803
www.lssi.net/~dpowell

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mkettler at EVI-INC.COM  Fri Aug  6 16:58:26 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:29 2006
Subject: SURBL installation
Message-ID: <mailman.425.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 05:26 PM 8/5/2004, Peter Bonivart wrote:
>3. In the list of files to remove you mention antidrug.cf. I don't think
>that is included in SURBL. Matt Kettler explained to me that it can't be
>either since it's using such complex RE that the zone file would be huge.

This is correct, antidrug is not included in surbl. It *is* however
included in SA 3.0, so anyone upgrading to SA 3.0 should drop use of antidrug.


And actually, the biggest problem isn't the zone file size, it's that it's
a completely inappropriate technology to start with.

It's like suggesting using Bind as your MTA, or using a Ford F150 as a
calculator. It doesn't even begin to make practical sense.

Sure, you can do addition using a F150 by putting rocks in the bed and then
counting them all.. but that's so inefficient as to be absurd and you'd
think an accountant actually doing it that way was completely mad.

SURBL is a website URL blacklist based on DNS queries. Antidrug has nothing
to do with websites at all, it's body-text based. Complete apples and
oranges universes.

Yes, antidrug would be a couple-hundred terrabytes if converted to a flat
zonefile, but there are worse problems ahead of you even if you did convert it.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Aug  6 17:15:22 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:29 2006
Subject: Spamassassin timed out and was killed
Message-ID: <mailman.426.1137101189.24926.mailscanner@lists.mailscanner.info>

> Do you have large rulesets ? BigEvil ?
> yes, I just put in BigEvil and Anti-drug
BigEvil has been superceded by SURBL. If you remove it you should be fine.

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Fri Aug  6 19:15:49 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:29 2006
Subject: Spamassassin timed out and was killed
Message-ID: <mailman.427.1137101189.24926.mailscanner@lists.mailscanner.info>

hi!

> Do you have large rulesets ? BigEvil ?
> yes, I just put in BigEvil and Anti-drug

So move those over to SURBL (www.surbl.org)

> Do you have local caching DNS servers.
> yes
>
> Do you rsync RBL zones locally for fast lookups ?
> No, Is there a how to available for this?

Allmost every RBL has a how to, on the SURBL page there are some links to
that also.

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From svigano at BOOTHCREEK.COM  Fri Aug  6 19:34:04 2004
From: svigano at BOOTHCREEK.COM (Steffan Vigano)
Date: Thu Jan 12 21:26:29 2006
Subject: .esp files and script blocking
Message-ID: <mailman.428.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
So we have some graphic designers in house that use .eps files a lot. I
have MailScanner set to allow .eps filenames via "filename.rules.conf",
but with Scripts being blocked in general.  Mailscanner still blocks
them saying:

   "Report: MailScanner: No Scripting allowed (test.eps)"

Shouldn't a specifically allowed filename trump a global script
denial?   I'd hate to have to add these users to the specific
"scripts.rules" and have them bypass all other script checks.  Where
else could look?

Thanks

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From peter at UCGBOOK.COM  Fri Aug  6 21:06:18 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:29 2006
Subject: .esp files and script blocking
Message-ID: <mailman.429.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steffan Vigano wrote:
> So we have some graphic designers in house that use .eps files a lot. I
> have MailScanner set to allow .eps filenames via "filename.rules.conf",
> but with Scripts being blocked in general.  Mailscanner still blocks
> them saying:
>
>   "Report: MailScanner: No Scripting allowed (test.eps)"
>
> Shouldn't a specifically allowed filename trump a global script
> denial?   I'd hate to have to add these users to the specific
> "scripts.rules" and have them bypass all other script checks.  Where
> else could look?

The attachments will be blocked if they are denied in either
filename.rules.conf or filetype.rules.conf. You allow the file name but
deny the file type so there you go. Either you will have to allow
scripts (it is the default) or you will have to use a ruleset for file
types.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dan.farmer at PHONEDIR.COM  Fri Aug  6 22:03:59 2004
From: dan.farmer at PHONEDIR.COM (Dan Farmer)
Date: Thu Jan 12 21:26:29 2006
Subject: .esp files and script blocking
Message-ID: <mailman.430.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Aug 6, 2004, at 2:06 PM, Peter Bonivart wrote:

> The attachments will be blocked if they are denied in either
> filename.rules.conf or filetype.rules.conf. You allow the file name but
> deny the file type so there you go. Either you will have to allow
> scripts (it is the default) or you will have to use a ruleset for file
> types.

I think a better question is why is an eps file (encapsulated
postscript) considered a script - I'd propose that it might be
misclassified. Yes, the word script is in the name, but postscript is a
programming language for describing a printed page, which can be
rendered to either a postscript printer, or a screen if you have
ghostscript or another software postscript renderer installed - in my
eyes its file type should be classified as an image like gif, jpg, or
pdf (which grew from postscript).

Maybe I'm forgetting something important about postscript, but I don't
think I've ever heard of a postscript virus, trojan, exploit, etc. How
could this possibly be considered dangerous content when compared to
real scripting languages like shell, perl, javascript, applescript etc.

I see that scripts are allowed by default which is why I've never seen
the issue, but should I ever need to block scripts, I won't be able to
as we can't block digital art submissions from clients...

dan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From peter at UCGBOOK.COM  Fri Aug  6 22:41:17 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:29 2006
Subject: .esp files and script blocking
Message-ID: <mailman.431.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dan Farmer wrote:
> I think a better question is why is an eps file (encapsulated
> postscript) considered a script - I'd propose that it might be
> misclassified. Yes, the word script is in the name, but postscript is a
> programming language for describing a printed page, which can be
> rendered to either a postscript printer, or a screen if you have
> ghostscript or another software postscript renderer installed - in my
> eyes its file type should be classified as an image like gif, jpg, or
> pdf (which grew from postscript).

You answered that one yourself, it is a script.

> Maybe I'm forgetting something important about postscript, but I don't
> think I've ever heard of a postscript virus, trojan, exploit, etc. How
> could this possibly be considered dangerous content when compared to
> real scripting languages like shell, perl, javascript, applescript etc.

MS uses the unix file command which in turn uses the magic file to
determine the type of file. It identifies files with no regard to
whether they are dangerous or not. The classification has nothing to do
with MS at all, it's just a way of unix knowing file content without
using file suffixes like lesser OS:es. Maybe you could look at "man
magic" to find out how to make a unique signature for postscript files.

I don't see any reason to block scripts as file types though.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at BARENDSE.TO  Sat Aug  7 06:18:21 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:29 2006
Subject: Feature request : postmaster reports to report the senders domain
Message-ID: <mailman.432.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have a feature request for the messages send to postmaster.

I'm always having a hard time trying to figure out exactly which domain or
hostname I need to whitelist to allow scripts, tags and whatever,
especially with some mailings where the mail passes through several
domains.

I think it would be nifty if the report for the postmaster would not only
include the report but also a line like:

Domain to whitelist if content is to be allowed : smptx.mailserver.foo.org

:)

Remco

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From cwr at EON.NET.AU  Sat Aug  7 13:19:31 2004
From: cwr at EON.NET.AU (cwr)
Date: Thu Jan 12 21:26:30 2006
Subject: sendmail+mailscanner (under debian) issue
Message-ID: <mailman.433.1137101189.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I've been trying to figure this out for the past 
day or so, hopefully someone here can help.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I've installed sendmail+mailscanner on debian, all 
using apt-get</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Sendmail has been tried in two modes, nullclient 
&amp; normal. Both times, mailscanner doesn't seem to be processing anything in 
the queues. I've followed the config stuff for sendmail &amp; mailscanner on 
this page: <A 
href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/other.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/other.shtml</A>&nbsp;and 
still no go. Every time i set it up, it just doesn't seem to process the queue. 
I've set my incoming queue dir to /var/spool/mqueue.in and outgoing queue dir to 
/var/spool/mqueue</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Running the latest ver of debian (sarge). From my 
mail.log file;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Aug&nbsp; 8 03:56:43 localhost sm-mta[22796]: 
i77JuJxt022796: from=&lt;<A 
href="mailto:test@domain.com">test@domain.com</A>&gt;, size=6, class=0, 
nrcpts=1, msgid=&lt;<A 
href="mailto:200408071956.i77JuJxt022796@localhost.localdomain">200408071956.i77JuJxt022796@localhost.localdomain</A>&gt;, 
proto=SMTP, daemon=MTA, relay=linux-1.smartsoftware.com.au 
[10.1.1.251]<BR>Aug&nbsp; 8 03:56:43 localhost sm-mta[22796]: i77JuJxt022796: 
to=brian<A href="mailto:to=brian@domain.com.au">@domain.com.au</A>, 
delay=00:00:05, mailer=relay, pri=30006, stat=queued</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>and then;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>punisher:/var/spool/mqueue.in# ls -al<BR>total 
16<BR>drwxrwxrwx&nbsp; 2 mail mail&nbsp; 4096 Aug&nbsp; 8 03:56 
.<BR>drwxr-xr-x&nbsp; 9 root root&nbsp; 4096 Aug&nbsp; 8 03:49 
..<BR>-rw-r-----&nbsp; 1 root smmsp&nbsp;&nbsp;&nbsp; 6 Aug&nbsp; 8 03:56 
dfi77JuJxt022796<BR>-rw-r-----&nbsp; 1 root smmsp&nbsp; 643 Aug&nbsp; 8 03:56 
qfi77JuJxt022796<BR>punisher:/var/spool/mqueue.in# </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I can leave it there forever, and its not 
processing anything</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Any help would be 
appreciated</FONT></DIV></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From cwr at EON.NET.AU  Sat Aug  7 13:32:50 2004
From: cwr at EON.NET.AU (cwr)
Date: Thu Jan 12 21:26:30 2006
Subject: sendmail+mailscanner (under debian) issue
Message-ID: <mailman.434.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Ah</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Solved my own issue</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Disregard this!</FONT></DIV>
<BLOCKQUOTE 
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A title=cwr@EON.NET.AU href="mailto:cwr@EON.NET.AU">cwr</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A title=MAILSCANNER@JISCMAIL.AC.UK 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, August 07, 2004 8:19 
  PM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> sendmail+mailscanner (under 
  debian) issue</DIV>
  <DIV><BR></DIV>
  <DIV><FONT face=Arial size=2>Hi</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I've been trying to figure this out for the past 
  day or so, hopefully someone here can help.</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I've installed sendmail+mailscanner on debian, 
  all using apt-get</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Sendmail has been tried in two modes, nullclient 
  &amp; normal. Both times, mailscanner doesn't seem to be processing anything 
  in the queues. I've followed the config stuff for sendmail &amp; mailscanner 
  on this page: <A 
  href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/other.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/other.shtml</A>&nbsp;and 
  still no go. Every time i set it up, it just doesn't seem to process the 
  queue. I've set my incoming queue dir to /var/spool/mqueue.in and outgoing 
  queue dir to /var/spool/mqueue</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Running the latest ver of debian (sarge). From my 
  mail.log file;</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Aug&nbsp; 8 03:56:43 localhost sm-mta[22796]: 
  i77JuJxt022796: from=&lt;<A 
  href="mailto:test@domain.com">test@domain.com</A>&gt;, size=6, class=0, 
  nrcpts=1, msgid=&lt;<A 
  href="mailto:200408071956.i77JuJxt022796@localhost.localdomain">200408071956.i77JuJxt022796@localhost.localdomain</A>&gt;, 
  proto=SMTP, daemon=MTA, relay=linux-1.smartsoftware.com.au 
  [10.1.1.251]<BR>Aug&nbsp; 8 03:56:43 localhost sm-mta[22796]: i77JuJxt022796: 
  to=brian<A href="mailto:to=brian@domain.com.au">@domain.com.au</A>, 
  delay=00:00:05, mailer=relay, pri=30006, stat=queued</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>and then;</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>punisher:/var/spool/mqueue.in# ls -al<BR>total 
  16<BR>drwxrwxrwx&nbsp; 2 mail mail&nbsp; 4096 Aug&nbsp; 8 03:56 
  .<BR>drwxr-xr-x&nbsp; 9 root root&nbsp; 4096 Aug&nbsp; 8 03:49 
  ..<BR>-rw-r-----&nbsp; 1 root smmsp&nbsp;&nbsp;&nbsp; 6 Aug&nbsp; 8 03:56 
  dfi77JuJxt022796<BR>-rw-r-----&nbsp; 1 root smmsp&nbsp; 643 Aug&nbsp; 8 03:56 
  qfi77JuJxt022796<BR>punisher:/var/spool/mqueue.in# </FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I can leave it there forever, and its not 
  processing anything</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Any help would be 
  appreciated</FONT></DIV>-------------------------- MailScanner list 
  ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From harryh at CET.COM  Sat Aug  7 20:25:08 2004
From: harryh at CET.COM (Harry Hanson)
Date: Thu Jan 12 21:26:30 2006
Subject: Exempt certain users from file blocking
Message-ID: <mailman.435.1137101190.24926.mailscanner@lists.mailscanner.info>

There's an example in the FAQ-O-Matic, however I'm a bit unsure of the
proper syntax.

>You need a filename.rules.conf file that allows everything, and a
filetype.rules.conf that allows everything.
>So let's make /etc/MailScanner/filename.allow.all.conf and
/etc/MailScanner/filetype.allow.all.conf Make them both
>contain a single rule allow . - - (remember to separate with tabs and not
spaces).

So, the rule should read:

allow   .       -       -

Correct?

>Then set in MailScanner.conf Filename Rules =
/etc/MailScanner/rules/filename.rules Filetype Rules =
>/etc/MailScanner/rules/filetype.rules

So remove/comment out the default:

Filename Rules = %etc-dir%/filename.rules.conf

>From MailScanner.conf?

>Then in /etc/MailScanner/rules/filename.rules we put To:
awkward@customer.com /etc/MailScanner/filename.allow.all.conf
>FromOrTo: default /etc/MailScanner/filename.rules.conf

So filetype.rules should be 1 line?:

To: awkward@customer.com /etc/MailScanner/filename.allow.all.conf FromOrTo:
default /etc/MailScanner/filename.rules.conf

Or 2?:

>To: awkward@customer.com /etc/MailScanner/filetype.allow.all.conf
>FromOrTo: default /etc/MailScanner/filetype.rules.conf
>
>And in /etc/MailScanner/rules/filetype.rules we put To:
awkward@customer.com /etc/MailScanner/filetype.allow.all.conf
>FromOrTo: default /etc/MailScanner/filetype.rules.conf
>
>What happens is this: mail to the awkward customer ends up with the
"allow.all" filename and filetype rules. Everyone
>else ends up with the normal filename.rules.conf and filetype.rules.conf
files.

Also, spam filtering would require separate rules, correct?



> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart
> Sent: Wednesday, July 07, 2004 2:04 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exempt certain users from file blocking
>
> Rob wrote:
> > I have some users who need to receive exe files and such. Since I
> > don't want to open up exe files to everyone, is it possible to have
> > these certain users exempt from File blocking?
>
> Make a copy of your filename.rules.conf and
> filetype.rules.conf files and modify them to allow exe files.
> Then you make two rulesets which points your "special" users
> to the modified files and the default to the normal files.
> Edit MailScanner.conf to point at the rulesets instead of at
> the normal files directly. It's easy with the flexibility of
> rulesets. Read EXAMPLES and README in the rules directory for
> more help.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner
> 4.31.6, SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.73 + GMP
> 4.1.2, Vispan 1.4
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>


---
[This E-mail scanned for viruses]

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Sun Aug  8 07:51:11 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:30 2006
Subject: SURBL installation
Message-ID: <mailman.436.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:

> 4. I edited your cf-file to use the bitmask-combined multi-list instead
> since that's makes more efficient use of net resources. Less lookups,
> better cache hit rate. You may want to change the included file since
> SpamCopURI supports bitmasked results as of version 0.20.

Peter

I have just moved to the bit masked list but I can't find any .cf file
examples to check my syntax. I am getting hits but I'm not convinced for
any combined results (e.g. a return of 127.0.0.6 being a 'hit' on 2
lists). Is there any chance you could give some examples of what the
surbl_url.cf should look like for the multi-list (like do I have to list
the multiple options also or will SpamCopURI do that for me?)

Thanks

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From peter at UCGBOOK.COM  Sun Aug  8 09:34:03 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:30 2006
Subject: SURBL installation
Message-ID: <mailman.437.1137101190.24926.mailscanner@lists.mailscanner.info>

Drew Marshall wrote:
> I have just moved to the bit masked list but I can't find any .cf file
> examples to check my syntax. I am getting hits but I'm not convinced for
> any combined results (e.g. a return of 127.0.0.6 being a 'hit' on 2
> lists). Is there any chance you could give some examples of what the
> surbl_url.cf should look like for the multi-list (like do I have to list
> the multiple options also or will SpamCopURI do that for me?)

Here's the whole file I use. Note that I use SpamCopURI 0.20 with the
127.0.0.0/X syntax, with 0.21+ you should move to 127.0.0.0+X even
though both will work for some time.

Think of it as binary, every 1 is a match so 6 is a match for list 2 and
4. You don't have to do anything special, SpamCopURI will decode it for
you. These are my hits so far:

AB_URI_RBL|5093
OB_URI_RBL|7417
PH_URI_RBL|15
SC_URI_RBL|5613
WS_URI_RBL|9077

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2: "Attached Text" ]

# please see www.surbl.org for more information

# ab.surbl.org (AbuseButler)

uri       AB_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/32')
describe  AB_URI_RBL  URI's domain appears in ab.surbl.org
tflags    AB_URI_RBL  net
score     AB_URI_RBL  4.0

# ob.surbl.org (OutBlaze)

uri       OB_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/16')
describe  OB_URI_RBL  URI's domain appears in ob.surbl.org
tflags    OB_URI_RBL  net
score     OB_URI_RBL  4.0

# ph.surbl.org (Phishing)

uri       PH_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/8')
describe  PH_URI_RBL  URI's domain appears in ph.surbl.org
tflags    PH_URI_RBL  net
score     PH_URI_RBL  4.0

# sc.surbl.org (SpamCop)

uri       SC_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/2')
describe  SC_URI_RBL  URI's domain appears in spamcop database at sc.surbl.org
tflags    SC_URI_RBL  net
score     SC_URI_RBL  4.0

# ws.surbl.org (BigEvil, MidEvil, Blacklist, ...)

uri       WS_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/4')
describe  WS_URI_RBL  URI's domain appears in sa-blacklist
tflags    WS_URI_RBL  net
score     WS_URI_RBL  4.0

# open redirect resolution off by default
# spamcop_uri_resolve_open_redirects 1

open_redirect_list_spamcop_uri   snurl.com              *.snurl.com
open_redirect_list_spamcop_uri   snipurl.com            *.snipurl.com
open_redirect_list_spamcop_uri   tinyclick.com          *.tinyclick.com
open_redirect_list_spamcop_uri   babyurl.com            *.babyurl.com
open_redirect_list_spamcop_uri   lin.kz                 *.lin.kz
open_redirect_list_spamcop_uri   *.v3.net
open_redirect_list_spamcop_uri   shorl.com              *.shorl.com
open_redirect_list_spamcop_uri   tinyurl.com            *.tinyurl.com
open_redirect_list_spamcop_uri   xurl.us

# whitelist_spamcop_uri   *.yahoo.com
# blacklist_spamcop_uri   *medz4cheap.com

# limits number of URL's checked
spamcop_uri_limit 20

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From idan at SECURENET.CO.IL  Sun Aug  8 13:57:29 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:30 2006
Subject: High Score bounce in mailscanner-4.30.3-2
Message-ID: <mailman.438.1137101190.24926.mailscanner@lists.mailscanner.info>

Yes I know, and I agree with you! But I can't do nothing.
I will try to forward your email to the CTO there.

Thanks a lot.

And if maybe you will have a solution for high spam bounce I would be
very happy.

Thanks a lot 


-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Thursday, August 05, 2004 11:45 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: High Score bounce in mailscanner-4.30.3-2

On Thu, 2004-08-05 at 22:38, Idan Plotnik wrote:
> I told you, because this is the customer organization policy.

Dumb and dangerous policy. Let me know who it is offlist so that I can
blacklist them entirely :)

>
> BTW, I made an upgrade to MailScanner 4-32-5.1 and I can't configure
> this feather either :(
> Please help me if you can.
What's wrong with it?
It's doing what it's meant to do except bounce spam which Julian has
already told you is not possible.

>
> Look at this...
>
> Aug  6 00:35:25 localhost MailScanner[24675]: Message i75LZLh7024691
> from 192.117.173.1 (idan@securenet.co.il) to rcip.co.il is spam,
> SpamAssassin (score=16.979, required 6, autolearn=spam, BE_BOSS 0.89,
> BigEvilList_50 3.00, BigEvilList_96 3.00, CLICK_BELOW_CAPS 0.57,
> HTML_70_80 0.10, HTML_FONTCOLOR_UNKNOWN 0.10, HTML_LINK_CLICK_CAPS
0.50,
> HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, HTML_WEB_BUGS 0.59,
> MY_DIMENSION_GIF 0.86, MY_SHRT_IMG 0.85, PORN_4 1.30, PRIORITY_NO_NAME
> 0.83, REMOVE_PAGE 0.82, SARE_ADLTSUB2 1.67, WORK_AT_HOME 1.28,
> X_PRIORITY_HIGH 0.52)
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks: Found 1
spam
> messages
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Actions: message
> i75LZLh7024691 actions are bounce
> Aug  6 00:35:26 localhost MailScanner[24675]: Will not bounce
> high-scoring spam
> Aug  6 00:35:26 localhost MailScanner[24675]: Spam Checks completed at
> 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus and Content
> Scanning: Starting
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus Scanning completed
> at 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Virus Processing
completed
> at 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Disinfection completed
at
> 19259 bytes per second
> Aug  6 00:35:26 localhost MailScanner[24675]: Batch completed at 9629
> bytes per second (19259 / 2)
>
> Thanks
>
>
>
> -----Original Message-----
> From: Michele Neylon : Blacknight Solutions
> [mailto:michele@BLACKNIGHTSOLUTIONS.COM]
> Sent: Thursday, August 05, 2004 10:34 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: High Score bounce in mailscanner-4.30.3-2
>
> On Thu, 2004-08-05 at 20:29, Idan Plotnik wrote:
> > Hello Michele,
> >
> > This is the policy of the customer organization.
> > There are 2 options:
> > 1. Roll back to MailScanner-4.25 (I don't want to but the customer
> > insist)
> > 2. Manage this feather to work.
>
> Why can't you simply delete the spam?
>
> --
> Mr. Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> +353 59 913 7101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From debbie at DCWEBSERV.COM  Sun Aug  8 14:13:14 2004
From: debbie at DCWEBSERV.COM (Debbie Odle)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.439.1137101190.24926.mailscanner@lists.mailscanner.info>

I have been trying to install MailScanner version 4.32.5-1 on RedHat 9.0.
I used the RedHat rpm for install.  Problem is, when I stop sendmail, then
start MailScanner, I get this is my mail log:
Aug  8 07:08:55 jamesbond MailScanner[10479]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug  8 07:08:55 jamesbond MailScanner[10479]: Using locktype = flock
Aug  8 07:09:05 jamesbond MailScanner[10484]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug  8 07:09:05 jamesbond MailScanner[10484]: Using locktype = flock
Aug  8 07:09:15 jamesbond MailScanner[10485]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug  8 07:09:15 jamesbond MailScanner[10485]: Using locktype = flock
Aug  8 07:09:25 jamesbond MailScanner[10495]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug  8 07:09:25 jamesbond MailScanner[10495]: Using locktype = flock
Aug  8 07:09:35 jamesbond MailScanner[10507]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug  8 07:09:35 jamesbond MailScanner[10507]: Using locktype = flock

...then nothing.  No mail gets processed beyond that.  When I stop
MailScanner and then start sendmail back up, everything is fine.  What
could be wrong?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From debbie at DCWEBSERV.COM  Sun Aug  8 15:47:07 2004
From: debbie at DCWEBSERV.COM (Debbie Odle)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.440.1137101190.24926.mailscanner@lists.mailscanner.info>

OK...I guess you can disregard this posting...
It did finally start processing the mail, although it was a full 7 minutes
before it did start.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mike at CAMAROSS.NET  Sun Aug  8 17:13:58 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.441.1137101190.24926.mailscanner@lists.mailscanner.info>

During that 7 minutes, do you see anything else in your logs?  What are the
hardware specs on your MS machine?

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Debbie Odle
> Sent: Sunday, August 08, 2004 9:47 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner will not process mail
>
> OK...I guess you can disregard this posting...
> It did finally start processing the mail, although it was a
> full 7 minutes before it did start.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris at FRACTALWEB.COM  Sun Aug  8 17:29:08 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:30 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.442.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raymond Dijkxhoorn wrote:

>Look at the size of BigEvil, its no surprise you experience trouble i
>think. Convert those to SURBL (www.surbl.org) and you will see a drop in
>CPU for sure.
>
>
Hi Raymond,

Well, what a difference the surbl makes to my system! I have gotten rid
of all the custom rulesets (I had several) and have implemented surbl
fully. Thank you for your suggestion.

The server processes about 100k messages a month. It's the weekend, and
this mail server is mainly for corporate clients but the load average is
a healthy 0.98 now. Much better than the 3.5 it was averaging with
Bigevil and friends. We'll see what this week brings.

Cheers,
Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From debbie at DCWEBSERV.COM  Sun Aug  8 18:24:45 2004
From: debbie at DCWEBSERV.COM (Debbie Odle)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.443.1137101190.24926.mailscanner@lists.mailscanner.info>

No, I don't see anything really in any of the other logs.  During the
time that MailScanner was starting up, the following is from the
messages log:
Aug  8 10:28:14 jamesbond sendmail: sendmail shutdown succeeded
Aug  8 10:28:14 jamesbond sendmail: sm-client shutdown failed
Aug  8 10:29:20 jamesbond MailScanner:  succeeded
Aug  8 10:49:27 jamesbond last message repeated 3 times
Aug  8 10:49:46 jamesbond last message repeated 8 times

I did check in /var/run before I started MailScanner to make sure there
was no pid file in there for the sm-client and checked the status of
sendmail as well.  All was fine.

I'm not sure what you are looking for as far as "hardware specs"...We
are on a Linux box running RedHat 9, sendmail version is 8.12.8,
MailScanner version is 4.32.5-1, I have also loaded ClamAV 0.75.1.

Everything does seem to be running OK now, though.


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mike Kercher
> Sent: Sunday, August 08, 2004 12:14 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner will not process mail
>
> During that 7 minutes, do you see anything else in your logs?  What
are
> the
> hardware specs on your MS machine?
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Debbie Odle
> > Sent: Sunday, August 08, 2004 9:47 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: MailScanner will not process mail
> >
> > OK...I guess you can disregard this posting...
> > It did finally start processing the mail, although it was a
> > full 7 minutes before it did start.
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BULLETWEB.NET  Sun Aug  8 19:15:23 2004
From: mailscanner at BULLETWEB.NET (David Scott)
Date: Thu Jan 12 21:26:30 2006
Subject: Blacklist Error
Message-ID: <mailman.444.1137101190.24926.mailscanner@lists.mailscanner.info>

I had an error in my spam blacklist for several days before I saw it in my
mail log. Now that I have corrected the error, there is a lot of
undelivered/unprocessed email in my incoming directory. How can I tell
MailScanner to process that mail and deliver it?

Thanks,
David Scott

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Sun Aug  8 19:29:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:30 2006
Subject: Feature request : postmaster reports to report the senders
    domain
Message-ID: <mailman.445.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:18 07/08/2004, you wrote:
>I have a feature request for the messages send to postmaster.
>
>I'm always having a hard time trying to figure out exactly which domain or
>hostname I need to whitelist to allow scripts, tags and whatever,
>especially with some mailings where the mail passes through several
>domains.
>
>I think it would be nifty if the report for the postmaster would not only
>include the report but also a line like:
>
>Domain to whitelist if content is to be allowed : smptx.mailserver.foo.org

  But that is just the Sender address, which I thought was already in the
postmaster notice anyway.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug  8 20:21:03 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.446.1137101190.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-08 at 17:29, Chris Yuzik wrote:
>  I have gotten rid
> of all the custom rulesets (I had several) and have implemented surbl
> fully.

SURBL does not replace all the custom rulesets.

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Mon Aug  9 01:35:12 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.447.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Debbie Odle wrote:
> No, I don't see anything really in any of the other logs.  During the
> time that MailScanner was starting up, the following is from the
> messages log:
> Aug  8 10:28:14 jamesbond sendmail: sendmail shutdown succeeded
> Aug  8 10:28:14 jamesbond sendmail: sm-client shutdown failed
> Aug  8 10:29:20 jamesbond MailScanner:  succeeded
> Aug  8 10:49:27 jamesbond last message repeated 3 times
> Aug  8 10:49:46 jamesbond last message repeated 8 times
>
> I did check in /var/run before I started MailScanner to make sure there
> was no pid file in there for the sm-client and checked the status of
> sendmail as well.  All was fine.
>
> I'm not sure what you are looking for as far as "hardware specs"...We
> are on a Linux box running RedHat 9, sendmail version is 8.12.8,
> MailScanner version is 4.32.5-1, I have also loaded ClamAV 0.75.1.
>

Hardware specs: >> Cpu RAM, HDD

MailScanner shouldn't be so slow to start, unless you are running it
with the default setting of 5 child process and you have 64 MB RAM and
it starts to swap.

> Everything does seem to be running OK now, though.
>
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From HahnR at SHB.IE  Mon Aug  9 11:02:05 2004
From: HahnR at SHB.IE (Ron Hahn (Senior Analyst))
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.448.1137101190.24926.mailscanner@lists.mailscanner.info>

Lads,

Just over three weeks ago, ebay (apparently) made some changes to their
"saved searches" emails.  This was done (conveniently) on a Saturday night
and I've been having complaints ever since.

I have been running the latest version of Mailscanner with the form
disabling turned on for quite some time now.  At first I thought this was
the problem.  Apparently not.

Does anyone on the list know what changed in the email content (maybe web
bug?) of these emails?

Or better yet, has someone written a rule to deal with the saved searches
pages so they aren't hacked up by mailscanner?

Thanks for the help,

Ron


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses , using the latest available virus signatures .


**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Mon Aug  9 11:29:07 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:30 2006
Subject: Installationproblems :(
Message-ID: <mailman.449.1137101190.24926.mailscanner@lists.mailscanner.info>

Hi there,

ok...

these are my problems after updating to the latest version:

Archive::Zip:

Said it would need perl in /usr/local/bin/..but there is a perl-version
available on this place.

MailScanner starting:

Mailscanner does not create the MailScanner.pid-File under /var/run/.
Mailscanner does not get started within 2 Minutes. But..if i do send an
mail, MailScanner does start, and writes the following errors:

Aug  9 12:25:44 marcel MailScanner[17821]: Could not open file
>/var/spool/MailScanner/incoming/17821/i79APhEk018135.header: No such file
or directory
Aug  9 12:25:44 marcel MailScanner[17821]: Cannot create + lock headers
file /var/spool/MailScanner/incoming/17821/i79APhEk018135.header,
Aug  9 12:25:44 marcel MailScanner[18136]: MailScanner E-Mail Virus
Scanner version 4.31.4 starting...
Aug  9 12:25:44 marcel MailScanner[18136]: Could not read file
/var/run/MailScanner.pid
Aug  9 12:25:44 marcel MailScanner[18136]: Error in line 118, file
"/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
Aug  9 12:25:46 marcel MailScanner[17788]: Could not open file
>/var/spool/MailScanner/incoming/17788/i79APhEk018135.header: No such file
or directory
Aug  9 12:25:46 marcel MailScanner[17788]: Cannot create + lock headers
file /var/spool/MailScanner/incoming/17788/i79APhEk018135.header,


The last stable Version did work without any Problems :( Just that the old
Version did not find any Viruses within RAR-Files.

But, the latest Version is not able to do the same..even after patching
the File sended by Julian :(

System is:

SuSE 8.1
Perl V. v5.8.4

Disc-Space should be enough..

i even tried to reinstall MailScanner.. :(

nothing for the better..

if Julian wants to, i could add him an user on this maschine and put him
within the sudoers..

Maybe he will find a thing ;)

Is there a way to download the last stable version and reinstall this one?

Greetings Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug  9 11:37:50 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.450.1137101190.24926.mailscanner@lists.mailscanner.info>

> Just over three weeks ago, ebay (apparently) made some
> changes to their "saved searches" emails.  This was done
> (conveniently) on a Saturday night and I've been having complaints
> ever since.
>
> I have been running the latest version of Mailscanner with
> the form disabling turned on for quite some time now.  At
> first I thought this was the problem.  Apparently not.
>
> Does anyone on the list know what changed in the email
> content (maybe web
> bug?) of these emails?
>
> Or better yet, has someone written a rule to deal with the
> saved searches pages so they aren't hacked up by mailscanner?
>
Ron

What kind of issues are you experiencing? I haven't seen the ebay thing, nor
do I have any interest in it, but if you could provide more detail as to the
issues I'm sure we could help

Michele

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From chris at FRACTALWEB.COM  Mon Aug  9 12:02:20 2004
From: chris at FRACTALWEB.COM (Chris Yuzik)
Date: Thu Jan 12 21:26:30 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.451.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon : Blacknight Solutions wrote:

>SURBL does not replace all the custom rulesets.
>
>
>
Dang. Alright, which ones should I use? What do you (and everyone)
recommend?

Cheers,
Chris

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From HahnR at SHB.IE  Mon Aug  9 12:13:54 2004
From: HahnR at SHB.IE (Ron Hahn (Senior Analyst))
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.452.1137101190.24926.mailscanner@lists.mailscanner.info>

Michele,

>From the mailscanner provided attachment:

At Mon Aug  9 07:07:34 2004 the content filters said:
   MailScanner: Found a script in HTML message

So I'm assuming that what I now need to do is write a rule that allows
scripts in a HTML message coming from ebay correct?

Thanks,

Ron

> -----Original Message-----
> From: Michele Neylon:: Blacknight Solutions
> [mailto:michele@BLACKNIGHTSOLUTIONS.COM]
> Sent: 09 August 2004 11:38
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Broken eBay savedsearches pages
>
>
> > Just over three weeks ago, ebay (apparently) made some
> > changes to their "saved searches" emails.  This was done
> > (conveniently) on a Saturday night and I've been having complaints
> > ever since.
> >
> > I have been running the latest version of Mailscanner with
> > the form disabling turned on for quite some time now.  At
> > first I thought this was the problem.  Apparently not.
> >
> > Does anyone on the list know what changed in the email
> > content (maybe web
> > bug?) of these emails?
> >
> > Or better yet, has someone written a rule to deal with the
> > saved searches pages so they aren't hacked up by mailscanner?
> >
> Ron
>
> What kind of issues are you experiencing? I haven't seen the
> ebay thing, nor
> do I have any interest in it, but if you could provide more
> detail as to the
> issues I'm sure we could help
>
> Michele
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses , using the latest available virus signatures .


**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug  9 12:19:29 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: higher load average since upgrading to latest version
Message-ID: <mailman.453.1137101190.24926.mailscanner@lists.mailscanner.info>

>>
> Dang. Alright, which ones should I use? What do you (and everyone)
> recommend?

I would recommend you look at each ruleset's criteria and base your decision
on that. Some people may recommend certain rules, but unless you know what
they are doing they can do more harm than good.



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From p.g.m.peters at utwente.nl  Mon Aug  9 12:52:48 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.454.1137101190.24926.mailscanner@lists.mailscanner.info>

On Mon, 9 Aug 2004 12:13:54 +0100, you wrote:

>>From the mailscanner provided attachment:
>
>At Mon Aug  9 07:07:34 2004 the content filters said:
>   MailScanner: Found a script in HTML message
>
>So I'm assuming that what I now need to do is write a rule that allows
>scripts in a HTML message coming from ebay correct?

But be sure the message comes from ebay and not just shows an ebay
address as the sender. There are to many phishers faking ebay login
forms.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug  9 13:04:46 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.455.1137101190.24926.mailscanner@lists.mailscanner.info>

>>
>> At Mon Aug  9 07:07:34 2004 the content filters said:
>>   MailScanner: Found a script in HTML message
>>
>> So I'm assuming that what I now need to do is write a rule that
>> allows scripts in a HTML message coming from ebay correct?

Yes, but it would be interesting to see what it is exactly. If you are
having issues with it you are definitely not alone, so maybe further
examination is merited it along with contacting ebay...
>
> But be sure the message comes from ebay and not just shows an
> ebay address as the sender. There are to many phishers faking ebay
> login forms.

That should show in the logs. There is also a rules_du_jour rule for this
afair



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From alex at nkpanama.com  Mon Aug  9 13:09:05 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:30 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.456.1137101190.24926.mailscanner@lists.mailscanner.info>

This message in particular "tripped" Norton Antivirus 2004 for Windows.
Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the antivirus pop
up and say it found something since I installed MS so many months ago.

I usually have to get rid of the "catch all double extensions" rule because
of clients who insist on being able to name their files whatever they want;
I guess this means I'll have to use rules to disallow "dot + three
characters + dot zip"...

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Remco Barendse
Sent: Monday, August 09, 2004 4:42 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: 'Empty' zip files?

Guess this is slightly off-topic but we are getting viruses with a zipfile
(in the form of usernamemydomainname.com.zip)

MailScanner traps these zip files because of filename rules. The strange
thing is however that MS is just reporting a filename problem and no
virus name. The zip file in /var/spool/MailScanner/quarantine has a file
size of 0 (that would explain why no virus was reported) but I think the
zip file may not be 0 size on every client.

When I look into the df/qf pair there is a considerable amount of
data in it that would be for the attachment.

Could there be something wrong with the mime decoder and would M$ Outlook
be able to decode it properly (which would potentially mean that we would
be vulnerable to the virus?

I will paste the top part of the df file here:

This is a multi-part message in MIME format.

------=_NextPart_000_0005_653AB3AB.01F72A06
Content-Type: text/plain;
         charset=us-ascii
Content-Transfer-Encoding: base64

RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BARENDSE.TO  Mon Aug  9 14:20:31 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:30 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.457.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I don't know really :)

I think it is MailScanner that converted the filename that came with the
email (user@domain.com.zip) to a 'normal' filename like userdomain.com.zip

What worries me more is that the e-mail does seem to have some sort of 
payload for the attachment but mailscanner apparently is unable to 
decode/scan it properly. This means that if my filename rules would not 
have stopped the mail, MailScanner would have considered the e-mail as 
harmless (empty zip file and zips are allowed) and would have delivered 
the message.

Not sure what is causing this behaviour, maybe the mime decoder is not 
able to decode the attachment properly which passes the 0 size 
attachment to MailScanner.

I still have the df/qf pair if anyone is interested :)



On Mon, 9 Aug 2004, Alex Neuman wrote:

> This message in particular "tripped" Norton Antivirus 2004 for Windows.
> Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the antivirus pop
> up and say it found something since I installed MS so many months ago.
>
> I usually have to get rid of the "catch all double extensions" rule because
> of clients who insist on being able to name their files whatever they want;
> I guess this means I'll have to use rules to disallow "dot + three
> characters + dot zip"...
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Remco Barendse
> Sent: Monday, August 09, 2004 4:42 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: 'Empty' zip files?
>
> Guess this is slightly off-topic but we are getting viruses with a zipfile
> (in the form of usernamemydomainname.com.zip)
>
> MailScanner traps these zip files because of filename rules. The strange
> thing is however that MS is just reporting a filename problem and no
> virus name. The zip file in /var/spool/MailScanner/quarantine has a file
> size of 0 (that would explain why no virus was reported) but I think the
> zip file may not be 0 size on every client.
>
> When I look into the df/qf pair there is a considerable amount of
> data in it that would be for the attachment.
>
> Could there be something wrong with the mime decoder and would M$ Outlook
> be able to decode it properly (which would potentially mean that we would
> be vulnerable to the virus?
>
> I will paste the top part of the df file here:
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0005_653AB3AB.01F72A06
> Content-Type: text/plain;
>         charset=us-ascii
> Content-Transfer-Encoding: base64
>
> RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
> c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
> cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
> bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
> IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
> a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
> cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
> NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
> cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
> Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
> b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
> eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
> bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
> amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jeramy.eling at BRITAX-PMG.COM  Mon Aug  9 14:52:51 2004
From: jeramy.eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.458.1137101190.24926.mailscanner@lists.mailscanner.info>

Hi All,

I am trying to get the make_mailhost_script to work so that we only accept
messages for delivery that are for valid users on our exchange server.

I have copied the file from the FAQ page but whenever I run it I get the
following error: -

: bad interpreter: No such file or directoryerl

Does anyone have any ideas how to solve this so I can get the script working?

Thanks in advance

Jez

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug  9 14:54:06 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: Broken eBay savedsearches pages
Message-ID: <mailman.459.1137101190.24926.mailscanner@lists.mailscanner.info>

>
> 1)  I have confirmed that these are real email messages sent
> from ebay.
> They are notification messages that ebay users use to have
> canned searches (with results) mailed to them.  I have
> checked the headers and they have indeed originated from ebay
> and not a phisher.. :)

Then applying a ruleset to the mails would be the best solution in the
short-term. The long-term solution is to stop idiots sending scripts in
email.
>
> 2)  This started 22 days ago (as verified from the logs).  No
> doubt it is some new tracking feature (gulp) but I've
> notified the users who use the feature that caveat emptor applies.

If you could find out exactly what they are including in the email it would
be helpful. I would urge you to contact eBay about this, as scripts in
emails are _Evil_

Michele





Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From debbie at DCWEBSERV.COM  Mon Aug  9 15:17:46 2004
From: debbie at DCWEBSERV.COM (Debbie Odle)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.460.1137101190.24926.mailscanner@lists.mailscanner.info>

How many child processes do you recommend instead of the default 5...I
am running with default settings.  I've been told that this server has
plenty of ram, & processor speed etc., so I don't believe this is a
hardware problem.

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ugo Bellavance
> Sent: Sunday, August 08, 2004 8:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner will not process mail
>
> Debbie Odle wrote:
> > No, I don't see anything really in any of the other logs.  During
the
> > time that MailScanner was starting up, the following is from the
> > messages log:
> > Aug  8 10:28:14 jamesbond sendmail: sendmail shutdown succeeded
> > Aug  8 10:28:14 jamesbond sendmail: sm-client shutdown failed
> > Aug  8 10:29:20 jamesbond MailScanner:  succeeded
> > Aug  8 10:49:27 jamesbond last message repeated 3 times
> > Aug  8 10:49:46 jamesbond last message repeated 8 times
> >
> > I did check in /var/run before I started MailScanner to make sure
there
> > was no pid file in there for the sm-client and checked the status of
> > sendmail as well.  All was fine.
> >
> > I'm not sure what you are looking for as far as "hardware
specs"...We
> > are on a Linux box running RedHat 9, sendmail version is 8.12.8,
> > MailScanner version is 4.32.5-1, I have also loaded ClamAV 0.75.1.
> >
>
> Hardware specs: >> Cpu RAM, HDD
>
> MailScanner shouldn't be so slow to start, unless you are running it
> with the default setting of 5 child process and you have 64 MB RAM and
> it starts to swap.
>
> > Everything does seem to be running OK now, though.
> >
> >
> >
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug  9 15:28:52 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.461.1137101190.24926.mailscanner@lists.mailscanner.info>

>
>> bad interpreter: No such file or directoryerl
>
> Does anyone have any ideas how to solve this so I can get the script
> working?
It sounds like a path related issue. The script is looking for something and
can't find it by the sounds of things. I presume the error message is longer
than that.


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jeramy.Eling at BRITAX-PMG.COM  Mon Aug  9 15:34:16 2004
From: Jeramy.Eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.462.1137101190.24926.mailscanner@lists.mailscanner.info>

Unfortunately not, that is the entire error message.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Michele Neylon :: Blacknight Solutions
Sent: 09 August 2004 15:29
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


>
>> bad interpreter: No such file or directoryerl
>
> Does anyone have any ideas how to solve this so I can get the script
> working?
It sounds like a path related issue. The script is looking for something and
can't find it by the sounds of things. I presume the error message is longer
than that.


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Mon Aug  9 15:40:27 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.463.1137101190.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeramy Eling
> Sent: Monday, August 09, 2004 10:34 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
> Unfortunately not, that is the entire error message.
>
>
> -----Original Message-----
>
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>
> Behalf Of Michele Neylon :: Blacknight Solutions
>
> Sent: 09 August 2004 15:29
>
> To: MAILSCANNER@JISCMAIL.AC.UK
>
> Subject: Re: Help with 'make_mailhost_script '
>
>
>
> >
>
> >> bad interpreter: No such file or directoryerl
>
> >
>
> > Does anyone have any ideas how to solve this so I can get the script
>
> > working?
>

The script probably can't find the perl binary.

Make sure the first line in the script - probably something like:

#! /usr/local/bin/perl

Points to the right place for your working copy of perl. Typically this is

#! /usr/bin/perl


Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> It sounds like a path related issue. The script is looking for something
> and
>
> can't find it by the sounds of things. I presume the error message is
> longer
>
> than that.
>
>
>
> Mr Michele Neylon
>
> Blacknight Internet Solutions Ltd
>
> http://www.blacknight.ie/
>
> Tel. +353 59 9137101
>
>
> -------------------------- MailScanner list ----------------------
>
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>
> Before posting, please see the Most Asked Questions at
>
> http://www.mailscanner.biz/maq/     and the archives at
>
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> -------------------------- MailScanner list ----------------------
>
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>
> Before posting, please see the Most Asked Questions at
>
> http://www.mailscanner.biz/maq/     and the archives at
>
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jeramy.Eling at BRITAX-PMG.COM  Mon Aug  9 15:48:26 2004
From: Jeramy.Eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.464.1137101190.24926.mailscanner@lists.mailscanner.info>

Having checked the first line it does point to the correct location for perl. Can anyone tell me what their first line looks like? For reference mine looks like this: -

#!/usr/bin/perl

Thanks

Jez

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Stephen Swaney
Sent: 09 August 2004 15:40
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeramy Eling
> Sent: Monday, August 09, 2004 10:34 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
> Unfortunately not, that is the entire error message.
>
>
> -----Original Message-----
>
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>
> Behalf Of Michele Neylon :: Blacknight Solutions
>
> Sent: 09 August 2004 15:29
>
> To: MAILSCANNER@JISCMAIL.AC.UK
>
> Subject: Re: Help with 'make_mailhost_script '
>
>
>
> >
>
> >> bad interpreter: No such file or directoryerl
>
> >
>
> > Does anyone have any ideas how to solve this so I can get the script
>
> > working?
>

The script probably can't find the perl binary.

Make sure the first line in the script - probably something like:

#! /usr/local/bin/perl

Points to the right place for your working copy of perl. Typically this is

#! /usr/bin/perl


Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> It sounds like a path related issue. The script is looking for something
> and
>
> can't find it by the sounds of things. I presume the error message is
> longer
>
> than that.
>
>
>
> Mr Michele Neylon
>
> Blacknight Internet Solutions Ltd
>
> http://www.blacknight.ie/
>
> Tel. +353 59 9137101
>
>
> -------------------------- MailScanner list ----------------------
>
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>
> Before posting, please see the Most Asked Questions at
>
> http://www.mailscanner.biz/maq/     and the archives at
>
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> -------------------------- MailScanner list ----------------------
>
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>
> Before posting, please see the Most Asked Questions at
>
> http://www.mailscanner.biz/maq/     and the archives at
>
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.swaney at FSL.COM  Mon Aug  9 15:52:24 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.465.1137101190.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeramy Eling
> Sent: Monday, August 09, 2004 10:48 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
> Having checked the first line it does point to the correct location for
> perl. Can anyone tell me what their first line looks like? For reference
> mine looks like this: -
>
>
> #!/usr/bin/perl
>

Information please.

What Operating system are you running? Where is perl? Does /usr/bin/perl
exist? Is it executable?

Try running:

        which perl

What does that output?

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jeramy.Eling at BRITAX-PMG.COM  Mon Aug  9 15:55:12 2004
From: Jeramy.Eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.466.1137101190.24926.mailscanner@lists.mailscanner.info>

O/S is Redhat 9.0
/usr/bin/perl does exist and is executable.

Output of which perl = /usr/bin/perl

Jez

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Stephen Swaney
Sent: 09 August 2004 15:52
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeramy Eling
> Sent: Monday, August 09, 2004 10:48 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
> Having checked the first line it does point to the correct location for
> perl. Can anyone tell me what their first line looks like? For reference
> mine looks like this: -
>
>
> #!/usr/bin/perl
>

Information please.

What Operating system are you running? Where is perl? Does /usr/bin/perl
exist? Is it executable?

Try running:

        which perl

What does that output?

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dwinkler at ALGORITHMICS.COM  Mon Aug  9 15:59:32 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.467.1137101190.24926.mailscanner@lists.mailscanner.info>

Try

vi -b <filename>

Does it have ^M at the end of the lines?

If it does type this and save

:g/^V^M/s///g

> -----Original Message-----
> From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]
> Sent: Monday, August 09, 2004 10:48 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
>
> Having checked the first line it does point to the correct
> location for perl. Can anyone tell me what their first line
> looks like? For reference mine looks like this: -
>
> #!/usr/bin/perl
>
> Thanks
>
> Jez
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Stephen Swaney
> Sent: 09 August 2004 15:40
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
>
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Jeramy Eling
> > Sent: Monday, August 09, 2004 10:34 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Help with 'make_mailhost_script '
> >
> > Unfortunately not, that is the entire error message.
> >
> >
> > -----Original Message-----
> >
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> >
> > Behalf Of Michele Neylon :: Blacknight Solutions
> >
> > Sent: 09 August 2004 15:29
> >
> > To: MAILSCANNER@JISCMAIL.AC.UK
> >
> > Subject: Re: Help with 'make_mailhost_script '
> >
> >
> >
> > >
> >
> > >> bad interpreter: No such file or directoryerl
> >
> > >
> >
> > > Does anyone have any ideas how to solve this so I can get
> the script
> >
> > > working?
> >
>
> The script probably can't find the perl binary.
>
> Make sure the first line in the script - probably something like:
>
> #! /usr/local/bin/perl
>
> Points to the right place for your working copy of perl.
> Typically this is
>
> #! /usr/bin/perl
>
>
> Steve
>
> Stephen Swaney
> President
> Fortress Systems Ltd.
> Steve.Swaney@FSL.com
>
> > It sounds like a path related issue. The script is looking
> for something
> > and
> >
> > can't find it by the sounds of things. I presume the error
> message is
> > longer
> >
> > than that.
> >
> >
> >
> > Mr Michele Neylon
> >
> > Blacknight Internet Solutions Ltd
> >
> > http://www.blacknight.ie/
> >
> > Tel. +353 59 9137101
> >
> >
> > -------------------------- MailScanner list ----------------------
> >
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >
> > Before posting, please see the Most Asked Questions at
> >
> > http://www.mailscanner.biz/maq/     and the archives at
> >
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> >
> > -------------------------- MailScanner list ----------------------
> >
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >
> > Before posting, please see the Most Asked Questions at
> >
> > http://www.mailscanner.biz/maq/     and the archives at
> >
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > Fortress Systems Ltd.
> > www.fsl.com
> >
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Mon Aug  9 16:04:14 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.468.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Debbie Odle wrote:

> How many child processes do you recommend instead of the default 5...I
> am running with default settings.  I've been told that this server has
> plenty of ram, & processor speed etc., so I don't believe this is a
> hardware problem.

Time to learn how to get the info yourself.

to know hom much ram (and stats about ram use), the command is called
"free".

You can get plenty of info about you cpu(s) in /proc/cpuinfo

If you have enough ram, leave it at 5 then.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From admin at LANNON.QC.CA  Mon Aug  9 16:06:35 2004
From: admin at LANNON.QC.CA (Real Melancon)
Date: Thu Jan 12 21:26:30 2006
Subject: SpamAssassin does not scan emails
Message-ID: <mailman.469.1137101190.24926.mailscanner@lists.mailscanner.info>

Hello List.

I'm new to this list and have a question that may already have
been answered.

I filter only some of our users with a rule file. And from time
to time I get spam that goes right through without being scanned
by SpamAssassin.

Header looks like this:

---
X-MailScanner-Information: Internet Expresso - MailScanner + Clamd
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck:
---

There is no spamassassin score ?

My rule file is like this (only lines for my account):
Filename: expresso_antispam.users.rules

To:     admin@expresso.qc.ca            yes
To:     admin@lannon.qc.ca              yes
To:     admin                           yes

Most of the time my e-mail addresse is in the CC: field of the
email header.


Any ideas ?

Thanks.

Real Melancon.

__________________________________________________
Internet Expresso (FSI-ISP Mont-Tremblant/Quebec/Canada)






* * * Courriel protégé par Internet Expresso AntiVirus (ClamAV) * * *

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Kevin.Spicer at BMRB.CO.UK  Mon Aug  9 16:13:37 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.470.1137101190.24926.mailscanner@lists.mailscanner.info>

If you cut and paste from windows into a terminal emulator session you may well have problems.  I've seen things pasted from windows before which look fine but just don't work.  You could try running the file through dos2unix that might help.

-----Original Message-----
From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]
Sent: 09 August 2004 15:55
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


O/S is Redhat 9.0
/usr/bin/perl does exist and is executable.

Output of which perl = /usr/bin/perl

Jez

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Stephen Swaney
Sent: 09 August 2004 15:52
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeramy Eling
> Sent: Monday, August 09, 2004 10:48 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Help with 'make_mailhost_script '
>
> Having checked the first line it does point to the correct location for
> perl. Can anyone tell me what their first line looks like? For reference
> mine looks like this: -
>
>
> #!/usr/bin/perl
>

Information please.

What Operating system are you running? Where is perl? Does /usr/bin/perl
exist? Is it executable?

Try running:

        which perl

What does that output?

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jeramy.Eling at BRITAX-PMG.COM  Mon Aug  9 16:19:52 2004
From: Jeramy.Eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.471.1137101190.24926.mailscanner@lists.mailscanner.info>

In order to create the file I copied from the web page and pasted it into a notepad document, saved it and then FTP'd onto the box, chmod'd the file and ran it. Does anyone have the file they could mail me over (offlist)to ensure that this is not this issue?

Many Thanks

Jeramy

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Spicer, Kevin
Sent: 09 August 2004 16:14
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


If you cut and paste from windows into a terminal emulator session you may well have problems.  I've seen things pasted from windows before which look fine but just don't work.  You could try running the file through dos2unix that might help.


-----Original Message-----

From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]

Sent: 09 August 2004 15:55

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



O/S is Redhat 9.0

/usr/bin/perl does exist and is executable.


Output of which perl = /usr/bin/perl


Jez


-----Original Message-----

From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On

Behalf Of Stephen Swaney

Sent: 09 August 2004 15:52

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



> -----Original Message-----

> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On

> Behalf Of Jeramy Eling

> Sent: Monday, August 09, 2004 10:48 AM

> To: MAILSCANNER@JISCMAIL.AC.UK

> Subject: Re: Help with 'make_mailhost_script '

>

> Having checked the first line it does point to the correct location for

> perl. Can anyone tell me what their first line looks like? For reference

> mine looks like this: -

>

>

> #!/usr/bin/perl

>


Information please.


What Operating system are you running? Where is perl? Does /usr/bin/perl

exist? Is it executable?


Try running:


        which perl


What does that output?


Steve


Stephen Swaney

President

Fortress Systems Ltd.

Steve.Swaney@FSL.com




--

This message has been scanned for viruses and

dangerous content by MailScanner, and is

believed to be clean.


Fortress Systems Ltd.

www.fsl.com


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Kevin.Spicer at BMRB.CO.UK  Mon Aug  9 16:29:01 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.472.1137101190.24926.mailscanner@lists.mailscanner.info>

Running it through dos2unix or using Dereks bit of vi wizardry should do the trick.  Unfortunately my broadband is down so I can't easily get the file off my MailScanner box to send you.

-----Original Message-----
From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]
Sent: 09 August 2004 16:20
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


In order to create the file I copied from the web page and pasted it into a notepad document, saved it and then FTP'd onto the box, chmod'd the file and ran it. Does anyone have the file they could mail me over (offlist)to ensure that this is not this issue?

Many Thanks

Jeramy

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Spicer, Kevin
Sent: 09 August 2004 16:14
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


If you cut and paste from windows into a terminal emulator session you may well have problems.  I've seen things pasted from windows before which look fine but just don't work.  You could try running the file through dos2unix that might help.


-----Original Message-----

From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]

Sent: 09 August 2004 15:55

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



O/S is Redhat 9.0

/usr/bin/perl does exist and is executable.


Output of which perl = /usr/bin/perl


Jez


-----Original Message-----

From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On

Behalf Of Stephen Swaney

Sent: 09 August 2004 15:52

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



> -----Original Message-----

> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On

> Behalf Of Jeramy Eling

> Sent: Monday, August 09, 2004 10:48 AM

> To: MAILSCANNER@JISCMAIL.AC.UK

> Subject: Re: Help with 'make_mailhost_script '

>

> Having checked the first line it does point to the correct location for

> perl. Can anyone tell me what their first line looks like? For reference

> mine looks like this: -

>

>

> #!/usr/bin/perl

>


Information please.


What Operating system are you running? Where is perl? Does /usr/bin/perl

exist? Is it executable?


Try running:


        which perl


What does that output?


Steve


Stephen Swaney

President

Fortress Systems Ltd.

Steve.Swaney@FSL.com




--

This message has been scanned for viruses and

dangerous content by MailScanner, and is

believed to be clean.


Fortress Systems Ltd.

www.fsl.com


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From debbie at DCWEBSERV.COM  Mon Aug  9 16:30:11 2004
From: debbie at DCWEBSERV.COM (Debbie Odle)
Date: Thu Jan 12 21:26:30 2006
Subject: MailScanner will not process mail
Message-ID: <mailman.473.1137101190.24926.mailscanner@lists.mailscanner.info>

Thank you for the lesson...as you have probably deduced, I'm a
self-taught operator and am grateful for the help.


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ugo Bellavance
> Sent: Monday, August 09, 2004 11:04 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner will not process mail
>
> Debbie Odle wrote:
>
> > How many child processes do you recommend instead of the default
5...I
> > am running with default settings.  I've been told that this server
has
> > plenty of ram, & processor speed etc., so I don't believe this is a
> > hardware problem.
>
> Time to learn how to get the info yourself.
>
> to know hom much ram (and stats about ram use), the command is called
> "free".
>
> You can get plenty of info about you cpu(s) in /proc/cpuinfo
>
> If you have enough ram, leave it at 5 then.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jeramy.Eling at BRITAX-PMG.COM  Mon Aug  9 16:37:15 2004
From: Jeramy.Eling at BRITAX-PMG.COM (Jeramy Eling)
Date: Thu Jan 12 21:26:30 2006
Subject: Help with 'make_mailhost_script '
Message-ID: <mailman.474.1137101190.24926.mailscanner@lists.mailscanner.info>

That got it, DOS2UNIX worked a treat.

Thanks to all for their help on this one.

Jez

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Spicer, Kevin
Sent: 09 August 2004 16:29
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Help with 'make_mailhost_script '


Running it through dos2unix or using Dereks bit of vi wizardry should do the trick.  Unfortunately my broadband is down so I can't easily get the file off my MailScanner box to send you.


-----Original Message-----

From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]

Sent: 09 August 2004 16:20

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



In order to create the file I copied from the web page and pasted it into a notepad document, saved it and then FTP'd onto the box, chmod'd the file and ran it. Does anyone have the file they could mail me over (offlist)to ensure that this is not this issue?


Many Thanks


Jeramy


-----Original Message-----

From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On

Behalf Of Spicer, Kevin

Sent: 09 August 2004 16:14

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: Re: Help with 'make_mailhost_script '



If you cut and paste from windows into a terminal emulator session you may well have problems.  I've seen things pasted from windows before which look fine but just don't work.  You could try running the file through dos2unix that might help.



-----Original Message-----


From: Jeramy Eling [mailto:Jeramy.Eling@BRITAX-PMG.COM]


Sent: 09 August 2004 15:55


To: MAILSCANNER@JISCMAIL.AC.UK


Subject: Re: Help with 'make_mailhost_script '




O/S is Redhat 9.0


/usr/bin/perl does exist and is executable.



Output of which perl = /usr/bin/perl



Jez



-----Original Message-----


From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On


Behalf Of Stephen Swaney


Sent: 09 August 2004 15:52


To: MAILSCANNER@JISCMAIL.AC.UK


Subject: Re: Help with 'make_mailhost_script '




> -----Original Message-----


> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On


> Behalf Of Jeramy Eling


> Sent: Monday, August 09, 2004 10:48 AM


> To: MAILSCANNER@JISCMAIL.AC.UK


> Subject: Re: Help with 'make_mailhost_script '


>


> Having checked the first line it does point to the correct location for


> perl. Can anyone tell me what their first line looks like? For reference


> mine looks like this: -


>


>


> #!/usr/bin/perl


>



Information please.



What Operating system are you running? Where is perl? Does /usr/bin/perl


exist? Is it executable?



Try running:



        which perl



What does that output?



Steve



Stephen Swaney


President


Fortress Systems Ltd.


Steve.Swaney@FSL.com





--


This message has been scanned for viruses and


dangerous content by MailScanner, and is


believed to be clean.



Fortress Systems Ltd.


www.fsl.com



-------------------------- MailScanner list ----------------------


To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk


Before posting, please see the Most Asked Questions at


http://www.mailscanner.biz/maq/     and the archives at


http://www.jiscmail.ac.uk/lists/mailscanner.html



-------------------------- MailScanner list ----------------------


To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk


Before posting, please see the Most Asked Questions at


http://www.mailscanner.biz/maq/     and the archives at


http://www.jiscmail.ac.uk/lists/mailscanner.html





BMRB International 

http://www.bmrb.co.uk

+44 (0)20 8566 5000

_________________________________________________________________

This message (and any attachment) is intended only for the 

recipient and may contain confidential and/or privileged 

material.  If you have received this in error, please contact the 

sender and delete this message immediately.  Disclosure, copying 

or other action taken in respect of this email or in 

reliance on it is prohibited.  BMRB International Limited 

accepts no liability in relation to any personal emails, or 

content of any email which does not directly relate to our 

business.


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html


-------------------------- MailScanner list ----------------------

To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

Before posting, please see the Most Asked Questions at

http://www.mailscanner.biz/maq/     and the archives at

http://www.jiscmail.ac.uk/lists/mailscanner.html




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at BULLETWEB.NET  Mon Aug  9 18:47:59 2004
From: mailscanner at BULLETWEB.NET (David Scott)
Date: Thu Jan 12 21:26:30 2006
Subject: Help Needed with Configuration Error
Message-ID: <mailman.475.1137101190.24926.mailscanner@lists.mailscanner.info>

I am getting this error with my FreeBSD server and can't stop it.

Config Error: Cannot match against destination IP address when resolving
configuration option  "spamblacklist"

I was using this in my spam.blacklist.rules:

FromOrTo: 210.21.90.48 yes

I tried changing to:

From: 210.21.90.48 yes

No change

#FromOrTo: 210.21.90.48 yes

No change

I even changed MailScanner.conf to this:

Is Definitely Spam = no
#Is Definitely Spam = %rules-dir%/spam.blacklist.rules

No change.

I'm stumped. What does the error refer to and how can I fix it?

Thanks,
David Scott

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From kevins at BMRB.CO.UK  Mon Aug  9 19:48:25 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:30 2006
Subject: Help Needed with Configuration Error
Message-ID: <mailman.476.1137101190.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-09 at 18:47, David Scott wrote:
> Config Error: Cannot match against destination IP address when resolving
> configuration option  "spamblacklist"
> I'm stumped. What does the error refer to and how can I fix it?

You did restart (or reload) MailScanner after making each change?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  9 19:59:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:30 2006
Subject: Help Needed with Configuration Error
Message-ID: <mailman.477.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:48 09/08/2004, you wrote:
>On Mon, 2004-08-09 at 18:47, David Scott wrote:
> > Config Error: Cannot match against destination IP address when resolving
> > configuration option  "spamblacklist"
> > I'm stumped. What does the error refer to and how can I fix it?

With a rule that checks a message against an IP address, you can only use
"From:".
You do not know where a message will be delivered until after you have
delivered it.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From miguelk at KONSULTEX.COM.BR  Mon Aug  9 20:25:57 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren)
Date: Thu Jan 12 21:26:30 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.478.1137101190.24926.mailscanner@lists.mailscanner.info>

I have been running along with Mail Scanner just fine for a long, long
time and thought I had all my defenses in place. Over the weekend however
one of my servers seems to have been 'discovered' by a spamming operation
or a virus infected machine and I ended up with 75,000 files in the mqueue
directory this morning.

I use Sednmail 8.12.8 on Red Hat 9 in this case.

What I did is shut down Mail Scanner and Sendmail and deleted all those
files. It's possible that some were geunine emails but if so, very, very
few.

My understanding of Sendmail is that a relay is closed if the
/etc/mail/access file is ok. Here is what I have:

localhost.localdomain   RELAY
localhost               RELAY
127.0.0.1               RELAY

# internal
10.10.10.0              RELAY


I also have this in /etc/mail/relay-domains:

# internal
10.10.10.

# localhost
127.0.0.1
localhost
localhost.localdomain

I also run pop-before-smtp for our roaming users and I can't stop
using it short term. Perhaps some of the IPs I see in the pop-before-smtp
log are that particular spammer IP.

I don't think Red Hat 9 has any default users that can log in to email
with
default passwords. If anybody is intereseted, this
http://popbsmtp.sourceforge.net/ is a good system assuming it did not
cause
the problems. This system requires a change in
/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
before sending emails. This is the change that I made a long time ago:

Kpopauth hash -a<OK> /etc/mail/popauth

SLocal_check_rcpt
R$*             $: $(popauth $&{client_addr} $: <?> $)
R<?>            $@ NoPopAuth
R$*<OK>         $# OK
......

then I have all the rest of the normal file.

My theory is that there may be an infected machine logging in to pop and
then sending emails or a deliberate attempt to use pop with default users
gets the same result.

Summarizing:
a) are there any errors in access and relay-domains?
b) are there any known default users in Red Hat 9 that can access pop?
c) Would this sendmail.cf somehow mess up the relay checking (apart from
checking the database first)?

Miguel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From rob at THEHOSTMASTERS.COM  Mon Aug  9 20:33:19 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:30 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.479.1137101190.24926.mailscanner@lists.mailscanner.info>

If you are running a web server on this machine, check to see if you have
cgi's that access sendmail IE; form mail scripts  as I had this issue on my
server and spammers were using this cgi to spam...

my 2 cents

:)

Rob....



----- Original Message -----
From: "Miguel Koren" <miguelk@KONSULTEX.COM.BR>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, August 09, 2004 3:25 PM
Subject: [OT] Sendmail open relay problem


> I have been running along with Mail Scanner just fine for a long, long
> time and thought I had all my defenses in place. Over the weekend however
> one of my servers seems to have been 'discovered' by a spamming operation
> or a virus infected machine and I ended up with 75,000 files in the mqueue
> directory this morning.
>
> I use Sednmail 8.12.8 on Red Hat 9 in this case.
>
> What I did is shut down Mail Scanner and Sendmail and deleted all those
> files. It's possible that some were geunine emails but if so, very, very
> few.
>
> My understanding of Sendmail is that a relay is closed if the
> /etc/mail/access file is ok. Here is what I have:
>
> localhost.localdomain   RELAY
> localhost               RELAY
> 127.0.0.1               RELAY
>
> # internal
> 10.10.10.0              RELAY
>
>
> I also have this in /etc/mail/relay-domains:
>
> # internal
> 10.10.10.
>
> # localhost
> 127.0.0.1
> localhost
> localhost.localdomain
>
> I also run pop-before-smtp for our roaming users and I can't stop
> using it short term. Perhaps some of the IPs I see in the pop-before-smtp
> log are that particular spammer IP.
>
> I don't think Red Hat 9 has any default users that can log in to email
> with
> default passwords. If anybody is intereseted, this
> http://popbsmtp.sourceforge.net/ is a good system assuming it did not
> cause
> the problems. This system requires a change in
> /etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
> before sending emails. This is the change that I made a long time ago:
>
> Kpopauth hash -a<OK> /etc/mail/popauth
>
> SLocal_check_rcpt
> R$*             $: $(popauth $&{client_addr} $: <?> $)
> R<?>            $@ NoPopAuth
> R$*<OK>         $# OK
> ......
>
> then I have all the rest of the normal file.
>
> My theory is that there may be an infected machine logging in to pop and
> then sending emails or a deliberate attempt to use pop with default users
> gets the same result.
>
> Summarizing:
> a) are there any errors in access and relay-domains?
> b) are there any known default users in Red Hat 9 that can access pop?
> c) Would this sendmail.cf somehow mess up the relay checking (apart from
> checking the database first)?
>
> Miguel
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From thom at CUSTOMNETWORKS.CA  Mon Aug  9 20:39:46 2004
From: thom at CUSTOMNETWORKS.CA (Thom Paine)
Date: Thu Jan 12 21:26:30 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.480.1137101190.24926.mailscanner@lists.mailscanner.info>

I don't use the relay domains. But mine is similar to yours.

My network is 10.10.10 and I have my access line 10.10.10. without the
0.

I also comment out accept unresolvable domains in /etc/mail/sendmail.mc


On Mon, 2004-08-09 at 15:25, Miguel Koren wrote:
> I have been running along with Mail Scanner just fine for a long, long
> time and thought I had all my defenses in place. Over the weekend however
> one of my servers seems to have been 'discovered' by a spamming operation
> or a virus infected machine and I ended up with 75,000 files in the mqueue
> directory this morning.
>
> I use Sednmail 8.12.8 on Red Hat 9 in this case.
>
> What I did is shut down Mail Scanner and Sendmail and deleted all those
> files. It's possible that some were geunine emails but if so, very, very
> few.
>
> My understanding of Sendmail is that a relay is closed if the
> /etc/mail/access file is ok. Here is what I have:
>
> localhost.localdomain   RELAY
> localhost               RELAY
> 127.0.0.1               RELAY
>
> # internal
> 10.10.10.0              RELAY
>
>
> I also have this in /etc/mail/relay-domains:
>
> # internal
> 10.10.10.
>
> # localhost
> 127.0.0.1
> localhost
> localhost.localdomain
>
> I also run pop-before-smtp for our roaming users and I can't stop
> using it short term. Perhaps some of the IPs I see in the pop-before-smtp
> log are that particular spammer IP.
>
> I don't think Red Hat 9 has any default users that can log in to email
> with
> default passwords. If anybody is intereseted, this
> http://popbsmtp.sourceforge.net/ is a good system assuming it did not
> cause
> the problems. This system requires a change in
> /etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
> before sending emails. This is the change that I made a long time ago:
>
> Kpopauth hash -a<OK> /etc/mail/popauth
>
> SLocal_check_rcpt
> R$*             $: $(popauth $&{client_addr} $: <?> $)
> R<?>            $@ NoPopAuth
> R$*<OK>         $# OK
> ......
>
> then I have all the rest of the normal file.
>
> My theory is that there may be an infected machine logging in to pop and
> then sending emails or a deliberate attempt to use pop with default users
> gets the same result.
>
> Summarizing:
> a) are there any errors in access and relay-domains?
> b) are there any known default users in Red Hat 9 that can access pop?
> c) Would this sendmail.cf somehow mess up the relay checking (apart from
> checking the database first)?
>
> Miguel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mkipness at GENIANT.COM  Mon Aug  9 20:41:30 2004
From: mkipness at GENIANT.COM (Max Kipness)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.481.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Hello 
-</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Anybody getting 
flooded with various named zip attachments with viruses in them? Some are being 
caught as a bagel variant, some are getting through.</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial 
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial 
size=2>Max</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From jstevens at ATHENSDISTRIBUTING.COM  Mon Aug  9 20:43:37 2004
From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens)
Date: Thu Jan 12 21:26:30 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.482.1137101190.24926.mailscanner@lists.mailscanner.info>

I'm curious as to what the messages in the queue had in common. Are they
all from a null sender (i.e.  <> ) Did Sendmail think localhost(or
127.0.0.1) was the relay for each piece of mail???

-----Original Message-----
From: Miguel Koren [mailto:miguelk@KONSULTEX.COM.BR] 
Sent: Monday, August 09, 2004 2:26 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [OT] Sendmail open relay problem


I have been running along with Mail Scanner just fine for a long, long
time and thought I had all my defenses in place. Over the weekend
however
one of my servers seems to have been 'discovered' by a spamming
operation
or a virus infected machine and I ended up with 75,000 files in the
mqueue
directory this morning.

I use Sednmail 8.12.8 on Red Hat 9 in this case.

What I did is shut down Mail Scanner and Sendmail and deleted all those
files. It's possible that some were geunine emails but if so, very, very
few.

My understanding of Sendmail is that a relay is closed if the
/etc/mail/access file is ok. Here is what I have:

localhost.localdomain   RELAY
localhost               RELAY
127.0.0.1               RELAY

# internal
10.10.10.0              RELAY


I also have this in /etc/mail/relay-domains:

# internal
10.10.10.

# localhost
127.0.0.1
localhost
localhost.localdomain

I also run pop-before-smtp for our roaming users and I can't stop
using it short term. Perhaps some of the IPs I see in the
pop-before-smtp
log are that particular spammer IP.

I don't think Red Hat 9 has any default users that can log in to email
with
default passwords. If anybody is intereseted, this
http://popbsmtp.sourceforge.net/ is a good system assuming it did not
cause
the problems. This system requires a change in
/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp
database
before sending emails. This is the change that I made a long time ago:

Kpopauth hash -a<OK> /etc/mail/popauth

SLocal_check_rcpt
R$*             $: $(popauth $&{client_addr} $: <?> $)
R<?>            $@ NoPopAuth
R$*<OK>         $# OK
......

then I have all the rest of the normal file.

My theory is that there may be an infected machine logging in to pop and
then sending emails or a deliberate attempt to use pop with default
users
gets the same result.

Summarizing:
a) are there any errors in access and relay-domains?
b) are there any known default users in Red Hat 9 that can access pop?
c) Would this sendmail.cf somehow mess up the relay checking (apart from
checking the database first)?

Miguel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From sailer at BNL.GOV  Mon Aug  9 20:45:37 2004
From: sailer at BNL.GOV (Tim Sailer)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.483.1137101190.24926.mailscanner@lists.mailscanner.info>

Virus scanning software reported the following:
Mon Aug  9 15:36:16 2004
   price.exe  is a dropper for W32/Mitglieder.W

On Mon, Aug 09, 2004 at 02:41:30PM -0500, Max Kipness wrote:
> Hello -
>
> Anybody getting flooded with various named zip attachments with viruses
> in them? Some are being caught as a bagel variant, some are getting
> through.
>
> Thanks,
> Max
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Tim Sailer <sailer@bnl.gov>
Information and Special Technologies Program
Office of CounterIntelligence
Brookhaven National Laboratory  (631) 344-3001

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From KShortt at AZERTY.COM  Mon Aug  9 20:46:04 2004
From: KShortt at AZERTY.COM (Shortt, Kevin)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.484.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=952434419-09082004><FONT face=Arial
color=#0000ff size=2>It looks like a new Bagle variant.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=952434419-09082004><FONT face=Arial
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=952434419-09082004><FONT face=Arial
color=#0000ff size=2>Read more... <A
href="http://isc.sans.org/">http://isc.sans.org/</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=952434419-09082004><FONT face=Arial
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=952434419-09082004><FONT face=Arial
color=#0000ff size=2>-k</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Max Kipness [mailto:mkipness@GENIANT.COM]
<BR><B>Sent:</B> Monday, August 09, 2004 3:42 PM<BR><B>To:</B>
MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Price zip?<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Hello
-</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Anybody getting
flooded with various named zip attachments with viruses in them? Some are being
caught as a bagel variant, some are getting through.</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=625214019-09082004><FONT face=Arial
size=2>Max</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>-------------------------- MailScanner list
----------------------<BR>To leave, send leave mailscanner to <A
href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before
posting, please see the Most Asked Questions at<BR><A
href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and
the archives at<BR><A
href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From csweeney at OSUBUCKS.ORG  Mon Aug  9 20:48:50 2004
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.485.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="Open WebMail 2.30 20040131" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
Yep in the last hour or so its been crazy!<font size="2">
<br />
<br />-- 
<br />Thanks 
<br />Chris 
<br />
<br />
<br /><b>---------- Original Message -----------</b>
<br />From: Max Kipness &lt;mkipness@GENIANT.COM&gt; 
<br />To: MAILSCANNER@JISCMAIL.AC.UK 
<br />Sent: Mon, 9 Aug 2004 14:41:30 -0500 
<br />Subject: Price zip? 
<br />
<br />&gt; <span class="625214019-09082004"><font face="Arial" size="2">Hello -</font></span> 
<br />&gt; <span class="625214019-09082004"></span>  
<br />&gt; <span class="625214019-09082004"><font face="Arial" size="2">Anybody getting flooded with various named zip attachments with viruses in them? Some are being caught as a bagel variant, some are getting through.</font></span> 
<br />&gt; <span class="625214019-09082004"></span>  
<br />&gt; <span class="625214019-09082004"><font face="Arial" size="2">Thanks,</font></span> 
<br />&gt; <span class="625214019-09082004"><font face="Arial" size="2">Max</font></span> 
<br />&gt;  
<br />&gt; -- 
<br />&gt; This message has been scanned for viruses and 
<br />&gt; dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is 
<br />&gt; believed to be clean. -------------------------- MailScanner list ----------------------
<br />&gt; To leave, send leave mailscanner to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
<br />&gt; Before posting, please see the Most Asked Questions at
<br />&gt; <a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a> and the archives at
<br />&gt; <a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>
<br /><b>------- End of Original Message -------</b>
<br /></font>
</BODY>
<br />-- 
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</HTML>

-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From chrism at t3wireless.com  Mon Aug  9 20:48:51 2004
From: chrism at t3wireless.com (Chris McGinnis)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.486.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I'm seeing it also.&nbsp; ClamAV is catching it as 
Trojan.JS.RunMe.&nbsp; I'm guessing this is the same thing from Trendmicro: <A 
href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AC">http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AC</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>-Chris</FONT></DIV>
<BLOCKQUOTE 
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A title=mkipness@GENIANT.COM href="mailto:mkipness@GENIANT.COM">Max 
  Kipness</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A title=MAILSCANNER@JISCMAIL.AC.UK 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 09, 2004 2:41 
  PM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> Price zip?</DIV>
  <DIV><BR></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Hello 
  -</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Anybody getting 
  flooded with various named zip attachments with viruses in them? Some are 
  being caught as a bagel variant, some are getting through.</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2>Thanks,</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2>Max</FONT></SPAN></DIV>
  <DIV>&nbsp;</DIV>-------------------------- MailScanner list 
  ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From steve.swaney at FSL.COM  Mon Aug  9 20:53:38 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.487.1137101190.24926.mailscanner@lists.mailscanner.info>

 
________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Max Kipness
Sent: Monday, August 09, 2004 3:42 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Price zip?

Hello -
 
Anybody getting flooded with various named zip attachments with viruses in
them? Some are being caught as a bagel variant, some are getting through.
 
Thanks,
Max
 

Yes. ClamAV is definitely catching it starting aroung 1:00 PM EDT. The
attachments all appear to end in price.zip so blocking filenames price\.zip$
appears also work.


    Sender: facultysearch@aurora.edu
IP Address: 68.20.169.164
 Recipient: admissions@lewisu.edu
   Subject: 
 MessageID: i79JoAEA030294
    Report: ClamAV Module: price_08.zip was infected: Trojan.JS.RunMe

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mike at CAMAROSS.NET  Mon Aug  9 20:55:55 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.488.1137101190.24926.mailscanner@lists.mailscanner.info>

ClamAV and BitDefender are picking it up.  My Sophos is not as of yet.

Mike



________________________________

        From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
On Behalf Of Chris Sweeney
        Sent: Monday, August 09, 2004 2:49 PM
        To: MAILSCANNER@JISCMAIL.AC.UK
        Subject: Re: Price zip?


        Yep in the last hour or so its been crazy!

        --
        Thanks
        Chris


        ---------- Original Message -----------
        From: Max Kipness <mkipness@GENIANT.COM>
        To: MAILSCANNER@JISCMAIL.AC.UK
        Sent: Mon, 9 Aug 2004 14:41:30 -0500
        Subject: Price zip?

        > Hello -
        >
        > Anybody getting flooded with various named zip attachments with
viruses in them? Some are being caught as a bagel variant, some are getting
through.
        >
        > Thanks,
        > Max
        >
        > --
        > This message has been scanned for viruses and
        > dangerous content by MailScanner <http://www.mailscanner.info/> ,
and is
        > believed to be clean. -------------------------- MailScanner list
----------------------
        > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
        > Before posting, please see the Most Asked Questions at
        > http://www.mailscanner.biz/maq/ and the archives at
        > http://www.jiscmail.ac.uk/lists/mailscanner.html
        ------- End of Original Message -------

        --
        This message has been scanned for viruses and
        dangerous content by MailScanner <http://www.mailscanner.info/> ,
and is
        believed to be clean. -------------------------- MailScanner list
----------------------
        To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
        Before posting, please see the Most Asked Questions at
        http://www.mailscanner.biz/maq/ and the archives at
        http://www.jiscmail.ac.uk/lists/mailscanner.html


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mkipness at GENIANT.COM  Mon Aug  9 20:56:12 2004
From: mkipness at GENIANT.COM (Max Kipness)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.489.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=015535419-09082004><FONT face=Arial 
color=#0000ff size=2>Can someone offer a tip on how to block all zip attachments 
with the word price in it (caps or small letters), I can never seem to get the 
syntax right in the filetypes rule.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=015535419-09082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=015535419-09082004><FONT face=Arial 
color=#0000ff size=2>Thanks,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=015535419-09082004><FONT face=Arial 
color=#0000ff size=2>Max</FONT></SPAN></DIV><BR>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
  <HR tabIndex=-1>
  <FONT face=Tahoma size=2><B>From:</B> MailScanner mailing list 
  [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of </B>Chris 
  Sweeney<BR><B>Sent:</B> Monday, August 09, 2004 2:49 PM<BR><B>To:</B> 
  MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re: Price 
  zip?<BR></FONT><BR></DIV>
  <DIV></DIV>Yep in the last hour or so its been crazy!<FONT size=2> <BR><BR>-- 
  <BR>Thanks <BR>Chris <BR><BR><BR><B>---------- Original Message 
  -----------</B> <BR>From: Max Kipness &lt;mkipness@GENIANT.COM&gt; <BR>To: 
  MAILSCANNER@JISCMAIL.AC.UK <BR>Sent: Mon, 9 Aug 2004 14:41:30 -0500 
  <BR>Subject: Price zip? <BR><BR>&gt; <SPAN class=625214019-09082004><FONT 
  face=Arial size=2>Hello -</FONT></SPAN> <BR>&gt; <SPAN 
  class=625214019-09082004></SPAN>&nbsp; <BR>&gt; <SPAN 
  class=625214019-09082004><FONT face=Arial size=2>Anybody getting flooded with 
  various named zip attachments with viruses in them? Some are being caught as a 
  bagel variant, some are getting through.</FONT></SPAN> <BR>&gt; <SPAN 
  class=625214019-09082004></SPAN>&nbsp; <BR>&gt; <SPAN 
  class=625214019-09082004><FONT face=Arial size=2>Thanks,</FONT></SPAN> 
  <BR>&gt; <SPAN class=625214019-09082004><FONT face=Arial 
  size=2>Max</FONT></SPAN> <BR>&gt; &nbsp; <BR>&gt; -- <BR>&gt; This message has 
  been scanned for viruses and <BR>&gt; dangerous content by <A 
  href="http://www.mailscanner.info/"><B>MailScanner</B></A>, and is <BR>&gt; 
  believed to be clean. -------------------------- MailScanner list 
  ---------------------- <BR>&gt; To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> <BR>&gt; 
  Before posting, please see the Most Asked Questions at <BR>&gt; <A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at <BR>&gt; <A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A> 
  <BR><B>------- End of Original Message -------</B> <BR></FONT><BR>-- <BR>This 
  message has been scanned for viruses and <BR>dangerous content by <A 
  href="http://www.mailscanner.info/"><B>MailScanner</B></A>, and is 
  <BR>believed to be clean. -------------------------- MailScanner list 
  ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From jstevens at ATHENSDISTRIBUTING.COM  Mon Aug  9 20:56:26 2004
From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.490.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
size=2>Yepper.</FONT></SPAN></DIV>
<DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff size=2>ClamAV 
is doing well ...caught 50 + since lunch. None have a Subkect line...All have 
price.exe or price.htm as atatchments.</FONT></SPAN></DIV>
<DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=907165419-09082004>ClamAV: price.exe contains Worm.Bagle.AI 
MailScanner: Executable DOS/Windows programs are dangerous in email 
(price.exe)<BR><BR>ClamAV: price.html contains Trojan.JS.RunMe <BR>ClamAV: 
08_price.zip contains Trojan.JS.RunMe ClamAV: price.exe contains Worm.Bagle.AI 
<BR>MailScanner: Executable DOS/Windows programs are dangerous in email 
(price.exe)<BR>ClamAV: price.html contains Trojan.JS.RunMe </SPAN></DIV>
<DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
  face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Max Kipness 
  [mailto:mkipness@GENIANT.COM] <BR><B>Sent:</B> Monday, August 09, 2004 2:42 
  PM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Price 
  zip?<BR><BR></FONT></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Hello 
  -</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Anybody getting 
  flooded with various named zip attachments with viruses in them? Some are 
  being caught as a bagel variant, some are getting through.</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2>Thanks,</FONT></SPAN></DIV>
  <DIV><SPAN class=625214019-09082004><FONT face=Arial 
  size=2>Max</FONT></SPAN></DIV>
  <DIV>&nbsp;</DIV><BR>-- <BR>This message has been scanned for viruses and 
  <BR>dangerous content by <A 
  href="http://www.athensdistributing.com/"><B>Athens Hyperion Scanner</B></A>, 
  and is <BR>believed to be clean. -------------------------- MailScanner list 
  ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY><br />-- 
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.athensdistributing.com/"><b>Athens Hyperion Scanner</b></a>, and is
<br />believed to be clean.
</HTML>

-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From rob at THEHOSTMASTERS.COM  Mon Aug  9 21:00:53 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.491.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Yup, clam is doing just fine, and MacAfee, seems to 
be asleep!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>:)</FONT></DIV>
<DIV><BR>Rob....</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>&nbsp;</DIV>
<BLOCKQUOTE 
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A title=jstevens@ATHENSDISTRIBUTING.COM 
  href="mailto:jstevens@ATHENSDISTRIBUTING.COM">James R. Stevens</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A title=MAILSCANNER@JISCMAIL.AC.UK 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 09, 2004 3:56 
  PM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: Price zip?</DIV>
  <DIV><BR></DIV>
  <DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
  size=2>Yepper.</FONT></SPAN></DIV>
  <DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
  size=2>ClamAV is doing well ...caught 50 + since lunch. None have a Subkect 
  line...All have price.exe or price.htm as atatchments.</FONT></SPAN></DIV>
  <DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=907165419-09082004>ClamAV: price.exe contains Worm.Bagle.AI 
  MailScanner: Executable DOS/Windows programs are dangerous in email 
  (price.exe)<BR><BR>ClamAV: price.html contains Trojan.JS.RunMe <BR>ClamAV: 
  08_price.zip contains Trojan.JS.RunMe ClamAV: price.exe contains Worm.Bagle.AI 
  <BR>MailScanner: Executable DOS/Windows programs are dangerous in email 
  (price.exe)<BR>ClamAV: price.html contains Trojan.JS.RunMe </SPAN></DIV>
  <DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=907165419-09082004><FONT face=Arial color=#0000ff 
  size=2></FONT></SPAN>&nbsp;</DIV>
  <BLOCKQUOTE style="MARGIN-RIGHT: 0px">
    <DIV></DIV>
    <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
    face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Max Kipness 
    [mailto:mkipness@GENIANT.COM] <BR><B>Sent:</B> Monday, August 09, 2004 2:42 
    PM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Price 
    zip?<BR><BR></FONT></DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Hello 
    -</FONT></SPAN></DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial 
    size=2></FONT></SPAN>&nbsp;</DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial size=2>Anybody getting 
    flooded with various named zip attachments with viruses in them? Some are 
    being caught as a bagel variant, some are getting 
    through.</FONT></SPAN></DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial 
    size=2></FONT></SPAN>&nbsp;</DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial 
    size=2>Thanks,</FONT></SPAN></DIV>
    <DIV><SPAN class=625214019-09082004><FONT face=Arial 
    size=2>Max</FONT></SPAN></DIV>
    <DIV>&nbsp;</DIV><BR>-- <BR>This message has been scanned for viruses and 
    <BR>dangerous content by <A 
    href="http://www.athensdistributing.com/"><B>Athens Hyperion 
    Scanner</B></A>, and is <BR>believed to be clean. -------------------------- 
    MailScanner list ----------------------<BR>To leave, send leave mailscanner 
    to <A 
    href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
    posting, please see the Most Asked Questions at<BR><A 
    href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> 
    and the archives at<BR><A 
    href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE><BR>-- 
  <BR>This message has been scanned for viruses and <BR>dangerous content by <A 
  href="http://www.athensdistributing.com/"><B>Athens Hyperion Scanner</B></A>, 
  and is <BR>believed to be clean. -------------------------- MailScanner list 
  ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY></HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From dustin.baer at IHS.COM  Mon Aug  9 21:01:58 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.492.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Put this in filename.rules.conf, tab separated

deny    \.zip$     New virus outbreak    New virus outbreak. Temporary
denial of zip files




Max Kipness wrote:

> Can someone offer a tip on how to block all zip attachments with the
> word price in it (caps or small letters), I can never seem to get the
> syntax right in the filetypes rule.
>
> Thanks,
> Max
>
>     ------------------------------------------------------------------------
>     From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
>     On Behalf Of Chris Sweeney
>     Sent: Monday, August 09, 2004 2:49 PM
>     To: MAILSCANNER@JISCMAIL.AC.UK
>     Subject: Re: Price zip?
>
>     Yep in the last hour or so its been crazy!
>
>     --
>     Thanks
>     Chris
>
>
>     ---------- Original Message -----------
>     From: Max Kipness <mkipness@GENIANT.COM>
>     To: MAILSCANNER@JISCMAIL.AC.UK
>     Sent: Mon, 9 Aug 2004 14:41:30 -0500
>     Subject: Price zip?
>
>     > Hello -
>     >
>     > Anybody getting flooded with various named zip attachments with
>     viruses in them? Some are being caught as a bagel variant, some
>     are getting through.
>     >
>     > Thanks,
>     > Max
>     >
>     > --
>     > This message has been scanned for viruses and
>     > dangerous content by MailScanner <http://www.mailscanner.info/>,
>     and is
>     > believed to be clean. -------------------------- MailScanner
>     list ----------------------
>     > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
>     <mailto:jiscmail@jiscmail.ac.uk>
>     > Before posting, please see the Most Asked Questions at
>     > http://www.mailscanner.biz/maq/ and the archives at
>     > http://www.jiscmail.ac.uk/lists/mailscanner.html
>     ------- End of Original Message -------
>
>     --
>     This message has been scanned for viruses and
>     dangerous content by MailScanner <http://www.mailscanner.info/>,
>     and is
>     believed to be clean. -------------------------- MailScanner list
>     ----------------------
>     To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
>     <mailto:jiscmail@jiscmail.ac.uk>
>     Before posting, please see the Most Asked Questions at
>     http://www.mailscanner.biz/maq/ and the archives at
>     http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
> <mailto:jiscmail@jiscmail.ac.uk>
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html


--
Dustin Baer
Identity Management Architect
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

Confidentiality Notice: The information in this e-mail may be
confidential and / or privileged. This e-mail is intended to be reviewed
by only the individual or organization named in the e-mail address. If
you are not the intended recipient, you are hereby notified that any
review, dissemination or copying of this e-mail and attachments, if any,
or the information contained herein, is strictly prohibited.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Mon Aug  9 21:03:00 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.493.1137101190.24926.mailscanner@lists.mailscanner.info>

Hi!

> Can someone offer a tip on how to block all zip attachments with the
> word price in it (caps or small letters), I can never seem to get the
> syntax right in the filetypes rule.

ClamAV detects them, cant you simply use Clam ? Its free.

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From bob.jones at USG.EDU  Mon Aug  9 21:05:33 2004
From: bob.jones at USG.EDU (Bob Jones)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.494.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob wrote:
> Yup, clam is doing just fine, and MacAfee, seems to be asleep!
>

The 4384 DATs that will catch this new one are due today according to
the site and you can go ahead and grab the EXTRA.DAT if you use McAfee
to protect yourself from this one until the new dats are released.

Bob

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mike at CAMAROSS.NET  Mon Aug  9 21:11:59 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:30 2006
Subject: Price zip?
Message-ID: <mailman.495.1137101190.24926.mailscanner@lists.mailscanner.info>

I suspect that my milter-sender is helping a lot too.  I've seen quite an
increase today in non-existent senders.

Mike



________________________________

        From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
On Behalf Of Rob
        Sent: Monday, August 09, 2004 3:01 PM
        To: MAILSCANNER@JISCMAIL.AC.UK
        Subject: Re: Price zip?


        Yup, clam is doing just fine, and MacAfee, seems to be asleep!

        :)

        Rob....




                ----- Original Message -----
                From: James R. Stevens
<mailto:jstevens@ATHENSDISTRIBUTING.COM>
                To: MAILSCANNER@JISCMAIL.AC.UK
                Sent: Monday, August 09, 2004 3:56 PM
                Subject: Re: Price zip?

                Yepper.
                ClamAV is doing well ...caught 50 + since lunch. None have a
Subkect line...All have price.exe or price.htm as atatchments.

                ClamAV: price.exe contains Worm.Bagle.AI MailScanner:
Executable DOS/Windows programs are dangerous in email (price.exe)

                ClamAV: price.html contains Trojan.JS.RunMe
                ClamAV: 08_price.zip contains Trojan.JS.RunMe ClamAV:
price.exe contains Worm.Bagle.AI
                MailScanner: Executable DOS/Windows programs are dangerous
in email (price.exe)
                ClamAV: price.html contains Trojan.JS.RunMe



                        -----Original Message-----
                        From: Max Kipness [mailto:mkipness@GENIANT.COM]
                        Sent: Monday, August 09, 2004 2:42 PM
                        To: MAILSCANNER@JISCMAIL.AC.UK
                        Subject: Price zip?


                        Hello -

                        Anybody getting flooded with various named zip
attachments with viruses in them? Some are being caught as a bagel variant,
some are getting through.

                        Thanks,
                        Max


                        --
                        This message has been scanned for viruses and
                        dangerous content by Athens Hyperion Scanner
<http://www.athensdistributing.com/> , and is
                        believed to be clean. --------------------------
MailScanner list ----------------------
                        To leave, send leave mailscanner to
jiscmail@jiscmail.ac.uk
                        Before posting, please see the Most Asked Questions
at
                        http://www.mailscanner.biz/maq/ and the archives at
                        http://www.jiscmail.ac.uk/lists/mailscanner.html



                --
                This message has been scanned for viruses and
                dangerous content by Athens Hyperion Scanner
<http://www.athensdistributing.com/> , and is
                believed to be clean. -------------------------- MailScanner
list ----------------------
                To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
                Before posting, please see the Most Asked Questions at
                http://www.mailscanner.biz/maq/ and the archives at
                http://www.jiscmail.ac.uk/lists/mailscanner.html


        -------------------------- MailScanner list ----------------------
        To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
        Before posting, please see the Most Asked Questions at
        http://www.mailscanner.biz/maq/ and the archives at
        http://www.jiscmail.ac.uk/lists/mailscanner.html


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From vanhorn at WHIDBEY.COM  Mon Aug  9 21:32:22 2004
From: vanhorn at WHIDBEY.COM (G. Armour Van Horn)
Date: Thu Jan 12 21:26:30 2006
Subject: Determin version number
Message-ID: <mailman.496.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I noticed that when I installed, but just tried it now. At the end of
the report are these lines:

Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV

Are the first two errors meaningful?

And that third one makes no sense, as I am not running ClamAV on this
machine. Of course, there are a whole lot of others that I'm not running
either.

Van


Ugo Bellavance wrote:

> Jon Fraley wrote:
>
>> Is there a commandline command to get the MailScanner version number?
>>
>
> Yes, in the most recent version
>
> -V
>
>> Thanks --Jon
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> .
>

--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted@whidbey.com?subject=Subscribe_QOTD

For web design, hosting, and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
-----------------------------------------------------------

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From miguelk at KONSULTEX.COM.BR  Mon Aug  9 21:40:08 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:26:30 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.497.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James;

What they had in common is that they said they were coming from my ip as
the relay. They were not from a null sender though and there was
variety, which made me think of a virus infected machine having gained
pop access.

I use Openwebmail on this server. Would it be a valid theory that some
program in that package gets used to spam?

Miguel


James R. Stevens wrote:

>I'm curious as to what the messages in the queue had in common. Are they
>all from a null sender (i.e.  <> ) Did Sendmail think localhost(or
>127.0.0.1) was the relay for each piece of mail???
>
>-----Original Message-----
>From: Miguel Koren [mailto:miguelk@KONSULTEX.COM.BR]
>Sent: Monday, August 09, 2004 2:26 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: [OT] Sendmail open relay problem
>
>
>I have been running along with Mail Scanner just fine for a long, long
>time and thought I had all my defenses in place. Over the weekend
>however
>one of my servers seems to have been 'discovered' by a spamming
>operation
>or a virus infected machine and I ended up with 75,000 files in the
>mqueue
>directory this morning.
>
>I use Sednmail 8.12.8 on Red Hat 9 in this case.
>
>What I did is shut down Mail Scanner and Sendmail and deleted all those
>files. It's possible that some were geunine emails but if so, very, very
>few.
>
>My understanding of Sendmail is that a relay is closed if the
>/etc/mail/access file is ok. Here is what I have:
>
>localhost.localdomain   RELAY
>localhost               RELAY
>127.0.0.1               RELAY
>
># internal
>10.10.10.0              RELAY
>
>
>I also have this in /etc/mail/relay-domains:
>
># internal
>10.10.10.
>
># localhost
>127.0.0.1
>localhost
>localhost.localdomain
>
>I also run pop-before-smtp for our roaming users and I can't stop
>using it short term. Perhaps some of the IPs I see in the
>pop-before-smtp
>log are that particular spammer IP.
>
>I don't think Red Hat 9 has any default users that can log in to email
>with
>default passwords. If anybody is intereseted, this
>http://popbsmtp.sourceforge.net/ is a good system assuming it did not
>cause
>the problems. This system requires a change in
>/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp
>database
>before sending emails. This is the change that I made a long time ago:
>
>Kpopauth hash -a<OK> /etc/mail/popauth
>
>SLocal_check_rcpt
>R$*             $: $(popauth $&{client_addr} $: <?> $)
>R<?>            $@ NoPopAuth
>R$*<OK>         $# OK
>......
>
>then I have all the rest of the normal file.
>
>My theory is that there may be an infected machine logging in to pop and
>then sending emails or a deliberate attempt to use pop with default
>users
>gets the same result.
>
>Summarizing:
>a) are there any errors in access and relay-domains?
>b) are there any known default users in Red Hat 9 that can access pop?
>c) Would this sendmail.cf somehow mess up the relay checking (apart from
>checking the database first)?
>
>Miguel
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From vanhorn at WHIDBEY.COM  Mon Aug  9 21:44:23 2004
From: vanhorn at WHIDBEY.COM (G. Armour Van Horn)
Date: Thu Jan 12 21:26:31 2006
Subject: File name/type rules
Message-ID: <mailman.498.1137101190.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greetings:

I have a client with their own server, and though they are enjoying the
relief from spam and viruses they are getting testy about meaningful
attachments getting in and out. Basically, there are four users for whom
they do not want to have attachments blocked, and because these users
are experienced *and* they use Pine as their mail client so the normal
Outlook risks are absent, I'm trying to figure out how to accomodate them.

The rules for file names and types are completely different from the
rules for other things like forms and IFrames. I'm assuming that I can't
mix the two and add a line like
    To:   chuck   allow
to the rules.

Or can I? Or is there another approach that would handle this?

Van


--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted@whidbey.com?subject=Subscribe_QOTD

For web design, hosting, and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
-----------------------------------------------------------

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mkipness at GENIANT.COM  Mon Aug  9 21:51:48 2004
From: mkipness at GENIANT.COM (Max Kipness)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.499.1137101191.24926.mailscanner@lists.mailscanner.info>

I tried adding the following:

deny    \price.zip$     New virus outbreak      New virus outbreak

Tab separated and then mail stopped processing through MailScanner. I
walked away and when I came back there were 180 messages waiting to be
processed. I removed this line and all is well.

Can anyone see what is wrong with this line?

Thanks,
Max 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dustin Baer
> Sent: Monday, August 09, 2004 3:02 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Price zip?
> 
> Put this in filename.rules.conf, tab separated
> 
> deny    \.zip$     New virus outbreak    New virus outbreak. Temporary
> denial of zip files
> 
> 
> 
> 
> Max Kipness wrote:
> 
> > Can someone offer a tip on how to block all zip attachments 
> with the 
> > word price in it (caps or small letters), I can never seem 
> to get the 
> > syntax right in the filetypes rule.
> >
> > Thanks,
> > Max
> >
> >     
> --------------------------------------------------------------
> ----------
> >     From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> >     On Behalf Of Chris Sweeney
> >     Sent: Monday, August 09, 2004 2:49 PM
> >     To: MAILSCANNER@JISCMAIL.AC.UK
> >     Subject: Re: Price zip?
> >
> >     Yep in the last hour or so its been crazy!
> >
> >     --
> >     Thanks
> >     Chris
> >
> >
> >     ---------- Original Message -----------
> >     From: Max Kipness <mkipness@GENIANT.COM>
> >     To: MAILSCANNER@JISCMAIL.AC.UK
> >     Sent: Mon, 9 Aug 2004 14:41:30 -0500
> >     Subject: Price zip?
> >
> >     > Hello -
> >     >
> >     > Anybody getting flooded with various named zip 
> attachments with
> >     viruses in them? Some are being caught as a bagel variant, some
> >     are getting through.
> >     >
> >     > Thanks,
> >     > Max
> >     >
> >     > --
> >     > This message has been scanned for viruses and
> >     > dangerous content by MailScanner 
> <http://www.mailscanner.info/>,
> >     and is
> >     > believed to be clean. -------------------------- MailScanner
> >     list ----------------------
> >     > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
> >     <mailto:jiscmail@jiscmail.ac.uk>
> >     > Before posting, please see the Most Asked Questions at
> >     > http://www.mailscanner.biz/maq/ and the archives at
> >     > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >     ------- End of Original Message -------
> >
> >     --
> >     This message has been scanned for viruses and
> >     dangerous content by MailScanner <http://www.mailscanner.info/>,
> >     and is
> >     believed to be clean. -------------------------- 
> MailScanner list
> >     ----------------------
> >     To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
> >     <mailto:jiscmail@jiscmail.ac.uk>
> >     Before posting, please see the Most Asked Questions at
> >     http://www.mailscanner.biz/maq/ and the archives at
> >     http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> > -------------------------- MailScanner list 
> ---------------------- To 
> > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk 
> > <mailto:jiscmail@jiscmail.ac.uk> Before posting, please see 
> the Most 
> > Asked Questions at http://www.mailscanner.biz/maq/ and the 
> archives at 
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> 
> 
> --
> Dustin Baer
> Identity Management Architect
> Information Handling Services
> 15 Inverness Way East
> Englewood, CO 80112
> 303-397-2836
> 
> Confidentiality Notice: The information in this e-mail may be 
> confidential and / or privileged. This e-mail is intended to 
> be reviewed by only the individual or organization named in 
> the e-mail address. If you are not the intended recipient, 
> you are hereby notified that any review, dissemination or 
> copying of this e-mail and attachments, if any, or the 
> information contained herein, is strictly prohibited.
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From tristan at LINUX.WITENKO.COM  Mon Aug  9 21:59:08 2004
From: tristan at LINUX.WITENKO.COM (Tristan Rhodes)
Date: Thu Jan 12 21:26:31 2006
Subject: File name/type rules
Message-ID: <mailman.500.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You can use a program like MSRE (MailScanner Ruleset Editor) to edit your rulesets.  It will help
prevent you from making most syntax errors (but not all).

http://sourceforge.net/projects/msre

You may want to wait until the next version, as the project is still in beta.

Tristan Rhodes

G. Armour Van Horn wrote:

> Greetings:
>
> I have a client with their own server, and though they are enjoying the
> relief from spam and viruses they are getting testy about meaningful
> attachments getting in and out. Basically, there are four users for whom
> they do not want to have attachments blocked, and because these users
> are experienced *and* they use Pine as their mail client so the normal
> Outlook risks are absent, I'm trying to figure out how to accomodate them.
>
> The rules for file names and types are completely different from the
> rules for other things like forms and IFrames. I'm assuming that I can't
> mix the two and add a line like
>    To:   chuck   allow
> to the rules.
>
> Or can I? Or is there another approach that would handle this?
>
> Van
>
>
> --
> ----------------------------------------------------------
> Sign up now for Quotes of the Day, a handful of quotations
> on a theme delivered every morning.
> Enlightenment! Daily, for free!
> mailto:twisted@whidbey.com?subject=Subscribe_QOTD
>
> For web design, hosting, and maintenance,
> visit Van's home page: http://www.domainvanhorn.com/van/
> -----------------------------------------------------------
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kevins at BMRB.CO.UK  Mon Aug  9 22:10:57 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:31 2006
Subject: File name/type rules
Message-ID: <mailman.501.1137101191.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-09 at 21:44, G. Armour Van Horn wrote:
> The rules for file names and types are completely different from the
> rules for other things like forms and IFrames. I'm assuming that I can't
> mix the two and add a line like
>     To:   chuck   allow
> to the rules.

What you do is create a seperate filename.rules.conf file for those
users then use a ruleset to specify which rules file to consult.  i.e.

FromorTo:gooduser@domain.com    /etc/MailScanner/filename.rules.conf.2

FromorTo:default        /etc/MailScanner/filename.rules.conf

The same approach will work for filetype rules.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From peter at UCGBOOK.COM  Mon Aug  9 22:14:44 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.502.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Max Kipness wrote:
> I tried adding the following:
>
> deny    \price.zip$     New virus outbreak      New virus outbreak

Move the escape character to the dot, like this:

deny    price\.zip$     New virus outbreak      New virus outbreak

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  9 22:17:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.503.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Anyone running a recent version, banning .exe files even within .zip files 
will be stopping this virus anyway.
I am now catching messages containing this virus for 8 different reasons:

     Report: SophosSAVI: price.zip was infected by JS/IllWill-A 
W32/Bagle-AQ W32/Bagle-AQ
             F-Prot: 
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.zip->price.html 
Infection: HTML/ObjData@exp
             F-Prot: 
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.zip->price/price.exe 
is a dropper for W32/Mitglieder.W
             SophosSAVI: price.exe was infected by W32/Bagle-AQ
             MailScanner: Executable DOS/Windows programs are dangerous in 
email (price.exe)
             No programs allowed (price.exe)
             SophosSAVI: price.html was infected by JS/IllWill-A
             F-Prot: 
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.html  Infection: 
HTML/ObjData@exp

I reckon that's pretty thorough interception :-)
-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug  9 22:17:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.504.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Anyone running a recent version, banning .exe files even within .zip files
will be stopping this virus anyway.
I am now catching messages containing this virus for 8 different reasons:

     Report: SophosSAVI: price.zip was infected by JS/IllWill-A
W32/Bagle-AQ W32/Bagle-AQ
             F-Prot:
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.zip->price.html
Infection: HTML/ObjData@exp
             F-Prot:
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.zip->price/price.exe
is a dropper for W32/Mitglieder.W
             SophosSAVI: price.exe was infected by W32/Bagle-AQ
             MailScanner: Executable DOS/Windows programs are dangerous in
email (price.exe)
             No programs allowed (price.exe)
             SophosSAVI: price.html was infected by JS/IllWill-A
             F-Prot:
/var/spool/MailScanner/incoming/28692/i79LCfZB009813/price.html  Infection:
HTML/ObjData@exp

I reckon that's pretty thorough interception :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From peter at UCGBOOK.COM  Mon Aug  9 22:17:36 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:31 2006
Subject: Determin version number
Message-ID: <mailman.505.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
G. Armour Van Horn wrote:
> I noticed that when I installed, but just tried it now. At the end of
> the report are these lines:
>
> Optional module versions are:
   ^^^^^^^^

> 2.63    Mail::SpamAssassin
> missing Net::LDAP
> missing SAVI
> missing Mail::ClamAV
>
> Are the first two errors meaningful?

It does say optional and that's just what it is, they are missing
because you didn't install them. Not a problem.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kevins at BMRB.CO.UK  Mon Aug  9 22:18:52 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.506.1137101191.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-09 at 22:14, Peter Bonivart wrote:
> Max Kipness wrote:
> > I tried adding the following:
> >
> > deny    \price.zip$     New virus outbreak      New virus outbreak
>
> Move the escape character to the dot, like this:
>
> deny    price\.zip$     New virus outbreak      New virus outbreak

I think you actually need
price.*\.zip

As many of the filenames contain characters between price and .zip




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From hermit921 at YAHOO.COM  Mon Aug  9 22:21:51 2004
From: hermit921 at YAHOO.COM (hermit921)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.507.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:14 PM 8/9/2004, Peter Bonivart wrote:
>Max Kipness wrote:
>>I tried adding the following:
>>
>>deny    \price.zip$     New virus outbreak      New virus outbreak
>
>Move the escape character to the dot, like this:
>
>deny    price\.zip$     New virus outbreak      New virus outbreak
>
>--
>/Peter Bonivart


We did this and it seems to catch around 85%.  The rest are named
price_new.zip or similar.

hermit921

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kevins at BMRB.CO.UK  Mon Aug  9 22:29:16 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.508.1137101191.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-09 at 22:17, Julian Field wrote:
> Anyone running a recent version, banning .exe files even within .zip files
> will be stopping this virus anyway.
> I am now catching messages containing this virus for 8 different reasons:

> I reckon that's pretty thorough interception :-)

I reckon you're right!  Is anyone else as concerned as I am by the
seeming increase in JavaScript downloaders?  We're spotting quite a few
on our http filters too.  I can't help but think that without the exe
file many more would be getting through (before the scanners got a
signature for the JS code).  Am I correct in thinking that the dangerous
html checks are only applied to inline html parts?  Is it time to think
about also disarming html attachments?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From JFalgout at CO.JEFFERSON.CO.US  Mon Aug  9 22:32:23 2004
From: JFalgout at CO.JEFFERSON.CO.US (Jeff Falgout)
Date: Thu Jan 12 21:26:31 2006
Subject: Vispan reports 1 as a virus
Message-ID: <mailman.509.1137101191.24926.mailscanner@lists.mailscanner.info>

I've just upgraded to Vispan 1.4, had been running 1.3 for a while.
I've noticed for some time that it reports a "1" as a virus and
keeps count (I've been too lazy to do anything about it til now).

For example:

Virus   Count
...W32/Sobig-F  34,981
...W32/MyDoom-A 27,850
...W32/Netsky-D 15,543
...W32/MyDoom-A W32/MyDoom-A    15,289
...W32/Netsky-P 9,074
...1    7,242
...W32/Netsky-C 6,030
...W32/Netsky-P W32/Netsky-P    4,075
...W32/Gibe-F   3,647


I removed the 1 line from the count and it comes back.
I'm using sophossavi 0.15 if that matters.

Anyone else noticed this?

Jeff

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From alex at nkpanama.com  Mon Aug  9 23:23:25 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:31 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.510.1137101191.24926.mailscanner@lists.mailscanner.info>

I would advise against pop-before-smtp and would recommend you use AUTH,
always - even on internal networks. You have accountability issues without
AUTH.

That and SSL.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Miguel Koren
Sent: Monday, August 09, 2004 2:26 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [OT] Sendmail open relay problem

I have been running along with Mail Scanner just fine for a long, long
time and thought I had all my defenses in place. Over the weekend however
one of my servers seems to have been 'discovered' by a spamming operation
or a virus infected machine and I ended up with 75,000 files in the mqueue
directory this morning.

I use Sednmail 8.12.8 on Red Hat 9 in this case.

What I did is shut down Mail Scanner and Sendmail and deleted all those
files. It's possible that some were geunine emails but if so, very, very
few.

My understanding of Sendmail is that a relay is closed if the
/etc/mail/access file is ok. Here is what I have:

localhost.localdomain   RELAY
localhost               RELAY
127.0.0.1               RELAY

# internal
10.10.10.0              RELAY


I also have this in /etc/mail/relay-domains:

# internal
10.10.10.

# localhost
127.0.0.1
localhost
localhost.localdomain

I also run pop-before-smtp for our roaming users and I can't stop
using it short term. Perhaps some of the IPs I see in the pop-before-smtp
log are that particular spammer IP.

I don't think Red Hat 9 has any default users that can log in to email
with
default passwords. If anybody is intereseted, this
http://popbsmtp.sourceforge.net/ is a good system assuming it did not
cause
the problems. This system requires a change in
/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
before sending emails. This is the change that I made a long time ago:

Kpopauth hash -a<OK> /etc/mail/popauth

SLocal_check_rcpt
R$*             $: $(popauth $&{client_addr} $: <?> $)
R<?>            $@ NoPopAuth
R$*<OK>         $# OK
......

then I have all the rest of the normal file.

My theory is that there may be an infected machine logging in to pop and
then sending emails or a deliberate attempt to use pop with default users
gets the same result.

Summarizing:
a) are there any errors in access and relay-domains?
b) are there any known default users in Red Hat 9 that can access pop?
c) Would this sendmail.cf somehow mess up the relay checking (apart from
checking the database first)?

Miguel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Mon Aug  9 23:24:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.511.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:29 09/08/2004, you wrote:
>Am I correct in thinking that the dangerous
>html checks are only applied to inline html parts?

Correct.

>   Is it time to think
>about also disarming html attachments?

I really don't want to start affecting HTML attachments that aren't
identified by virus scanners. Otherwise it rapidly becomes impossible for
people developing web pages to communicate by email at all. No scripts or
forms in any web pages transmitted by email at all? Gets kinda hard for 2
people to work on a shopping cart site with restrictions like that in place.

I feel I need to balance the danger with the risk of removing email as a
communication medium. I want to make it safer for people to communicate by
email, not impossible.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Aug 10 00:41:32 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:31 2006
Subject: Vispan reports 1 as a virus
Message-ID: <mailman.512.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jeff Falgout wrote:
> I've just upgraded to Vispan 1.4, had been running 1.3 for a while.
> I've noticed for some time that it reports a "1" as a virus and
> keeps count (I've been too lazy to do anything about it til now).
>
> For example:
>
> Virus   Count
> ...W32/Sobig-F  34,981
> ...W32/MyDoom-A 27,850
> ...W32/Netsky-D 15,543
> ...W32/MyDoom-A W32/MyDoom-A    15,289
> ...W32/Netsky-P 9,074
> ...1    7,242
> ...W32/Netsky-C 6,030
> ...W32/Netsky-P W32/Netsky-P    4,075
> ...W32/Gibe-F   3,647
>
>
> I removed the 1 line from the count and it comes back.
> I'm using sophossavi 0.15 if that matters.
>
> Anyone else noticed this?
>
You should probably post this to the Vispan web forums, the author
usually answers quickly.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mlm at LOANPROCESSING.NET  Tue Aug 10 01:22:04 2004
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.513.1137101191.24926.mailscanner@lists.mailscanner.info>

> I feel I need to balance the danger with the risk of removing email as a
> communication medium. I want to make it safer for people to communicate by
> email, not impossible.
> --
> Julian Field

I second that emotion...

As someone who develops web apps that uses html in email to update customers
on status of work we are doing for them, it is becoming harder and harder to
provide innovative techniques to do this.

I spend more time testing to see what will get through to the largest number of
customers over the widest range of ISPs than I do trying to create easy to
use ways to track their work.

Mike

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From res at AUSICS.NET  Tue Aug 10 04:35:49 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.514.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

Any plans to introduce SPF record checking?


--
Regards,
Res

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mike at CAMAROSS.NET  Tue Aug 10 04:50:12 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.515.1137101191.24926.mailscanner@lists.mailscanner.info>

SA3.x already supports it

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Res
> Sent: Monday, August 09, 2004 10:36 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SPF
>
> Julian,
>
> Any plans to introduce SPF record checking?
>
>
> --
> Regards,
> Res
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From victor at PIXELMAGICFX.COM  Tue Aug 10 07:14:19 2004
From: victor at PIXELMAGICFX.COM (Victor DiMichina)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.516.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

>
> Anyone running a recent version, banning .exe files even within .zip
> files
> will be stopping this virus anyway.
> I am now catching messages containing this virus for 8 different reasons:


  Report: F-Secure: ./358/price.exe: Infected: I-Worm.Bagle.al [AVP]
            MailScanner: Executable DOS/Windows programs are dangerous in email (price.exe)
    Report: F-Secure: [./358/price_08.zip] price.html: Infected: Exploit.CodeBaseExec [AVP]
            F-Secure: [./358/price_08.zip] price/price.exe: Infected: I-Worm.Bagle.al [AVP]
            F-Secure: ./358/price.exe: Infected: I-Worm.Bagle.al [AVP]
            MailScanner: Executable DOS/Windows programs are dangerous in email (price.exe)
            F-Secure: ./358/price.html: Infected: Exploit.CodeBaseExec [AVP]
    Report: F-Secure: ./358/price.html: Infected: Exploit.CodeBaseExec [AVP]


Not to be outdone,  F-secure has some reasons of its own!   (via
MailScanner,  of course)    ;)

Just upgraded to 4.32-5,  but that response was from the old 4.28-6

Vic

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Andrew.Forkes at familiar.co.uk  Tue Aug 10 09:01:15 2004
From: Andrew.Forkes at familiar.co.uk (Andrew D. Forkes)
Date: Thu Jan 12 21:26:31 2006
Subject: syntax error @ ParamVal.pm line 65
Message-ID: <mailman.517.1137101191.24926.mailscanner@lists.mailscanner.info>

I've installed mailscanner-4.32.5-1 on my RaQ4 (RedHat linux).  I've been
following the install instructions http://www.qitc.net/support/mailscanner/.
When I come to start up MailScanner, I get the following error reported:

[root /]# /etc/rc.d/init.d/MailScanner start
Starting MailScanner daemons:
         incoming sendmail: ok
         outgoing sendmail: ok
         MailScanner:       syntax error at
/usr/lib/perl5/site_perl/5.005/MIME/Field/ParamVal.pm line 65, near "require
v5.6"
BEGIN not safe after errors--compilation aborted at
/usr/lib/perl5/site_perl/5.005/MIME/Field/ParamVal.pm line 68.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.005/MIME/Head.pm line 124.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.005/MIME/Parser.pm line 144.
BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 51.
ok
[root /]#

Any ideas?

Best regards,
Andrew

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 10 11:20:12 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.518.1137101191.24926.mailscanner@lists.mailscanner.info>

On Monday, August 09, 2004 11:17 PM MailScanner mailing list wrote:

> I am now catching messages containing this virus for 8 different
> reasons: 

I can beat that:

F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected: I-Worm.Bagle.al [AVP] 
McAfee: /1BuJoS-000BHj-Ex/price.exe Found the W32/Bagle.dll.dr trojan
!!!
ClamAV: price.exe contains Worm.Bagle.AI 
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price.exe
<<< Contains signature of the worm Worm/Bagle.AQ.drp
MailScanner: Executable DOS/Windows programs are dangerous in email
(price.exe) No programs allowed (price.exe)

F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price.html: Infected:
Exploit.CodeBaseExec [AVP] 
F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price/price.exe: Infected:
I-Worm.Bagle.al [AVP]
McAfee: /1BuJoS-000BHj-Ex/price_08.zip Found the W32/Bagle.aq!zip virus
!!!
ClamAV: price_08.zip contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price_08.zip
--> price.html <<< The Trojan horse TR/RunMe.Dldr.1
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price_08.zip
--> price/price.exe <<< Contains signature of the worm Worm/Bagle.AQ.drp
F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected: I-Worm.Bagle.al [AVP]
McAfee: /1BuJoS-000BHj-Ex/price.exe Found the W32/Bagle.dll.dr trojan
!!!
ClamAV: price.exe contains Worm.Bagle.AI 
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price.exe
<<< Contains signature of the worm Worm/Bagle.AQ.drp
MailScanner: Executable DOS/Windows programs are dangerous in email
(price.exe)
No programs allowed (price.exe)
F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected: Exploit.CodeBaseExec
[AVP]
McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the JS/IllWill
trojan !!!
ClamAV: price.html contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price.html
<<< The Trojan horse TR/RunMe.Dldr.1
F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected: Exploit.CodeBaseExec
[AVP] 
McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the JS/IllWill
trojan !!!
ClamAV: price.html contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price.html
<<< The Trojan horse TR/RunMe.Dldr.1


All from one mail... Some seem to discover this as Bagle.al others as
Bagle.AQ (which seems to be the correct name).

Kind regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From prandal at HEREFORDSHIRE.GOV.UK  Tue Aug 10 11:27:07 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.519.1137101191.24926.mailscanner@lists.mailscanner.info>

You left off Bitdefender! ;-)

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann
> Sent: 10 August 2004 11:20
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Price zip?
>
> On Monday, August 09, 2004 11:17 PM MailScanner mailing list wrote:
>
> > I am now catching messages containing this virus for 8 different
> > reasons:
>
> I can beat that:
>
> F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected:
> I-Worm.Bagle.al [AVP]
> McAfee: /1BuJoS-000BHj-Ex/price.exe Found the
> W32/Bagle.dll.dr trojan !!!
> ClamAV: price.exe contains Worm.Bagle.AI
> AntiVir: ALERT: [Worm/Bagle.AQ.drp worm]
> ./1BuJoS-000BHj-Ex/price.exe <<< Contains signature of the
> worm Worm/Bagle.AQ.drp
> MailScanner: Executable DOS/Windows programs are dangerous in email
> (price.exe) No programs allowed (price.exe)
>
> F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price.html: Infected:
> Exploit.CodeBaseExec [AVP]
> F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price/price.exe: Infected:
> I-Worm.Bagle.al [AVP]
> McAfee: /1BuJoS-000BHj-Ex/price_08.zip Found the
> W32/Bagle.aq!zip virus !!!
> ClamAV: price_08.zip contains Trojan.JS.RunMe
> AntiVir: ALERT: [TR/RunMe.Dldr.1 virus]
> ./1BuJoS-000BHj-Ex/price_08.zip
> --> price.html <<< The Trojan horse TR/RunMe.Dldr.1
> AntiVir: ALERT: [Worm/Bagle.AQ.drp worm]
> ./1BuJoS-000BHj-Ex/price_08.zip
> --> price/price.exe <<< Contains signature of the worm
> Worm/Bagle.AQ.drp
> F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected:
> I-Worm.Bagle.al [AVP]
> McAfee: /1BuJoS-000BHj-Ex/price.exe Found the
> W32/Bagle.dll.dr trojan !!!
> ClamAV: price.exe contains Worm.Bagle.AI
> AntiVir: ALERT: [Worm/Bagle.AQ.drp worm]
> ./1BuJoS-000BHj-Ex/price.exe <<< Contains signature of the
> worm Worm/Bagle.AQ.drp
> MailScanner: Executable DOS/Windows programs are dangerous in email
> (price.exe)
> No programs allowed (price.exe)
> F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected:
> Exploit.CodeBaseExec [AVP]
> McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the
> JS/IllWill trojan !!!
> ClamAV: price.html contains Trojan.JS.RunMe
> AntiVir: ALERT: [TR/RunMe.Dldr.1 virus]
> ./1BuJoS-000BHj-Ex/price.html <<< The Trojan horse TR/RunMe.Dldr.1
> F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected:
> Exploit.CodeBaseExec [AVP]
> McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the
> JS/IllWill trojan !!!
> ClamAV: price.html contains Trojan.JS.RunMe
> AntiVir: ALERT: [TR/RunMe.Dldr.1 virus]
> ./1BuJoS-000BHj-Ex/price.html <<< The Trojan horse TR/RunMe.Dldr.1
>
>
> All from one mail... Some seem to discover this as Bagle.al
> others as Bagle.AQ (which seems to be the correct name).
>
> Kind regards,
>   JP
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 10 11:50:30 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:31 2006
Subject: Price zip?
Message-ID: <mailman.520.1137101191.24926.mailscanner@lists.mailscanner.info>

> You left off Bitdefender! ;-)

I know. I am desperatly awaiting their FreeBSD version! :-)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug 10 13:48:11 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:31 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.521.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Miguel Koren O'Brien de Lacy wrote:
> James;
>
> What they had in common is that they said they were coming from my ip as
> the relay. They were not from a null sender though and there was
> variety, which made me think of a virus infected machine having gained
> pop access.
>
> I use Openwebmail on this server. Would it be a valid theory that some
> program in that package gets used to spam?
>
Did you check Openwebmail's web site for security advisory.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From quinting at HSD.CA  Tue Aug 10 14:00:40 2004
From: quinting at HSD.CA (Quintin Giesbrecht)
Date: Thu Jan 12 21:26:31 2006
Subject: Disable Autolearn
Message-ID: <mailman.522.1137101191.24926.mailscanner@lists.mailscanner.info>

How do I disable the autolearn feature?  Or maybe someone can enlighten
me as to how it works.  I have some spam that is slipping through that
is tagged as autolearn = not spam, but it is spam.  Thanks.


Quintin Giesbrecht
IT Professional
Hanover School Division

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From jamesd at JML.NET  Tue Aug 10 14:04:54 2004
From: jamesd at JML.NET (James Davis)
Date: Thu Jan 12 21:26:31 2006
Subject: Anti-virus Performance
Message-ID: <mailman.523.1137101191.24926.mailscanner@lists.mailscanner.info>

I'm looking to perform a MailScanner installation for a large customer of
ours. My manager is curious as to the performance of the Anti-virus
components of MailScanner due to some issues we've been having with a
particular combination of e-mail security product and command line
anti-virus scanner. In particular it was only able to launch one command
line scanner at a time, which was only scanning one attachment at a time
resulting in a low throughput.

I've read the Operation section of the readme.html on the MailScanner
website, but I'm still unsure as to how many AV processes MailScanner will
use and how.

Does anyone have any figures on how the use of AV scanners with
MailScanner effects performance?

Thanks,

James

--
"You're turning into a penguin. Stop it"
http://jamesd.ukgeeks.co.uk/

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug 10 14:43:33 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:31 2006
Subject: Disable Autolearn
Message-ID: <mailman.524.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Quintin Giesbrecht wrote:

> How do I disable the autolearn feature?  Or maybe someone can enlighten
> me as to how it works.  I have some spam that is slipping through that
> is tagged as autolearn = not spam, but it is spam.  Thanks.

It must score enough to be considered as spam to be "autolearned" as spam.

See the Most Asked Questions page (url below) for optimization tips.

>
>
> Quintin Giesbrecht
> IT Professional
> Hanover School Division
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 10 14:51:01 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:31 2006
Subject: Anti-virus Performance
Message-ID: <mailman.525.1137101191.24926.mailscanner@lists.mailscanner.info>

Hi James,

> Does anyone have any figures on how the use of AV scanners
> with MailScanner effects performance?

please search the archives. You will easily find quite some people
reporting their hardware/os configuration together with throughput
figures. In short (and Julian will probably correct me): MailScanner
scans the mails in batches. You can define how many MailScanner
instances you wish and how big the batches are supposed to be. Therefore
there is no simple answer to your question.

MailScanner will however NOT call the command-line scanners for every
attachment of every mail. 


Kind regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From res at AUSICS.NET  Tue Aug 10 14:57:19 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.526.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike,

On Mon, 9 Aug 2004, Mike Kercher wrote:

> SA3.x already supports it

Problem is SA slows our server dow to a wet weak, we dont use MailScanner
to do RBL's (simple because we have a customized mc file for sendmail that
includes it, amongst doing rfc1912 checks etc, or spam checks with SA, but
would consider using the SPF option, SA is just too damned slow on these
servers, that cop a thrashing.


>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Res
>> Sent: Monday, August 09, 2004 10:36 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: SPF
>>
>> Julian,
>>
>> Any plans to introduce SPF record checking?
>>
>>
>> --
>> Regards,
>> Res
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

--
Regards,
Res

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kte at NEXIS.BE  Tue Aug 10 15:02:39 2004
From: kte at NEXIS.BE (Koen Teugels)
Date: Thu Jan 12 21:26:31 2006
Subject: SpamAssassin 2.64  + MCP chacks
Message-ID: <mailman.527.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Does the MCP check patch works with the new version of SA.
Do you need to reïnstall the 2.63 patch?
thanks Koen

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From kte at NEXIS.BE  Tue Aug 10 15:04:42 2004
From: kte at NEXIS.BE (Koen Teugels)
Date: Thu Jan 12 21:26:31 2006
Subject: Dspam
Message-ID: <mailman.528.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Is ther a way to combine the package of mailscanner witch dspam
(http://www.nuclearelephant.com/projects/dspam/)
thanks Koen

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From miguelk at KONSULTEX.COM.BR  Tue Aug 10 15:20:37 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:26:31 2006
Subject: [OT] Sendmail open relay problem
Message-ID: <mailman.529.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ugo;

Security Space gives good (meaning relatively good timing) email
warnings about Open WebMail. The last problem I had heard about, I
believe related to cross site scripting, was several months ago and I
upgraded our installation. I went in to check the Open WebMail site now
and there seems to be no new problem appart from normal bugs.

I would like to thank everybody for the time and ideas. I still don't
know what happened but with some tweaks I made I hope it doesn't happen
again. My suspect is pop-before-smtp which I hope to replace as soon as
possible.

Miguel

Ugo Bellavance wrote:

> Miguel Koren O'Brien de Lacy wrote:
>
>> James;
>>
>> What they had in common is that they said they were coming from my ip as
>> the relay. They were not from a null sender though and there was
>> variety, which made me think of a virus infected machine having gained
>> pop access.
>>
>> I use Openwebmail on this server. Would it be a valid theory that some
>> program in that package gets used to spam?
>>
> Did you check Openwebmail's web site for security advisory.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dh at UPTIME.AT  Tue Aug 10 15:23:10 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:31 2006
Subject: Dspam
Message-ID: <mailman.530.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Koen Teugels wrote:

| Is ther a way to combine the package of mailscanner witch dspam
| (http://www.nuclearelephant.com/projects/dspam/)
| thanks Koen
|
I am sure you could do this via a CustomFunction.

- -d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBGNpNPMoaMn4kKR4RAxcxAJsH+Dh5ZeuJebUhRuWbMaN1iZUlAACdG9Qx
FVLbSFMjNi4FJ6GGam+QMDA=
=Z3XA
-----END PGP SIGNATURE-----

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From joshua.hirsh at PARTNERSOLUTIONS.CA  Tue Aug 10 15:25:53 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.531.1137101191.24926.mailscanner@lists.mailscanner.info>

 I don't see a real reason for Julian to implement SPF in MailScanner
directly, since it's already supported in SA and on the MTA level (for a
good majority of MTA's, atleast). If you don't want to run it from SA (when
verison 3 comes out), try one of these links:

 http://www.libspf.org/ or http://www.libspf2.org/


 I'm sure there are other patches for the MTA's too..



-Joshua

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 10 15:25:55 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.532.1137101191.24926.mailscanner@lists.mailscanner.info>

> the SPF option, SA is just too damned slow on these servers, that cop
> a thrashing. 

What is your throughput? I know SA is a performance drag but usually
people (even big ISPs) can live with its performance. Moreover SA3 is
supposed to be a lot faster.

Do the SPF checks at MTA level. If you don't, how do you MailScanner (or
anything else) expect to treat SPF? SpamAssassin assigns scores to it if
you choose but since you are not using SpamAssassin you are probably
faced with either blocking SPF-failures at MTA level or not achieving
anything at all. Are you not?

Regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 15:31:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: SpamAssassin 2.64  + MCP chacks
Message-ID: <mailman.533.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:02 10/08/2004, you wrote:
>Does the MCP check patch works with the new version of SA.
>Do you need to reïnstall the 2.63 patch?

You will need to re-install the patch, as the patched file will have been 
overwritten in the SA upgrade.

Give me a shout if you have trouble applying the 2.63 patch against 2.64.
-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From dfilchak at sympatico.ca  Tue Aug 10 15:54:03 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:31 2006
Subject: problems installing
Message-ID: <mailman.534.1137101191.24926.mailscanner@lists.mailscanner.info>

Hello to all,

I am new to this list and to mailscanner. Pleasure to be here ;-)

I am trying to install a MailScanner/SpamAssassin/ClamAV set up on my
secondary mail server. I am doing this on my secondary because I do not
currently have a test server I can do this on and thought it best to do it
here rather than on the main server first.

I am having trouble with the install of MailScanner. I have read the manual.
I have changed the language settings under root to export LANG=C. (This is a
RedHat ES3/Perl 5.80 system). When I run the install.sh script, most things
go well but near the end I start to get errors that seem to be about missing
archives or perl modules. To follow is an example: (please forgive the
length but thought it important to give you context)

In file included from /usr/include/bits/posix1_lim.h:130,
from /usr/include/limits.h:144,
from /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/include/limits.h:132,
from /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/include/syslimits.h:7,
from /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/include/limits.h:11,
from /usr/include/sys/param.h:22,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:437,
from Zlib.xs:22:
/usr/include/bits/local_lim.h:36:26: linux/limits.h: No such file or
directory In file included from
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:437,
from Zlib.xs:22:
/usr/include/sys/param.h:23:26: linux/limits.h: No such file or directory
/usr/include/sys/param.h:24:25: linux/param.h: No such file or directory In
file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:612,
from Zlib.xs:22:
/usr/include/bits/socket.h:305:24: asm/socket.h: No such file or directory
In file included from /usr/include/errno.h:36,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:669,
from Zlib.xs:22:
/usr/include/bits/errno.h:25:26: linux/errno.h: No such file or directory In
file included from /usr/include/sys/ioctl.h:27,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:805,
from Zlib.xs:22:
/usr/include/bits/ioctls.h:24:24: asm/ioctls.h: No such file or directory In
file included from /usr/include/sys/ioctl.h:30,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:805,
from Zlib.xs:22:
/usr/include/bits/ioctl-types.h:25:24: asm/ioctls.h: No such file or
directory In file included from /usr/include/signal.h:326,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/unixish.h:106,
from /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/perl.h:1932,
from Zlib.xs:22:
/usr/include/bits/sigcontext.h:28:29: asm/sigcontext.h: No such file or
directory
make: *** [Zlib.o] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.5967 (%build)

RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.5967 (%build)

/testex............dubious

Test returned status 2 (wstat 512, 0x200) t/testMemberRead....Can't locate
Compress/Zlib.pm in @INC (@INC contains:
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/arch
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

BEGIN failed--compilation aborted at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

Compilation failed in require at t/testMemberRead.t line 10.

BEGIN failed--compilation aborted at t/testMemberRead.t line 10.

t/testMemberRead....dubious

Test returned status 2 (wstat 512, 0x200) t/testTree..........Can't locate
Compress/Zlib.pm in @INC (@INC contains:
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/arch
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

BEGIN failed--compilation aborted at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

Compilation failed in require at t/testTree.t line 11.

BEGIN failed--compilation aborted at t/testTree.t line 11.

t/testTree..........dubious

Test returned status 2 (wstat 512, 0x200) t/testUpdate........Can't locate
Compress/Zlib.pm in @INC (@INC contains:
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/arch
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

BEGIN failed--compilation aborted at
/usr/src/redhat/BUILD/Archive-Zip-1.12/blib/lib/Archive/Zip.pm line 24.

Compilation failed in require at t/testUpdate.t line 11.

BEGIN failed--compilation aborted at t/testUpdate.t line 11.

t/testUpdate........dubious

Test returned status 2 (wstat 512, 0x200)

FAILED--5 test scripts could be run, alas--no output ever seen

make: *** [test_dynamic] Error 2

error: Bad exit status from /var/tmp/rpm-tmp.35762 (%build)

RPM build errors:

Bad exit status from /var/tmp/rpm-tmp.35762 (%build)

Missing file /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.12-1.noarch.rpm.

Maybe it did not build correctly?


When I then try to start MailScanner, here is what I get:

        Starting MailScanner daemons:
         incoming sendmail: [  OK  ]
         outgoing sendmail: [  OK  ]
         MailScanner:       Can't locate Archive/Zip.pm in @INC (@INC
contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line
46.
BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/Message.pm line 46.
Compilation failed in require at /usr/sbin/MailScanner line 52.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
[  OK  ]

The message log has the following in it: Aug 10 10:48:01 ebony MailScanner:
succeeded
Which seems to indicate that MailScanner is running although I can see no
processes for it. I am not really sure if there is supposed to be one
though.

My feeling is that this is obviously not right and was hoping someone might
have some insight on this.

TIA

Dave

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 16:30:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: problems installing
Message-ID: <mailman.535.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Try installing Compress::Zlib by hand or by using CPAN

perl -MCPAN -e shell
install Compress::Zlib

then run the install.sh again. You need the Zlib installation to succeed,
or else it won't work.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mike at CAMAROSS.NET  Tue Aug 10 16:34:24 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:31 2006
Subject: Disable Autolearn
Message-ID: <mailman.536.1137101191.24926.mailscanner@lists.mailscanner.info>

Further, I'd suggest using an AV engine that has a perl module to work with
(e.g. SophosSAVI, ClamAVmodule).  How large is large?  How many emails per
day?

Mike


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
> Sent: Tuesday, August 10, 2004 8:44 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Disable Autolearn
>
> Quintin Giesbrecht wrote:
>
> > How do I disable the autolearn feature?  Or maybe someone can
> > enlighten me as to how it works.  I have some spam that is slipping
> > through that is tagged as autolearn = not spam, but it is
> spam.  Thanks.
>
> It must score enough to be considered as spam to be
> "autolearned" as spam.
>
> See the Most Asked Questions page (url below) for optimization tips.
>
> >
> >
> > Quintin Giesbrecht
> > IT Professional
> > Hanover School Division
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug 10 16:39:44 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:31 2006
Subject: ading mail-list id  in blacklist ??
Message-ID: <mailman.537.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
SatyaDev Sharma wrote:

> Hello, I have subscribed a mail list, now I don't want to deliver in my
> inbox, (I unsubscribed but still getting mails)

The first thing to do is to contact the list's manager and tell them
about your problem.  Using a blacklist for that is t hideous kludge.

>
> How I can use "blacklist" feature for this ?? what I make blacklisted ?
> (becoz from-id is mostly member's email id).
>
> -Satya
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
> <mailto:jiscmail@jiscmail.ac.uk>
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dfilchak at sympatico.ca  Tue Aug 10 16:43:43 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:31 2006
Subject: problems installing
Message-ID: <mailman.538.1137101191.24926.mailscanner@lists.mailscanner.info>

I have just tried installing this with CPAN and for whatever reason, it is
still failing. One hint might be that when I start the CPAN shell, I get the
following:

        Undefined value assigned to typeglob at (eval 14) line 15, <RC> line
11.
Warning [/etc/inputrc line 11]:
  Invalid variable `mark-symlinked-directories'

cpan shell -- CPAN exploration and modules installation (v1.76)
ReadLine support enabled

Can't ioctl TIOCGETP: Invalid argument
Consider installing Term::ReadKey from CPAN site nearby
        at http://www.perl.com/CPAN
Or use
        perl -MCPAN -e shell
to reach CPAN. Falling back to 'stty'.
        If you do not want to see this warning, set PERL_READLINE_NOWARN
in your environment.

When I try to install Term::ReadKey, amongst other things which appear to be
OK, I get:

        /usr/include/bits/sigcontext.h:28:29: asm/sigcontext.h: No such file
or directory
make: *** [ReadKey.o] Error 1
  /usr/bin/make -j3 -- NOT OK
Running make test
  Can't test without successful make
Running make install
  make had returned bad status, install seems impossible


It seems I have a lot of 'no such file or directory errors'

Have you seen this before and have any hints for me?

TIA

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, August 10, 2004 11:31 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: problems installing

Try installing Compress::Zlib by hand or by using CPAN

perl -MCPAN -e shell
install Compress::Zlib

then run the install.sh again. You need the Zlib installation to succeed, or
else it won't work.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From tony.johansson at SVENSKAKYRKAN.SE  Tue Aug 10 17:25:46 2004
From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson)
Date: Thu Jan 12 21:26:31 2006
Subject: HTML strip <!--
Message-ID: <mailman.539.1137101191.24926.mailscanner@lists.mailscanner.info>

On Wed, 4 Aug 2004 09:56:00 +0200, Remco Barendse <mailscanner@BARENDSE.TO>
wrote:
>The 'cleaned' e-mails still arent very clean, they still show a load of
>garbage like :
>
><!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11
>6 4 3 5 4 4 2 4; mso-font-charset:0;
>mso-generic-font-family:swiss; mso-font-pitch:variable;
>mso-font-signature:1627421319 -2147483648 8 0 66047 0;} @font-face

I have the same problem still. Can anyone verify that the proposed fix
solved the problem for them?


Regards, Tony

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From webmaster at EW3D.COM  Tue Aug 10 18:04:17 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.540.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
One of the beauties of SPF as I 'sort of' understand it, is the DNS
record is checked first and only if it passes is the server opened to
receive that email (seems like MailScanner is the front line and that
would be the place to do this?). I'm not sure about exactly what happens
and when, with MailScanner, but I would like to know that the first
check made is at the DNS level and only then receive the email and put
it through whatever paces are in place, AV, AS and so forth. This would
be a huge reduction in server loads. Why do all that processing if only
then at the MTA level, does the email get rejected (server refuses to
download it)?

Would this be the case with the current MailScanner? I am running RHEL
and sendmail. I will be adding the SPF sendmail patch at an appropriate
time.

Best,
John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From sobral at TECGRAF.PUC-RIO.BR  Tue Aug 10 18:10:25 2004
From: sobral at TECGRAF.PUC-RIO.BR (Fabio Alberto Sobral)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.541.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

   How can I unsbscribe the mailscanner list?

Regards,

Fabio Sobral

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From kevins at BMRB.CO.UK  Tue Aug 10 18:14:31 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.542.1137101191.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-10 at 18:10, Fabio Alberto Sobral wrote:
>    How can I unsbscribe the mailscanner list?
By reading the footer attached to every list email.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cparker at SWATGEAR.COM  Tue Aug 10 18:15:06 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.543.1137101191.24926.mailscanner@lists.mailscanner.info>

Fabio Alberto Sobral <mailto:sobral@TECGRAF.PUC-RIO.BR>
    on Tuesday, August 10, 2004 10:10 AM said:

>    How can I unsbscribe the mailscanner list?

                    |
                    |
                    |
                   \ /
                    '
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk


chris.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 10 18:15:42 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.544.1137101191.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Hi,
>
>    How can I unsbscribe the mailscanner list?
>
> Regards,
>
> Fabio Sobral
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk

See above ^^^

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 18:19:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.545.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:04 10/08/2004, you wrote:
>One of the beauties of SPF as I 'sort of' understand it, is the DNS
>record is checked first and only if it passes is the server opened to
>receive that email (seems like MailScanner is the front line and that
>would be the place to do this?). I'm not sure about exactly what happens
>and when, with MailScanner, but I would like to know that the first
>check made is at the DNS level and only then receive the email and put
>it through whatever paces are in place, AV, AS and so forth. This would
>be a huge reduction in server loads. Why do all that processing if only
>then at the MTA level, does the email get rejected (server refuses to
>download it)?
>
>Would this be the case with the current MailScanner? I am running RHEL
>and sendmail. I will be adding the SPF sendmail patch at an appropriate
>time.

 From your description above, you want to do your SPF checks at the MTA
level, so use sendmail to do it, not MailScanner.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From alex at nkpanama.com  Tue Aug 10 18:20:12 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:31 2006
Subject: OT: RE: SPF
Message-ID: <mailman.546.1137101191.24926.mailscanner@lists.mailscanner.info>

What does it do about SPF exactly?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Mike Kercher
Sent: Monday, August 09, 2004 10:50 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SPF

SA3.x already supports it

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Res
> Sent: Monday, August 09, 2004 10:36 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SPF
>
> Julian,
>
> Any plans to introduce SPF record checking?
>
>
> --
> Regards,
> Res
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From sevans at FOUNDATION.SDSU.EDU  Tue Aug 10 18:21:37 2004
From: sevans at FOUNDATION.SDSU.EDU (Steve Evans)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.547.1137101191.24926.mailscanner@lists.mailscanner.info>

You got it backwards.  If you have Sendmail doing SPF it would drop the
mail before it get's to MailScanner. 


Steve Evans
SDSU Foundation
 
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of John Hinton
Sent: Tuesday, August 10, 2004 10:04 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SPF

One of the beauties of SPF as I 'sort of' understand it, is the DNS
record is checked first and only if it passes is the server opened to
receive that email (seems like MailScanner is the front line and that
would be the place to do this?). I'm not sure about exactly what happens
and when, with MailScanner, but I would like to know that the first
check made is at the DNS level and only then receive the email and put
it through whatever paces are in place, AV, AS and so forth. This would
be a huge reduction in server loads. Why do all that processing if only
then at the MTA level, does the email get rejected (server refuses to
download it)?

Would this be the case with the current MailScanner? I am running RHEL
and sendmail. I will be adding the SPF sendmail patch at an appropriate
time.

Best,
John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From brian.peterson at MAC.COM  Tue Aug 10 18:30:59 2004
From: brian.peterson at MAC.COM (Brian Peterson)
Date: Thu Jan 12 21:26:31 2006
Subject: RunAsUser postfix issue
Message-ID: <mailman.548.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm having problems starting MailScanner when setting the Run As User
to postfix.

server:/opt/MailScanner/bin root# ./check_mailscanner
Starting MailScanner...
Bad arg length for Socket::pack_sockaddr_in, length is 0, should be 4
at /System/Library/Perl/5.8.1/darwin-thread-multi-2level/Socket.pm line
373.

Anyone have any idea how to debug where this error might be coming
from?  I suspect it's several modules deep as there don't appear to be
any direct calls to pack_sockaddr_in.

If I define the Run As User as root, MailScanner starts properly but
obviously there are issues with the saving files to the outgoing
postifix spool.

server:/opt/MailScanner/bin root# ./MailScanner -V
This is Perl version 5.008001
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime


thanks
Brian Peterson

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From William.Burns at AEROFLEX.COM  Tue Aug 10 18:42:10 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.549.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John:

SPF in your MTA blocks mail from IPs that don't belong to a senders
domain. (if SPF is configured for that domain)
Once mail is accepted, having SPF in your anti-spam system provides a
higher confidence that mail from a senders domain is not spam. (again,
if SPF is configured for that domain)
MailScanner is kinda' in-between these two things. The only reason to do
SPF in MailScanner is if it is not supported in your MTA.

The MTA (Sendmail) is the first line of defense.
If you've got SPF there, then mail won't be accepted in the first place,
so MailScanner will never see it to do any processing.

If SPF is not done in the MTA, but done in MailScanner (or in Spam
Assassin) then there's a chance for MailScanner to archive the mail
based on "failing" SPF.

It seems to me, that if SPF is configured for a certain domain, you
should trust it completely, because the senders domain is trusting their
mail services to SPF.
For that reason, you should (at least) implement SPF in the MTA. Having
Mailscanner archive mail that fails SPF is not helpful 'cause you
already know that this mail is garbage.
The only reason to avoid using SPF in the MTA is if you do not trust the
admins of the sending domains to configure SPF properly. But that seems
kinda' paranoid to me.

If you're already doing SPF in the MTA, it's still useful to do SPF in
Spam Assassin 'cause Spam Assassin would know that it was less likely to
find spam coming from domains that had SPF configured.

Does that make sense?

-Bill


John Hinton wrote:

> One of the beauties of SPF as I 'sort of' understand it, is the DNS
> record is checked first and only if it passes is the server opened to
> receive that email (seems like MailScanner is the front line and that
> would be the place to do this?). I'm not sure about exactly what happens
> and when, with MailScanner, but I would like to know that the first
> check made is at the DNS level and only then receive the email and put
> it through whatever paces are in place, AV, AS and so forth. This would
> be a huge reduction in server loads. Why do all that processing if only
> then at the MTA level, does the email get rejected (server refuses to
> download it)?
>
> Would this be the case with the current MailScanner? I am running RHEL
> and sendmail. I will be adding the SPF sendmail patch at an appropriate
> time.
>
> Best,
> John Hinton
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From campbell at cnpapers.com  Tue Aug 10 18:46:48 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.550.1137101191.24926.mailscanner@lists.mailscanner.info>

Ok, that finally made sense to me what that was saying.

How about modifying that to something like:

To unsubscribe send "leave mailscanner" to jiscmail@jiscmail.ac.uk

I apologize for being critical, but I really never understood what that was
saying.
I'm pretty slow most of the time, please be nice

Steve Campbell

----- Original Message -----
From: "Michele Neylon :: Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, August 10, 2004 1:15 PM
Subject: Re: Unsubscribe


> MailScanner mailing list wrote:
> > Hi,
> >
> >    How can I unsbscribe the mailscanner list?
> >
> > Regards,
> >
> > Fabio Sobral
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>
> See above ^^^
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Andrew.Forkes at familiar.co.uk  Tue Aug 10 18:54:19 2004
From: Andrew.Forkes at familiar.co.uk (Andrew D. Forkes)
Date: Thu Jan 12 21:26:31 2006
Subject: syntax error @ ParamVal.pm line 65
Message-ID: <mailman.551.1137101191.24926.mailscanner@lists.mailscanner.info>

Would anyone out there with a working copy of MailScanner installed and
working under Linux (RedHat would be cool) and with perl version 5.005_03
(or close), please send me the output from: "./MailScanner -V" so I could
check my packages/versions ?

Many many thanks for any help.

Best,
Andrew

>
> I've installed mailscanner-4.32.5-1 on my RaQ4 (RedHat
> linux).  I've been following the install instructions
> http://www.qitc.net/support/mailscanner/.   When I come to
> start up MailScanner, I get the following error reported:
>
> [root /]# /etc/rc.d/init.d/MailScanner start Starting
> MailScanner daemons:
>          incoming sendmail: ok
>          outgoing sendmail: ok
>          MailScanner:       syntax error at
> /usr/lib/perl5/site_perl/5.005/MIME/Field/ParamVal.pm line
> 65, near "require v5.6"
> BEGIN not safe after errors--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/MIME/Field/ParamVal.pm line 68.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/MIME/Head.pm line 124.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/MIME/Parser.pm line 144.
> BEGIN failed--compilation aborted at
> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 51.
> ok
> [root /]#
>
> Any ideas?
>
> Best regards,
> Andrew
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From webmaster at EW3D.COM  Tue Aug 10 18:56:38 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.552.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve Evans wrote:

>You got it backwards.  If you have Sendmail doing SPF it would drop the
>mail before it get's to MailScanner.
>
>
>
>

I guess that's where I'm getting confused. On the install of
MailScanner, it said to stop sendmail and run MailScanner which then
seems to start sendmail as needed. So the order seemed backwards to me.
It would be nice to get a step by step of just what happens as an email
first hits a system to the point of its delivery into the user's
mailbox. I've never had a really clear picture of this series of events,
and it is pretty complex with procmail, access, AV, SA and so on called
during the transport. The hardest part for me, would be the RBLs run
with MailScanner. Does MS immediately call sendmail and then run the RBL
checks after email passes any other rules set through sendmail?

Sorry, but I'm having a hard time getting this part down.

Best,
John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From dickenson at CFMC.COM  Tue Aug 10 19:03:44 2004
From: dickenson at CFMC.COM (Jim Dickenson)
Date: Thu Jan 12 21:26:31 2006
Subject: Unsubscribe
Message-ID: <mailman.553.1137101191.24926.mailscanner@lists.mailscanner.info>

Does "leave mailscanner" go in the subject or body of the message?
--
Jim Dickenson
mailto:dickenson@cfmc.com

Computers for Marketing Corporation
http://www.cfmc.com/



> From: Steve Campbell <campbell@cnpapers.com>
> Reply-To: Steve Campbell <campbell@cnpapers.com>
> Date: Tue, 10 Aug 2004 13:46:48 -0400
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Subject: Re: Unsubscribe
>
> Ok, that finally made sense to me what that was saying.
>
> How about modifying that to something like:
>
> To unsubscribe send "leave mailscanner" to jiscmail@jiscmail.ac.uk
>
> I apologize for being critical, but I really never understood what that was
> saying.
> I'm pretty slow most of the time, please be nice
>
> Steve Campbell
>
> ----- Original Message -----
> From: "Michele Neylon :: Blacknight Solutions"
> <michele@BLACKNIGHTSOLUTIONS.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, August 10, 2004 1:15 PM
> Subject: Re: Unsubscribe
>
>
>> MailScanner mailing list wrote:
>>> Hi,
>>>
>>>    How can I unsbscribe the mailscanner list?
>>>
>>> Regards,
>>>
>>> Fabio Sobral
>>>
>>> -------------------------- MailScanner list ----------------------
>>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>
>> See above ^^^
>>
>> Mr Michele Neylon
>> Blacknight Internet Solutions Ltd
>> http://www.blacknight.ie/
>> Tel. +353 59 9137101
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From KGoods at AIAINSURANCE.COM  Tue Aug 10 19:05:26 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.554.1137101191.24926.mailscanner@lists.mailscanner.info>

John Hinton scribbled on Tuesday, August 10, 2004 10:57 AM:

> Steve Evans wrote:
>
>> You got it backwards.  If you have Sendmail doing SPF it would drop
>> the mail before it get's to MailScanner.
>>
>>
>>
>>
>
> I guess that's where I'm getting confused. On the install of
> MailScanner, it said to stop sendmail and run MailScanner which then
> seems to start sendmail as needed. So the order seemed
> backwards to me.
> It would be nice to get a step by step of just what happens
> as an email
> first hits a system to the point of its delivery into the user's
> mailbox. I've never had a really clear picture of this series
> of events,
> and it is pretty complex with procmail, access, AV, SA and so
> on called
> during the transport. The hardest part for me, would be the RBLs run
> with MailScanner. Does MS immediately call sendmail and then
> run the RBL
> checks after email passes any other rules set through sendmail?
>
> Sorry, but I'm having a hard time getting this part down.
>
> Best,
> John Hinton

I wholeheartedly agree with you John. My setup is different than yours with
Sendmail->Mailscanner->Spamassassin->clamav, but it would be very helpful to
have a "roadmap" of the path an email takes from receipt to delivery (in my
case relayed to the Exchange server). I do some rbl's in Sendmail which seem
to take precedence over Mailscanner (they get dropped before Mailscanner see
them) but after that I have no idea what the order of scanning is. Debugging
would be so much easier if I understood the path an email takes.

But then again, maybe I'm just dense. :)

I think the main reason there isn't this type of documentation out there is
that there are an almost infinite variety of ways you can implement
Mailscanner and the associated "helper" programs. And I imagine the path an
email takes may vary based on what programs you are running in conjunction
with MS. Could be a daunting task. But if someone knowledgeable took the
time I'd surely take the time to read it!

Regards,
Ken

Ken Goods
Network Administrator
MIS Dept.
AIA Insurance, Inc.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 19:07:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.555.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:56 10/08/2004, you wrote:
>I guess that's where I'm getting confused. On the install of
>MailScanner, it said to stop sendmail and run MailScanner which then
>seems to start sendmail as needed. So the order seemed backwards to me.
>It would be nice to get a step by step of just what happens as an email
>first hits a system to the point of its delivery into the user's
>mailbox. I've never had a really clear picture of this series of events,
>and it is pretty complex with procmail, access, AV, SA and so on called
>during the transport. The hardest part for me, would be the RBLs run
>with MailScanner. Does MS immediately call sendmail and then run the RBL
>checks after email passes any other rules set through sendmail?

Take a look through the most recent presentation that is on the MailScanner
web site. There is a nice diagram (thanks Steve!) which shows the break-up
quite well.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From KGoods at AIAINSURANCE.COM  Tue Aug 10 19:28:39 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.556.1137101191.24926.mailscanner@lists.mailscanner.info>

Julian Field scribbled on Tuesday, August 10, 2004 11:08 AM:

>snip<
>
> Take a look through the most recent presentation that is on the
> MailScanner web site. There is a nice diagram (thanks Steve!) which
> shows the break-up quite well.

I get a 404 on http://www.fsl.com/MS-process.htm which is a link named
"Diagram of Mail Flow" on
http://www.sng.ecs.soton.ac.uk/mailscanner/readme.shtml. I saw the "how it
works" section further down the page but it really doesn't provide the
detail I was looking for. i.e. when exactly does Mailscanner call the other
programs. I'm only making educated guesses at this time and I've learned
from experience it's not always the best way to go. :)

Kind regards,
Ken

Ken Goods
Network Administrator
MIS Dept.
AIA Insurance, Inc.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Tue Aug 10 19:34:25 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:31 2006
Subject: syntax error @ ParamVal.pm line 65
Message-ID: <mailman.557.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Andrew D. Forkes wrote:

> Would anyone out there with a working copy of MailScanner installed and
> working under Linux (RedHat would be cool) and with perl version 5.005_03
> (or close), please send me the output from: "./MailScanner -V" so I could
> check my packages/versions ?

 From TaoLinux (RHEL 3.0 clone)

[root@lubik root]# MailScanner -V
This is Perl version 5.008
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.10    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 19:39:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.558.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:28 10/08/2004, you wrote:
>Julian Field scribbled on Tuesday, August 10, 2004 11:08 AM:
>
> >snip<
> >
> > Take a look through the most recent presentation that is on the
> > MailScanner web site. There is a nice diagram (thanks Steve!) which
> > shows the break-up quite well.
>
>I get a 404 on http://www.fsl.com/MS-process.htm which is a link named
>"Diagram of Mail Flow" on
>http://www.sng.ecs.soton.ac.uk/mailscanner/readme.shtml. I saw the "how it
>works" section further down the page but it really doesn't provide the
>detail I was looking for. i.e. when exactly does Mailscanner call the other
>programs. I'm only making educated guesses at this time and I've learned
>from experience it's not always the best way to go. :)

As I said, read the recent presentations.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From steve.swaney at FSL.COM  Tue Aug 10 19:41:36 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.559.1137101191.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ken Goods
> Sent: Tuesday, August 10, 2004 2:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SPF
>
> John Hinton scribbled on Tuesday, August 10, 2004 10:57 AM:
>
> > Steve Evans wrote:
> >
> >> You got it backwards.  If you have Sendmail doing SPF it would drop
> >> the mail before it get's to MailScanner.
> >>
> >>
> >>
> >>
> >
> > I guess that's where I'm getting confused. On the install of
> > MailScanner, it said to stop sendmail and run MailScanner which then
> > seems to start sendmail as needed. So the order seemed
> > backwards to me.
> > It would be nice to get a step by step of just what happens
> > as an email
> > first hits a system to the point of its delivery into the user's
> > mailbox. I've never had a really clear picture of this series
> > of events,
> > and it is pretty complex with procmail, access, AV, SA and so
> > on called
> > during the transport. The hardest part for me, would be the RBLs run
> > with MailScanner. Does MS immediately call sendmail and then
> > run the RBL
> > checks after email passes any other rules set through sendmail?
> >
> > Sorry, but I'm having a hard time getting this part down.
> >
> > Best,
> > John Hinton
>
There is also a diagram and documentation of how MailScanner processes mail
in the Mailscanner manual http://www.fsl.com/support

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From alex at nkpanama.com  Tue Aug 10 19:52:17 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.560.1137101191.24926.mailscanner@lists.mailscanner.info>

Ok... So would a conservative-yet-effective approach be:

1. Sendmail gets message, checks SPF. If SPF records say mail came from
unauthorized server, drop the connection. If no SPF available, receive
e-mail anyways (for now).
2. MailScanner gets message from Sendmail, passes message to SpamAssassin
for processing. SpamAssassin checks SPF records, assign arbitrary negative
number (say, -2.0) if SPF records check out ok, otherwise process as usual.

Less conservative efforts would range from harsh (assign positive score to
non-SPF messages when checked by SA) to brutal (drop non-SPF messages at MTA
level).

Is my understanding correct? Has anybody who's already implemented SPF at
the MTA level using RPM-installed sendmail worked out something like this,
and if so, where did you find info on it?

Thanks...

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of William Burns
Sent: Tuesday, August 10, 2004 12:42 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SPF

John:

SPF in your MTA blocks mail from IPs that don't belong to a senders
domain. (if SPF is configured for that domain)
Once mail is accepted, having SPF in your anti-spam system provides a
higher confidence that mail from a senders domain is not spam. (again,
if SPF is configured for that domain)
MailScanner is kinda' in-between these two things. The only reason to do
SPF in MailScanner is if it is not supported in your MTA.

The MTA (Sendmail) is the first line of defense.
If you've got SPF there, then mail won't be accepted in the first place,
so MailScanner will never see it to do any processing.

If SPF is not done in the MTA, but done in MailScanner (or in Spam
Assassin) then there's a chance for MailScanner to archive the mail
based on "failing" SPF.

It seems to me, that if SPF is configured for a certain domain, you
should trust it completely, because the senders domain is trusting their
mail services to SPF.
For that reason, you should (at least) implement SPF in the MTA. Having
Mailscanner archive mail that fails SPF is not helpful 'cause you
already know that this mail is garbage.
The only reason to avoid using SPF in the MTA is if you do not trust the
admins of the sending domains to configure SPF properly. But that seems
kinda' paranoid to me.

If you're already doing SPF in the MTA, it's still useful to do SPF in
Spam Assassin 'cause Spam Assassin would know that it was less likely to
find spam coming from domains that had SPF configured.

Does that make sense?

-Bill


John Hinton wrote:

> One of the beauties of SPF as I 'sort of' understand it, is the DNS
> record is checked first and only if it passes is the server opened to
> receive that email (seems like MailScanner is the front line and that
> would be the place to do this?). I'm not sure about exactly what happens
> and when, with MailScanner, but I would like to know that the first
> check made is at the DNS level and only then receive the email and put
> it through whatever paces are in place, AV, AS and so forth. This would
> be a huge reduction in server loads. Why do all that processing if only
> then at the MTA level, does the email get rejected (server refuses to
> download it)?
>
> Would this be the case with the current MailScanner? I am running RHEL
> and sendmail. I will be adding the SPF sendmail patch at an appropriate
> time.
>
> Best,
> John Hinton
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From joshua.hirsh at PARTNERSOLUTIONS.CA  Tue Aug 10 20:06:08 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.561.1137101191.24926.mailscanner@lists.mailscanner.info>

> 2. MailScanner gets message from Sendmail, passes message to SpamAssassin
> for processing. SpamAssassin checks SPF records, assign arbitrary negative
> number (say, -2.0) if SPF records check out ok, otherwise process as
usual.

 Personally, I wouldn't assign a negative value to any email with a proper
SPF record. It's still very easy for a spammer to setup a domain and publish
SPF records that make all addresses valid. If that happened, the message
would hit your server and possibly make it through unscathed because of the
added negative value..


-Joshua

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From david.weber at BACKBONESECURITY.COM  Tue Aug 10 20:31:32 2004
From: david.weber at BACKBONESECURITY.COM (David CM Weber)
Date: Thu Jan 12 21:26:31 2006
Subject: HTML Rules question
Message-ID: <mailman.562.1137101191.24926.mailscanner@lists.mailscanner.info>

I have a user who gets weekly emails that have embedded HTML scripts in
them. I'm trying to whitelist the emails from a particular address, and
I just want a sanity check to make sure I'm approaching it the right
way.


In MailScanner.conf I have, 

Allow Script Tags = /etc/MailScanner/rules/html.whitelist.rules


And in /etc/Mailscanner/rules/html.whitelist.rules I have

From:           someone@somewhere.com    yes
FromOrTo:       default         no


Is this correct?

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Tue Aug 10 20:55:18 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:31 2006
Subject: HTML Rules question
Message-ID: <mailman.563.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Absolutely right.

At 20:31 10/08/2004, you wrote:
>I have a user who gets weekly emails that have embedded HTML scripts in
>them. I'm trying to whitelist the emails from a particular address, and
>I just want a sanity check to make sure I'm approaching it the right
>way.
>In MailScanner.conf I have,
>
>Allow Script Tags = /etc/MailScanner/rules/html.whitelist.rules
>And in /etc/Mailscanner/rules/html.whitelist.rules I have
>
>From:           someone@somewhere.com    yes
>FromOrTo:       default         no
>
>
>Is this correct?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Tue Aug 10 21:02:06 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:31 2006
Subject: SURBL installation
Message-ID: <mailman.564.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:

> Here's the whole file I use. Note that I use SpamCopURI 0.20 with the
> 127.0.0.0/X syntax, with 0.21+ you should move to 127.0.0.0+X even
> though both will work for some time.

Peter

Some thing like the attached then? If I follow you correctly, I think
it's right (I'm using SpamCopURI 0.22)

Thanks very much for all your help

Drew



--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>
######### ab.surbl.org #########

uri       AB_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+32')
describe  AB_URI_RBL  URI's domain appears in ab.surbl.org
tflags    AB_URI_RBL  net

score     AB_URI_RBL  5.0

######### sc.surbl.org #########

uri SPAMCOP_URI_RBL           eval:check_spamcop_uri_rbl('sc.surbl.org','127.0.0.0+2')
describe SPAMCOP_URI_RBL      URI's domain appears in spamcop database at sc.surbl.org
tflags SPAMCOP_URI_RBL  net

score SPAMCOP_URI_RBL  3.0

# open redirect resolution off by default
# spamcop_uri_resolve_open_redirects 1

open_redirect_list_spamcop_uri   snurl.com              *.snurl.com
open_redirect_list_spamcop_uri   snipurl.com            *.snipurl.com
open_redirect_list_spamcop_uri   tinyclick.com          *.tinyclick.com
open_redirect_list_spamcop_uri   babyurl.com            *.babyurl.com
open_redirect_list_spamcop_uri   lin.kz                 *.lin.kz
open_redirect_list_spamcop_uri   *.v3.net
open_redirect_list_spamcop_uri   shorl.com              *.shorl.com
open_redirect_list_spamcop_uri   tinyurl.com            *.tinyurl.com
open_redirect_list_spamcop_uri   xurl.us


# whitelist_spamcop_uri   *.yahoo.com
# blacklist_spamcop_uri   *medz4cheap.com

######### ob.surbl.org #########

uri       OB_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+16')
describe  OB_URI_RBL  URI's domain appears in ob.surbl.org
tflags    OB_URI_RBL  net

score     OB_URI_RBL  4.0

######### ws.surbl.org  #########

uri       WS_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+4')
describe  WS_URI_RBL  URI's domain appears in sa-blacklist
tflags    WS_URI_RBL  net

score     WS_URI_RBL  3.0

######### ph.surbl.org #########

uri       PH_URI_RBL  eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+8')
describe  PH_URI_RBL  URI's domain appears in ob.surbl.org
tflags    PH_URI_RBL  net

score     PH_URI_RBL  4.0

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dustin.baer at IHS.COM  Tue Aug 10 21:10:09 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:31 2006
Subject: HTML Rules question
Message-ID: <mailman.565.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David CM Weber wrote:

>I have a user who gets weekly emails that have embedded HTML scripts in
>them. I'm trying to whitelist the emails from a particular address, and
>I just want a sanity check to make sure I'm approaching it the right
>way.
>
>In MailScanner.conf I have,
>
>Allow Script Tags = /etc/MailScanner/rules/html.whitelist.rules
>
>And in /etc/Mailscanner/rules/html.whitelist.rules I have
>
>From:           someone@somewhere.com    yes
>FromOrTo:       default         no
>
>Is this correct?
>

Yes.

Just personal preference, but I match the name of the rule to the name
of the configuration option, i.e. "AllowScriptTags.rules"  Easier for
administration later.

Dustin

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mkettler at EVI-INC.COM  Tue Aug 10 21:19:00 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.566.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 03:06 PM 8/10/2004, Hirsh, Joshua wrote:
> > 2. MailScanner gets message from Sendmail, passes message to SpamAssassin
> > for processing. SpamAssassin checks SPF records, assign arbitrary negative
> > number (say, -2.0) if SPF records check out ok, otherwise process as
>usual.

>  Personally, I wouldn't assign a negative value to any email with a proper
>SPF record. It's still very easy for a spammer to setup a domain and publish
>SPF records that make all addresses valid. If that happened, the message
>would hit your server and possibly make it through unscathed because of the
>added negative value.

True, but you're still forcing the spammer to actually set-up and use a
domain name instead of joe-jobbing a yahoo.com user in order to gain
benefit from this.

It's also very easy to block these malicious domains, so the spammer would
have to treat them as entirely disposable. Once he/she used it, people
would catch on and  blacklist the domain. If the spammer re-used the domain
on a second run, the drawbacks would greatly outweigh the benefits as a
large quantity of the mail will be easily blocked.

Domains are cheap, but they aren't free. Eventually the "register a new
domain for every spam run" is going to eat away at their bottom line in
terms of time and money. This is actually a very valuable way of beating
spammers.. slowly grind away at their profits until they give up.

It's also very easy to adjust the SPF code to ignore any entire-world
wildcard SPF records, or even check for such things and give it a negative
score, making their work a bit harder.

That and you aren't talking about a particularly large negative score here.
Most FP's I've seen are quite close to 5.0 in score. Most spams are way
over and wouldn't become FNs from a small (-2.0) negative scoring rule.

Of course, SA 3.0 has this by default, but the negative score is tiny, it's
set to -0.001 in 3.0-rc4. So Alex can get his #2 approach out-of-the-box
with SA 3.0 by adding a score line for SPF_PASS to his local.cf:

         score SPF_PASS -2.0

(I myself might opt to do this with a more conservative -1.0 or so)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mike at CAMAROSS.NET  Tue Aug 10 21:19:08 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:31 2006
Subject: problems installing
Message-ID: <mailman.567.1137101191.24926.mailscanner@lists.mailscanner.info>

I worked with Dave to resolve this issue.  It turned out to be a missing
glibc-kernheaders RPM.  Installing that made life MUCH easier.

Mike


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Tuesday, August 10, 2004 10:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: problems installing
>
> Try installing Compress::Zlib by hand or by using CPAN
>
> perl -MCPAN -e shell
> install Compress::Zlib
>
> then run the install.sh again. You need the Zlib installation
> to succeed, or else it won't work.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From dfilchak at sympatico.ca  Tue Aug 10 21:58:50 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:31 2006
Subject: problems installing
Message-ID: <mailman.568.1137101191.24926.mailscanner@lists.mailscanner.info>

Things seem to be working much better now. Loads of thanks to Mike for his
generosity in helping me out.

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Mike Kercher
Sent: August 10, 2004 4:19 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: problems installing

I worked with Dave to resolve this issue.  It turned out to be a missing
glibc-kernheaders RPM.  Installing that made life MUCH easier.

Mike


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Tuesday, August 10, 2004 10:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: problems installing
>
> Try installing Compress::Zlib by hand or by using CPAN
>
> perl -MCPAN -e shell
> install Compress::Zlib
>
> then run the install.sh again. You need the Zlib installation
> to succeed, or else it won't work.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mark at TIPPINGMAR.COM  Tue Aug 10 22:08:14 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:31 2006
Subject: SPF
Message-ID: <mailman.569.1137101191.24926.mailscanner@lists.mailscanner.info>

On 10 Aug 2004 at 13:52, Alex Neuman wrote:

> 1. Sendmail gets message, checks SPF. If SPF records say mail came
> from unauthorized server, drop the connection.

Sendmail doesn't just drop the conection, it returns an explanantion to the sender,
similar to the way it returns a "user unknown" or other error message.

> Is my understanding correct? Has anybody who's already implemented SPF
> at the MTA level using RPM-installed sendmail worked out something
> like this, and if so, where did you find info on it?

See this:
http://dev.spf.pobox.com/downloads.html

Mark

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From peter at UCGBOOK.COM  Tue Aug 10 22:12:36 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:31 2006
Subject: SURBL installation
Message-ID: <mailman.570.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Drew Marshall wrote:
> Some thing like the attached then? If I follow you correctly, I think
> it's right (I'm using SpamCopURI 0.22)

You could have used my file as is if you wanted to, would have saved you
the editing. Yours looks alright though, just a tiny thing with the
description on the phishing test, I guess you copied it from the
ob-list. :-)

Test with "spamassassin -D --lint" and it should complain if there's any
errors.

If you get from 0 to 5 hits you're ok, but I would be worried if I
always got 0 (or 5) hits. If you have reasonable traffic on your server
this should show up quick. I didn't have to wait one full minute.

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Tue Aug 10 22:23:18 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:31 2006
Subject: SURBL installation
Message-ID: <mailman.571.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:

> You could have used my file as is if you wanted to, would have saved you
> the editing.

Agreed, thanks but I have found that I learn better by doing rather than
'borrowing' :-)

> Yours looks alright though, just a tiny thing with the
> description on the phishing test, I guess you copied it from the
> ob-list. :-)

oops, yes cut and paste error. Changed now (MS of cause doesn't use the
description any way)

>
> Test with "spamassassin -D --lint" and it should complain if there's any
> errors.

All Ok also

>
> If you get from 0 to 5 hits you're ok, but I would be worried if I
> always got 0 (or 5) hits. If you have reasonable traffic on your server
> this should show up quick. I didn't have to wait one full minute.

Seems to be Ok, several hits on one, two and three lists so looks good.
Thanks again.

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From SJCJonker at SJC.NL  Tue Aug 10 22:29:47 2004
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:26:31 2006
Subject: Patch for vnames.pl with sophossavi and clamavmodule.
Message-ID: <mailman.572.1137101191.24926.mailscanner@lists.mailscanner.info>

Hello,

For a while now the wonderfull vnames.pl was bugging me with incorrect
reports, ever since moving towards sophossavi and clamavmodule.

This was due to the regexp for sophossave matching both clamavmodule and
sophossavi while there being no support in the script for clamavmodule
itself.

Both use the INFECTED:: string, but are prefixed with sophossavi or
clamavmodule in turn.

I took the liberty to modify the script and add clamavmodule and tighten
the sophossavi regexp.

Patch is against vnames.pl v.2.1.2 - 4/5/2004

--
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 1.2: "Attached Text" ]

--- vnames.pl   2004-05-10 21:23:15.000000000 +0200
+++ vnames.pl.new       2004-08-10 23:24:59.000000000 +0200
@@ -37,7 +37,7 @@

 # Definable Vars
 $Scanner = "mcafee,clamav";
-   # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot,
+   # comma sep: sophos,sophossavi,inoculan,clamav,clamavmodule,command,f-prot,
    #            mcafee,mcafee_fr,fsecure,panda,antivir
 $HTML = "yes"; # yes|no (no=text only)
 $Sort = "count"; #count|name (count=ascending)
@@ -51,14 +51,17 @@
     Output => '>>> Virus',
     String => '>>> Virus \'(.*)\''},
   sophossavi => {
-    Output => 'INFECTED::',
-    String => 'INFECTED:: (.*)::'},
+    Output => 'SophosSAVI::INFECTED::',
+    String => 'SophosSAVI::INFECTED:: (.*)::'},
   inoculan => {
     Output => 'was infected by virus',
     String => 'was infected by virus \[(.*)\]'},
   clamav => {
     Output => 'FOUND',
     String => ':.* (.*) FOUND'},
+  clamavmodule => {
+    Output => 'ClamAVModule::INFECTED::',
+    String => 'ClamAVModule::INFECTED:: (.*)::'},
   command => {
     Output => 'Infection:',
     String => 'Infection: (.*)'},
@@ -87,6 +90,7 @@
   sophossavi => "Sophos SAVI",
   inoculan => "Inoculan",
   clamav => "ClamAV",
+  clamavmodule => "ClamAVModule",
   command => "Command",
   "f-prot" => "F-Prot",
   mcafee => "McAfee",

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

    [ Part 2, "OpenPGP digital signature"  Application/PGP-SIGNATURE  ]
    [ 161bytes. ]
    [ Unable to print this part. ]


From drew at THEMARSHALLS.CO.UK  Tue Aug 10 23:10:24 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:31 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.573.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Tahoma">I know that Ugo had this problem a
while ago but I too have just upgraded my ClamAV to 0.75.1 and it's
broken the perl module with 'Commercial virus checker failed with real
error: Invalid function CL_ENCRYPTED at
/usr/local/lib/perl5/site_perl/5.8.5/mach/Mail/ClamAV.pm line 69.' I
have reinstalled Clam and the Clam module with no success. Looking at
the ClamAV.pm file there doesn't seem to be any reference to
'CL_ENCRYPTED' any where in the file. I guess this is the return from
Clam after it has scanned and the perl module doesn't have any
conversion for that string but what it should be or even where it needs
patching is outside of my rather poor coding skills. Has anyone else
seen this or have any ideas on a patch for it?<br>
<br>
Drew<br>
</font></font>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From brian.peterson at MAC.COM  Tue Aug 10 23:12:27 2004
From: brian.peterson at MAC.COM (Brian Peterson)
Date: Thu Jan 12 21:26:32 2006
Subject: RunAsUser postfix issue
Message-ID: <mailman.574.1137101191.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I resolved this issue for Mac OS X v10.3.5 using postfix.  There were a
couple problems I ran into.

The default SetUidGid function didn't work but the commented out
version using POSIX::setgid did work so I used that.  Anyone foresee
any problems with using this?

The error message below was being generated in the
MailScanner::Log::LogText function.  This module has a Start function
which appears to do the right thing but doesn't appear to be called
anywhere.  Sys::Syslog::setlogsock('unix') was required for Mac OS X so
I ended up just adding it to the LogText routine.


thanks
Brian Peterson
On Aug 10, 2004, at 10:30 AM, Brian Peterson wrote:

> I'm having problems starting MailScanner when setting the Run As User
> to postfix.
>
> server:/opt/MailScanner/bin root# ./check_mailscanner
> Starting MailScanner...
> Bad arg length for Socket::pack_sockaddr_in, length is 0, should be 4
> at /System/Library/Perl/5.8.1/darwin-thread-multi-2level/Socket.pm line
> 373.
>
> Anyone have any idea how to debug where this error might be coming
> from?  I suspect it's several modules deep as there don't appear to be
> any direct calls to pack_sockaddr_in.
>
> If I define the Run As User as root, MailScanner starts properly but
> obviously there are issues with the saving files to the outgoing
> postifix spool.
>
> server:/opt/MailScanner/bin root# ./MailScanner -V
> This is Perl version 5.008001
> This is MailScanner version 4.32.5
> Module versions are:
> 1.00    AnyDBM_File
> 1.12    Archive::Zip
> 1.01    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.04    Fcntl
> 2.71    File::Basename
> 2.05    File::Copy
> 2.01    FileHandle
> 1.05    File::Path
> 0.13    File::Temp
> 1.23    HTML::Entities
> 3.26    HTML::Parser
> 2.24    HTML::TokeParser
> 1.20    IO
> 1.09    IO::File
> 1.122   IO::Pipe
> 5.403   MIME::Decoder
> 5.403   MIME::Decoder::UU
> 5.403   MIME::Head
> 5.406   MIME::Parser
> 5.411   MIME::Tools
> 0.09    Net::CIDR
> 1.05    POSIX
> 1.75    Socket
> 0.03    Sys::Syslog
> 1.02    Time::localtime
>
>
> thanks
> Brian Peterson
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Wed Aug 11 01:19:18 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.575.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> I know that Ugo had this problem a while ago but I too have just
> upgraded my ClamAV to 0.75.1 and it's broken the perl module with
> 'Commercial virus checker failed with real error: Invalid function
> CL_ENCRYPTED at /usr/local/lib/perl5/site_perl/5.8.5/mach/Mail/ClamAV.pm
> line 69.' I have reinstalled Clam and the Clam module with no success.
> Looking at the ClamAV.pm file there doesn't seem to be any reference to
> 'CL_ENCRYPTED' any where in the file. I guess this is the return from
> Clam after it has scanned and the perl module doesn't have any
> conversion for that string but what it should be or even where it needs
> patching is outside of my rather poor coding skills. Has anyone else
> seen this or have any ideas on a patch for it?

This was explained some days ago, please search the archive. Meanwhile
reinstall Mail::ClamAV (latest version)

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From webmaster at EW3D.COM  Wed Aug 11 03:11:51 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.576.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mark Nienberg wrote:

>On 10 Aug 2004 at 13:52, Alex Neuman wrote:
>
>
>
>>1. Sendmail gets message, checks SPF. If SPF records say mail came
>>from unauthorized server, drop the connection.
>>
>>
>
>Sendmail doesn't just drop the conection, it returns an explanantion to the sender,
>similar to the way it returns a "user unknown" or other error message.
>
>
>
It depends... Actually, if the from address does not match the SPF
record, it is best to not send out a notice and to just drop the
connection. Otherwise, you are just spamming the system the email didn't
come from in the first place. One big reason for the implementation of SPF.

In the beginning phases, it would be best to send these returns so
people can complain to their service providers. But that will likely be
over with by about the first of the year (Hopefully!!!).

John Hinton

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From res at AUSICS.NET  Wed Aug 11 04:51:19 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.577.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 10 Aug 2004, Jan-Peter Koopmann wrote:

>> the SPF option, SA is just too damned slow on these servers, that cop
>> a thrashing.
>
> What is your throughput? I know SA is a performance drag but usually
> people (even big ISPs) can live with its performance. Moreover SA3 is
> supposed to be a lot faster.

Pretty constantly 180 concurrent

> Do the SPF checks at MTA level. If you don't, how do you MailScanner (or
> anything else) expect to treat SPF? SpamAssassin assigns scores to it if
> you choose but since you are not using SpamAssassin you are probably
> faced with either blocking SPF-failures at MTA level or not achieving
> anything at all. Are you not?


Doing it with a milter will be fine if Julian says he has no plans,
our MTA handles it all MailScanner only handles the virus scanning
it works pretty well now, just enforcing rfc1912 reduced spam by 80%
the rbl's get about 15% our sendmail mc options catch 4.9%
on avgs, so theres no way in hell im going to drag the servers down by
useing SA, it just aint gunna happen, simple as that.
tried it once, the load went through the roof.
>

--
Regards,
Res

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From res at AUSICS.NET  Wed Aug 11 04:53:10 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.578.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 10 Aug 2004, Julian Field wrote:

> At 18:04 10/08/2004, you wrote:
>> One of the beauties of SPF as I 'sort of' understand it, is the DNS
>> record is checked first and only if it passes is the server opened to
>> receive that email (seems like MailScanner is the front line and that
>> would be the place to do this?). I'm not sure about exactly what happens
>> and when, with MailScanner, but I would like to know that the first
>> check made is at the DNS level and only then receive the email and put
>> it through whatever paces are in place, AV, AS and so forth. This would
>> be a huge reduction in server loads. Why do all that processing if only
>> then at the MTA level, does the email get rejected (server refuses to
>> download it)?
>>
>> Would this be the case with the current MailScanner? I am running RHEL
>> and sendmail. I will be adding the SPF sendmail patch at an appropriate
>> time.
>
> From your description above, you want to do your SPF checks at the MTA
> level, so use sendmail to do it, not MailScanner.

I guess this answers my question, no plans..
Cheers

> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

--
Regards,
Res

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug 11 06:54:52 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:32 2006
Subject: SpamAssassin 2.64  + MCP chacks
Message-ID: <mailman.579.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I did not patch SA at all, but MCP is working....

Is it still required to apply the patch?

On Tue, 10 Aug 2004, Julian Field wrote:

> At 15:02 10/08/2004, you wrote:
>> Does the MCP check patch works with the new version of SA.
>> Do you need to reïnstall the 2.63 patch?
>
> You will need to re-install the patch, as the patched file will have been 
> overwritten in the SA upgrade.
>
> Give me a shout if you have trouble applying the 2.63 patch against 2.64.
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Wed Aug 11 06:55:21 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.580.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Raymond Dijkxhoorn wrote:
<blockquote
 cite="midPine.LNX.4.58.0408110218380.21393@mailbox.prolocation.net"
 type="cite">
  <pre wrap="">Hi!

  </pre>
  <blockquote type="cite">
    <pre wrap="">I know that Ugo had this problem a while ago but I too have just
upgraded my ClamAV to 0.75.1 and it's broken the perl module with
'Commercial virus checker failed with real error: Invalid function
CL_ENCRYPTED at /usr/local/lib/perl5/site_perl/5.8.5/mach/Mail/ClamAV.pm
line 69.' I have reinstalled Clam and the Clam module with no success.
Looking at the ClamAV.pm file there doesn't seem to be any reference to
'CL_ENCRYPTED' any where in the file. I guess this is the return from
Clam after it has scanned and the perl module doesn't have any
conversion for that string but what it should be or even where it needs
patching is outside of my rather poor coding skills. Has anyone else
seen this or have any ideas on a patch for it?
    </pre>
  </blockquote>
  <pre wrap=""><!---->
This was explained some days ago, please search the archive. </pre>
</blockquote>
Indeed, as I mentioned. I can quote the archive number if you wish <span
 class="moz-smiley-s3"><span> ;-) </span></span><br>
<blockquote
 cite="midPine.LNX.4.58.0408110218380.21393@mailbox.prolocation.net"
 type="cite">
  <pre wrap="">Meanwhile reinstall Mail::ClamAV (latest version)
  </pre>
</blockquote>
If the current version is still 0.05 (As that is what is in the FreeBSD
ports tree) then I have done this twice now with no difference, hence
why I am asking if any one has any other ideas. <span
 class="moz-smiley-s1"><span> :-) </span></span><br>
However, I sound like I am being unkind (Not intended). Thanks for your
help Raymond. Do you (Or any one?) have any other thoughts?<br>
<br>
Regards<br>
<br>
Drew<br>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From james at 080.NET  Wed Aug 11 07:28:58 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:32 2006
Subject: set whitelist for indivisual user
Message-ID: <mailman.581.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Hi!</DIV>
<DIV>I already config my MailScanner scan virus and spam for indivisual account 
in my server (cpanel server) ,</DIV>
<DIV>I now have problem on how to let Spamassassin knows whitelist for 
indivisual user, for example:</DIV>
<DIV>&nbsp;</DIV>
<DIV><A href="mailto:*@abc.com">*@abc.com</A>&nbsp; may want to have whitelist 
for <A href="mailto:*@yahoo.com">*@yahoo.com</A></DIV>
<DIV>&nbsp;but <A href="mailto:*@def.com">*@def.com</A> (another user in my 
server ) might consider <A href="mailto:*@yahoo.com">*@yahoo.com</A>&nbsp; as 
blacklist.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Futher more, I also wonder if MailScanner can let me set each user can have 
his very own user_prefs file ?</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards,</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>James</DIV></BODY><br />
<br />
<br />
<br />----------------------------------------------------------
<br />¥»¶l¥ó¤w¸g¹L<a href="http://080.net">080.net</a> ¸s·ù¬ì§Þ¯f¬r±½ºË
<br />Viruses Scanned by <a href="http://080.net">080.net</a>
</HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 08:26:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: SpamAssassin 2.64  + MCP chacks
Message-ID: <mailman.582.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I should think so, yes. The patch lets MCP look inside binary files such as 
Word documents.

At 06:54 11/08/2004, you wrote:
>I did not patch SA at all, but MCP is working....
>
>Is it still required to apply the patch?
>
>On Tue, 10 Aug 2004, Julian Field wrote:
>
>>At 15:02 10/08/2004, you wrote:
>>>Does the MCP check patch works with the new version of SA.
>>>Do you need to reïnstall the 2.63 patch?
>>
>>You will need to re-install the patch, as the patched file will have been 
>>overwritten in the SA upgrade.
>>
>>Give me a shout if you have trouble applying the 2.63 patch against 2.64.
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

</x-flowed>

From Jan-Peter.Koopmann at SECEIDOS.DE  Wed Aug 11 08:26:39 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.583.1137101192.24926.mailscanner@lists.mailscanner.info>

On Wednesday, August 11, 2004 4:12 AM MailScanner mailing list wrote:

>> Sendmail doesn't just drop the conection, it returns an explanantion
>> to the sender, similar to the way it returns a "user unknown" or
>> other error message. 
>> 
>> 
>> 
> It depends... Actually, if the from address does not match
> the SPF record, it is best to not send out a notice and to
> just drop the connection. Otherwise, you are just spamming


What gives you the idea that sendmail (or other MTAs) send out a notice
if SPF fails? If you configure your MTA correctly and SPF fails you
simple reply with a 

550 SPF check failed or whatever

within the SMTP protocol. This way the sending MTA can send an error
message to the sender. You are not sending a mail and since you are not,
this kind of check with this kind of response will NEVER spam the net. 

> In the beginning phases, it would be best to send these
> returns so people can complain to their service providers.

Again: You should _NEVER_ send a NDR if SPF fails. Simply do not accept
the mail at MTA level if you choose to enforce SPF.

> But that will likely be over with by about the first of the
> year (Hopefully!!!).

No. You will leave this turned on forever. You should always give nice
and explanatory SMTP error messages if you refuse to accept a mail. You
should however nearly never send out NDRs yourself in response to
possible SPAM or viruses, I agree.

Regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug 11 08:30:15 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.584.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> >>I know that Ugo had this problem a while ago but I too have just
> >>upgraded my ClamAV to 0.75.1 and it's broken the perl module with
> >>'Commercial virus checker failed with real error: Invalid function
> >>CL_ENCRYPTED at /usr/local/lib/perl5/site_perl/5.8.5/mach/Mail/ClamAV.pm

> If the current version is still 0.05 (As that is what is in the FreeBSD
> ports tree) then I have done this twice now with no difference, hence
> why I am asking if any one has any other ideas. :-)
> However, I sound like I am being unkind (Not intended). Thanks for your
> help Raymond. Do you (Or any one?) have any other thoughts?

You RESTARTED MailScanner also ?

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Wed Aug 11 08:33:05 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.585.1137101192.24926.mailscanner@lists.mailscanner.info>

On Wed, August 11, 2004 8:30, Raymond Dijkxhoorn said:
> Hi!
>
> You RESTARTED MailScanner also ?
>
Re-booted the whole damn machine, just in case!

Drew



--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mike at ZANKER.ORG  Wed Aug 11 08:52:48 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.586.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 11 August 2004 06:55 +0100 Drew Marshall <drew@THEMARSHALLS.CO.UK>
wrote:

> If the current version is still 0.05 (As that is what is in the
> FreeBSD ports tree) then I have done this twice now with no
> difference, hence why I am asking if any one has any other ideas. :-)

Current version is 0.11 - that's the one that I installed to stop the
CL_ENCRYPTED error message.

Mike.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mike at ZANKER.ORG  Wed Aug 11 08:58:29 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:32 2006
Subject: Jiscmail not using MailScanner?
Message-ID: <mailman.587.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just got this when trying to send to the list:

SMTP error from remote mailer after end of data: host
kili.jiscmail.ac.uk [130.246.192.52]: 451 4.3.0 Problem running
virus-scanner

Maybe they should consider MailScanner :)

Mike.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From raymond at PROLOCATION.NET  Wed Aug 11 08:58:32 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.588.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> > You RESTARTED MailScanner also ?

> Re-booted the whole damn machine, just in case!

To be sure, you did:

1> install latest clam
2> reinstall Mail::ClamAV
3> restarted mailscanner.

Do you have multiple instances of perl installed ?

Did you install Mail::ClamAV via CPAN ?

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug 11 09:08:03 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:32 2006
Subject: set whitelist for indivisual user
Message-ID: <mailman.589.1137101192.24926.mailscanner@lists.mailscanner.info>

James Hsieh wrote:
> *@abc.com <mailto:*@abc.com>   may want to have whitelist for
> *@yahoo.com <mailto:*@yahoo.com> 
> 
>  but *@def.com <mailto:*@def.com> (another user in my server ) might
> consider *@yahoo.com <mailto:*@yahoo.com>   as blacklist. 
> 
> Futher more, I also wonder if MailScanner can let me set each user
> can have his very own user_prefs file ? 

Look in the rules directory. You'll find two files:
README
EXAMPLES

You need to basically define:
From m.sapsed at BANGOR.AC.UK  Wed Aug 11 09:38:01 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:32 2006
Subject: Unsubscribe
Message-ID: <mailman.591.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jim Dickenson wrote:
> Does "leave mailscanner" go in the subject or body of the message?

In the body - the subject is ignored.

>>From: Steve Campbell <campbell@cnpapers.com>
>>
>>How about modifying that to something like:
>>
>>To unsubscribe send "leave mailscanner" to jiscmail@jiscmail.ac.uk
>>
>>I apologize for being critical, but I really never understood what that was
>>saying.

OK - I'll make that change if it clarifies things. Anyone suggest a way
of indicating that goes in the body rather than subject, but keeping it
as a one liner? (Trying to keep the footer small if poss...)

Cheers,

Martin
(Julian's list-management helper!)

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From james at 080.NET  Wed Aug 11 09:48:57 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:32 2006
Subject: set whitelist for indivisual user
Message-ID: <mailman.592.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!
Ya, I just found it.
MailScanner is really powerful!


James
----- Original Message ----- 
From: "Michele Neylon :: Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, August 11, 2004 4:08 PM
Subject: Re: set whitelist for indivisual user


James Hsieh wrote:
> *@abc.com <mailto:*@abc.com> may want to have whitelist for
> *@yahoo.com <mailto:*@yahoo.com>
>
> but *@def.com <mailto:*@def.com> (another user in my server ) might
> consider *@yahoo.com <mailto:*@yahoo.com> as blacklist.
>
> Futher more, I also wonder if MailScanner can let me set each user
> can have his very own user_prefs file ?

Look in the rules directory. You'll find two files:
README
EXAMPLES

You need to basically define:
From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug 11 10:00:45 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:32 2006
Subject: Unsubscribe
Message-ID: <mailman.594.1137101192.24926.mailscanner@lists.mailscanner.info>

> OK - I'll make that change if it clarifies things. Anyone
> suggest a way of indicating that goes in the body rather than
> subject, but keeping it as a one liner? (Trying to keep the footer
> small if poss...)
>
"To unsubscribe email jiscmail@jiscmail.ac.uk with the words: leave
mailscanner" ?

Or simply put it in the header of the emails if that's possible



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From drew at THEMARSHALLS.CO.UK  Wed Aug 11 10:18:46 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.595.1137101192.24926.mailscanner@lists.mailscanner.info>

On Wed, August 11, 2004 8:58, Raymond Dijkxhoorn said:
> Hi!
>
> To be sure, you did:
>
> 1> install latest clam

Yes, portupgrade
> 2> reinstall Mail::ClamAV

Yes from FreeBSD port but I think Mike Zanker may have found it. The BSD
ports tree has version 0.05, the latest version is 0.11. I wonder if JP
can submit 0.11 to a committer (As he is listed as the port maintainer).

> 3> restarted mailscanner.

Yes
>
> Do you have multiple instances of perl installed ?

No 5.8.5 only.
>
> Did you install Mail::ClamAV via CPAN ?

No BSD ports tree
>
> Bye,
> Raymond.
>
Thanks for you help

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From james at 080.NET  Wed Aug 11 10:28:09 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:32 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.596.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV>
<DIV>Hi!</DIV>
<DIV>There is a virus test :</DIV>
<DIV><A 
href="http://www.aleph-tec.com/eicar/index.php">http://www.aleph-tec.com/eicar/index.php</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>I wonder if there is a test for spamassassin so I can go there and send 
emails to test my setting.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards,</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>James</DIV></DIV></DIV></BODY><br />
<br />
<br />
<br />----------------------------------------------------------
<br />¥»¶l¥ó¤w¸g¹L<a href="http://080.net">080.net</a> ¸s·ù¬ì§Þ¯f¬r±½ºË
<br />Viruses Scanned by <a href="http://080.net">080.net</a>
</HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From kfliong at WOFS.COM  Wed Aug 11 11:15:58 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:32 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.597.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

I added the line below to my sendmail.mc and then regenerated the
sendmail.cf file.

FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to
<"$&f"> thru "$&{client_name}" by The Spamhaus SBL+XBL DNSBL ; Please visit
http://www.spamhaus.org/ for more information."')dnl

It's working fine by stopping spams from spamhaus list before mails could
even reach mailscanner and thus freeing my server load. I love this feature
a lot as we are getting tons of spams daily.

But the problem is, some of my users also are unable to send their emails
using SMTP server as their "dynamic" IP is banned because some of the ips
are listed in spamhaus. They keep getting the error above. How can I
rectify this? Is there a command for me to add to allow user based on their
IP address or email address?

Perhaps I could allow IP address of certain range (within my ISP) to go
through this? After all, once the mails pass through this barrier, there
are also Mailscanner to take care of the spams.

Thanks in advance.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug 11 11:28:19 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.598.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Drew Marshall wrote:
> On Wed, August 11, 2004 8:58, Raymond Dijkxhoorn said:
>
>>Hi!
>>
>>To be sure, you did:
>>
>>1> install latest clam
>
>
> Yes, portupgrade
>
>>2> reinstall Mail::ClamAV
>
>
> Yes from FreeBSD port but I think Mike Zanker may have found it. The BSD
> ports tree has version 0.05, the latest version is 0.11. I wonder if JP
> can submit 0.11 to a committer (As he is listed as the port maintainer).
>
>
>>3> restarted mailscanner.
>
>
> Yes
>
>>Do you have multiple instances of perl installed ?
>
>
> No 5.8.5 only.
>
>>Did you install Mail::ClamAV via CPAN ?
>
>
> No BSD ports tree

Then I suggest you get version 0.11 from CPAN.

>
>>Bye,
>>Raymond.
>>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From prandal at HEREFORDSHIRE.GOV.UK  Wed Aug 11 11:51:03 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:32 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.599.1137101192.24926.mailscanner@lists.mailscanner.info>

kfliong wrote:
> Hi,
>
> I added the line below to my sendmail.mc and then regenerated
> the sendmail.cf file.
>
> FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS
> DENIED to <"$&f"> thru "$&{client_name}" by The Spamhaus
> SBL+XBL DNSBL ; Please visit http://www.spamhaus.org/ for
> more information."')dnl
>
> It's working fine by stopping spams from spamhaus list before
> mails could even reach mailscanner and thus freeing my server
> load. I love this feature a lot as we are getting tons of spams daily.
>
> But the problem is, some of my users also are unable to send
> their emails using SMTP server as their "dynamic" IP is
> banned because some of the ips are listed in spamhaus. They
> keep getting the error above. How can I rectify this? Is
> there a command for me to add to allow user based on their IP
> address or email address?
>
> Perhaps I could allow IP address of certain range (within my
> ISP) to go through this? After all, once the mails pass
> through this barrier, there are also Mailscanner to take care
> of the spams.
>
> Thanks in advance.

I think you'd be better off using the SBL list in sendmail and scoring
the XBL list in spamassassin.  I've seen a few false positives which
seem to come from the  XBL list.

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug 11 11:51:14 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.600.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> > 2> reinstall Mail::ClamAV
>
> Yes from FreeBSD port but I think Mike Zanker may have found it. The BSD
> ports tree has version 0.05, the latest version is 0.11. I wonder if JP
> can submit 0.11 to a committer (As he is listed as the port maintainer).

You really NEED to install .11, else you can reinstall over and over, wont
help :)

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From prandal at HEREFORDSHIRE.GOV.UK  Wed Aug 11 12:07:34 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.601.1137101192.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Hi!
>
>>> 2> reinstall Mail::ClamAV
>>
>> Yes from FreeBSD port but I think Mike Zanker may have found it. The
>> BSD ports tree has version 0.05, the latest version is 0.11. I wonder
>> if JP can submit 0.11 to a committer (As he is listed as the port
>> maintainer).
>
> You really NEED to install .11, else you can reinstall over
> and over, wont help :)
>
> Bye,
> Raymond.

I just tried to install Mail::ClamAV 0.11 on my Fedora Core 1 box and
got:

 Starting "make" Stage
make[1]: Entering directory
`/root/.cpan/build/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
ClamAV.xsc ClamAV.c
gcc -c  -I/root/.cpan/build/Mail-ClamAV-0.11 -I/usr/local/include
-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386
-mcpu=i686   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE"   ClamAV.c
ClamAV.xs: In function `clamav_perl_constant':
ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
function)
ClamAV.xs:284: error: (Each undeclared identifier is reported only once
ClamAV.xs:284: error: for each function it appears in.)
ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
function)
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory
`/root/.cpan/build/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'

A problem was encountered while attempting to compile and install your
Inline
C code. The command that failed was:
  make

The build directory was:
/root/.cpan/build/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV

To debug the problem, cd to the build directory, and inspect the output
files.

 at /root/.cpan/build/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 159
BEGIN failed--compilation aborted at
/root/.cpan/build/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 447.
Compilation failed in require.
BEGIN failed--compilation aborted.

Hmmm, 0.10 built OK.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug 11 12:13:46 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.602.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> > You really NEED to install .11, else you can reinstall over
> > and over, wont help :)

> `/root/.cpan/build/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
> /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
> /usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
> ClamAV.xsc ClamAV.c

Its definately not a FC1 problem, we have it running on several FC1 boxes.
Dont know what could help however. You installed also latest ClamAV ?
Whats the Clam version you currently installed ?

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From michele at blacknightsolutions.com  Wed Aug 11 12:21:28 2004
From: michele at blacknightsolutions.com (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:32 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.603.1137101192.24926.mailscanner@lists.mailscanner.info>

Blocking based on an RBL is WRONG. You are simply asking for trouble



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From prandal at HEREFORDSHIRE.GOV.UK  Wed Aug 11 12:26:44 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:32 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.604.1137101192.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Hi!
>
>>> You really NEED to install .11, else you can reinstall over and
>>> over, wont help :)
>
>> `/root/.cpan/build/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>> /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
>> /usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
>> ClamAV.xsc ClamAV.c
>
> Its definately not a FC1 problem, we have it running on
> several FC1 boxes.
> Dont know what could help however. You installed also latest ClamAV ?
> Whats the Clam version you currently installed ?
>
> Bye,
> Raymond.

Probably because I'm using a recent nightly of ClamAV, then.

Sorry  for the noise on the list.

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Wed Aug 11 12:53:21 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version
Message-ID: <mailman.605.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there,

now i just saw the following errors:

Aug 11 13:50:31 marcel sendmail-in[9925]: rejecting connections on daemon
MTA: load average: 15
Aug 11 13:50:46 marcel sendmail-in[9925]: rejecting connections on daemon
MTA: load average: 12


This never happened with the last Version.

Again my Question:

Is there a way to download the last stable Version (not the latest one)
and reinstall that one?
As all my Problems just occured with the latest Version.

Even the Load never raise to this level :(

MailScanner started after 15 Minutes :(

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From zichovsky at TRUL.CZ  Wed Aug 11 13:00:20 2004
From: zichovsky at TRUL.CZ (Pavel Zichovsky)
Date: Thu Jan 12 21:26:32 2006
Subject: Problem with AVG scanner after update to 4.32
Message-ID: <mailman.606.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi There

I was using MailScanner version 4.30.3-1 with AVG Antivirus and it worked
perfectly.

But after upgrading to version 4.32.5-1 (and adding BitDefender console
edtion as second virus scanner) Mailscanner stopped stating "AVG found
virus" in "notice mails" and also in Mailwatch.

As you can see from maillog (fragment added below) AVG and Bitdefender
correctly found EICAR virus, but in "notice mail" and MailWatch is stated,
that only Bitdefender found virus (not any mention about AVG).

--------------- maillog fragment
---------------------------------------------
Aug 11 13:42:10 server MailScanner[2842]: Virus and Content Scanning:
Starting
Aug 11 13:42:10 server MailScanner[2842]: Commencing scanning by avg...
Aug 11 13:42:11 server MailScanner[2842]:
^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M./i7BBUF
p02507/eicar.com  Virus identified  EICAR_Test
Aug 11 13:42:12 server MailScanner[2842]: Completed scanning by avg
Aug 11 13:42:12 server MailScanner[2842]: Virus Scanning: Avg found 1
infections
Aug 11 13:42:12 server MailScanner[2842]: Commencing scanning by
bitdefender...
Aug 11 13:42:14 server MailScanner[2842]:
/home/data/mailscanner/incoming/2842/./i7BBUFp02507/eicar.com^Iinfected:
EICAR-Test-File (not a virus)
Aug 11 13:42:14 server MailScanner[2842]: Completed scanning by bitdefender
Aug 11 13:42:14 server MailScanner[2842]: Virus Scanning: Bitdefender found
1 infections
----------------- end of maillog fragment
------------------------------------

I think that problem is that in maillog I see many "^M" in AVG report
instead of path to infected file (as in bitdefender report).
But I can not figure out, how that "^M" could get to the log.
Where could be problem?
And how to correct this?

With Regards
Pavel Zichovsky (zichovsky@trul.cz)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From zichovsky at TRUL.CZ  Wed Aug 11 13:26:42 2004
From: zichovsky at TRUL.CZ (Pavel Zichovsky)
Date: Thu Jan 12 21:26:32 2006
Subject: Infected message delivered
Message-ID: <mailman.607.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there,

I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and
Bitdefender as second antivirus). All was good, but now, when only AVG
indetifies virus (Bitdefender not), Mailscanner will pass message as
uninfected to recipient.

Fragment of maillog:
-------------------
Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 messages,
1479 bytes
Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: Starting
Aug 11 14:10:30 server MailScanner[3547]: Virus and Content Scanning:
Starting
Aug 11 14:10:31 server MailScanner[3547]:
^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  EICAR_Test
(+6)
Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: Avg found 1
infections
Aug 11 14:10:32 server MailScanner[3547]: Uninfected: Delivered 1 messages
--------------------

I suppose, that it is connected with "^M" problem in path (as written in
another message). But virus passing through MailScanner is alarming.

What to do with this?

With Regards
Pavel Zichovsky (zichovsky@trul.cz)

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Wed Aug 11 13:29:08 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.608.1137101192.24926.mailscanner@lists.mailscanner.info>

The last message was not able to get through :(

more problems

as i am using mailscanner mails to aol.com get not through..
User unknown..
do i use just sendmail...the mails get through..to the user

any ideas for that?

Greetings

Marcel

---------- Forwarded message ----------
Date: Wed, 11 Aug 2004 13:53:21 +0200 (CEST)
From: Marcel Blenkers <marcel@irc-addicts.de>
To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
Subject: More Problems with new MailScanner-Version

Hi there,

now i just saw the following errors:

Aug 11 13:50:31 marcel sendmail-in[9925]: rejecting connections on daemon
MTA: load average: 15
Aug 11 13:50:46 marcel sendmail-in[9925]: rejecting connections on daemon
MTA: load average: 12


This never happened with the last Version.

Again my Question:

Is there a way to download the last stable Version (not the latest one)
and reinstall that one?
As all my Problems just occured with the latest Version.

Even the Load never raise to this level :(

MailScanner started after 15 Minutes :(

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 14:02:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: Infected message delivered
Message-ID: <mailman.609.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please try this patch to SweepViruses.pm:

-----SNIP-----
--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
@@ -2474,6 +2474,9 @@
    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified  EICAR_Test (+2)

+  # Remove all the duff carriage-returns from the line
+  $line =~ s/[\r\n]//g;
+
    #print STDERR "Line: $line\n";
    return 0 unless $line =~ /Virus identified  (.+)$/;

-----SNIP-----

Let me know if that helps. I need to get a new version of Antivir to work
on this.

At 13:26 11/08/2004, you wrote:
>Hi there,
>
>I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and
>Bitdefender as second antivirus). All was good, but now, when only AVG
>indetifies virus (Bitdefender not), Mailscanner will pass message as
>uninfected to recipient.
>
>Fragment of maillog:
>-------------------
>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 messages,
>1479 bytes
>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: Starting
>Aug 11 14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>Starting
>Aug 11 14:10:31 server MailScanner[3547]:
>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  EICAR_Test
>(+6)
>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: Avg found 1
>infections
>Aug 11 14:10:32 server MailScanner[3547]: Uninfected: Delivered 1 messages
>--------------------
>
>I suppose, that it is connected with "^M" problem in path (as written in
>another message). But virus passing through MailScanner is alarming.
>
>What to do with this?
>
>With Regards
>Pavel Zichovsky (zichovsky@trul.cz)
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug 11 14:07:16 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:32 2006
Subject: SpamAssassin 2.64  + MCP chacks
Message-ID: <mailman.610.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Oh ok, then I do not need it

I am just using the MCP feature to kill those annoying read receipt 
messages that Exchange is bloating around.  Works like a charm :)


On Wed, 11 Aug 2004, Julian Field wrote:

> I should think so, yes. The patch lets MCP look inside binary files such as 
> Word documents.
>
> At 06:54 11/08/2004, you wrote:
>> I did not patch SA at all, but MCP is working....
>> 
>> Is it still required to apply the patch?
>> 
>> On Tue, 10 Aug 2004, Julian Field wrote:
>> 
>>> At 15:02 10/08/2004, you wrote:
>>>> Does the MCP check patch works with the new version of SA.
>>>> Do you need to reïnstall the 2.63 patch?
>>> 
>>> You will need to re-install the patch, as the patched file will have been 
>>> overwritten in the SA upgrade.
>>> 
>>> Give me a shout if you have trouble applying the 2.63 patch against 2.64.
>> 
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http: //www.mailscanner.biz/maq/     and the archives at
>> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jburzenski at AMERICANHM.COM  Wed Aug 11 14:16:39 2004
From: jburzenski at AMERICANHM.COM (Jason Burzenski)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.611.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: More Problems with new MailScanner-Version (fwd)</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>&gt; Again my Question:</FONT>
<BR><FONT SIZE=2>&gt; </FONT>
<BR><FONT SIZE=2>&gt; Is there a way to download the last stable Version (not the </FONT>
<BR><FONT SIZE=2>&gt; latest one) and reinstall that one? As all my Problems just </FONT>
<BR><FONT SIZE=2>&gt; occured with the latest Version.</FONT>
</P>

<P><FONT SIZE=2>I have successfully downgraded in the past by running the ./install.sh script from older versions.&nbsp; </FONT>
</P>

</BODY>
</HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>

</x-html>

From raymond at PROLOCATION.NET  Wed Aug 11 14:31:12 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version
Message-ID: <mailman.612.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> Aug 11 13:50:31 marcel sendmail-in[9925]: rejecting connections on daemon
> MTA: load average: 15
> Aug 11 13:50:46 marcel sendmail-in[9925]: rejecting connections on daemon
> MTA: load average: 12
>
>
> This never happened with the last Version.

You machine is just having a load thats too high for your current sendmail
config.

> Even the Load never raise to this level :(
> MailScanner started after 15 Minutes :(

Are you using custom rulesets ? (check the mailinglist archive if you do,
lots of tips there)

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cpd at UNIVAP.BR  Wed Aug 11 14:35:10 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:32 2006
Subject: Problem with AVG scanner after update to 4.32
Message-ID: <mailman.613.1137101192.24926.mailscanner@lists.mailscanner.info>

   I've the same problem with AVG and post this to list some days ago.


Vladimir M Costa


> Hi There
>
> I was using MailScanner version 4.30.3-1 with AVG Antivirus and it worked
> perfectly.
>
> But after upgrading to version 4.32.5-1 (and adding BitDefender console
> edtion as second virus scanner) Mailscanner stopped stating "AVG found
> virus" in "notice mails" and also in Mailwatch.
>
> As you can see from maillog (fragment added below) AVG and Bitdefender
> correctly found EICAR virus, but in "notice mail" and MailWatch is stated,
> that only Bitdefender found virus (not any mention about AVG).
>
> --------------- maillog fragment
> ---------------------------------------------
> Aug 11 13:42:10 server MailScanner[2842]: Virus and Content Scanning:
> Starting
> Aug 11 13:42:10 server MailScanner[2842]: Commencing scanning by avg...
> Aug 11 13:42:11 server MailScanner[2842]:
> ^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M./i7BBUF
> p02507/eicar.com  Virus identified  EICAR_Test
> Aug 11 13:42:12 server MailScanner[2842]: Completed scanning by avg
> Aug 11 13:42:12 server MailScanner[2842]: Virus Scanning: Avg found 1
> infections
> Aug 11 13:42:12 server MailScanner[2842]: Commencing scanning by
> bitdefender...
> Aug 11 13:42:14 server MailScanner[2842]:
> /home/data/mailscanner/incoming/2842/./i7BBUFp02507/eicar.com^Iinfected:
> EICAR-Test-File (not a virus)
> Aug 11 13:42:14 server MailScanner[2842]: Completed scanning by bitdefender
> Aug 11 13:42:14 server MailScanner[2842]: Virus Scanning: Bitdefender found
> 1 infections
> ----------------- end of maillog fragment
> ------------------------------------
>
> I think that problem is that in maillog I see many "^M" in AVG report
> instead of path to infected file (as in bitdefender report).
> But I can not figure out, how that "^M" could get to the log.
> Where could be problem?
> And how to correct this?
>
> With Regards
> Pavel Zichovsky (zichovsky@trul.cz)
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Wed Aug 11 14:39:32 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.614.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there


and first of all thanks to the answer :)


On Wed, 11 Aug 2004, Jason Burzenski wrote:

> > Again my Question:
> >
> > Is there a way to download the last stable Version (not the
> > latest one) and reinstall that one? As all my Problems just
> > occured with the latest Version.
>
> I have successfully downgraded in the past by running the ./install.sh
> script from older versions.
>

but where can i download the old version? As i had deleted the
install-tar-gz from the last stable one :( stupid me..i know

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From steve.freegard at LBSLTD.CO.UK  Wed Aug 11 14:49:52 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:26:32 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.615.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=GB2312">


<META content="MSHTML 6.00.2900.2096" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2>Hi James,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2>Head over to spamassassin.apache.org and have a look for 
GTUBE (Generic Test for Unsolicited Bulk Email) which is similar to EICAR but 
for spam.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2>Cheers,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=656364813-11082004><FONT face=Arial 
color=#0000ff size=2>Steve.</FONT></SPAN></DIV><BR>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
  <HR tabIndex=-1>
  <FONT face=Tahoma size=2><B>From:</B> James Hsieh [mailto:james@080.NET] 
  <BR><B>Sent:</B> 11 August 2004 10:28<BR><B>To:</B> 
  MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> test for spam email, is there 
  any ?<BR></FONT><BR></DIV>
  <DIV></DIV>
  <DIV>
  <DIV>
  <DIV>Hi!</DIV>
  <DIV>There is a virus test :</DIV>
  <DIV><A 
  href="http://www.aleph-tec.com/eicar/index.php">http://www.aleph-tec.com/eicar/index.php</A></DIV>
  <DIV>&nbsp;</DIV>
  <DIV>I wonder if there is a test for spamassassin so I can go there and send 
  emails to test my setting.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Regards,</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>James</DIV></DIV></DIV><BR><BR><BR><BR>---------------------------------------------------------- 
  <BR>±¾à]¼þÒѽ^Ûß^<A href="http://080.net">080.net</A> ȺÃ˿Ƽ¼²¡¶¾^ÒßÃé <BR>Viruses Scanned by 
  <A href="http://080.net">080.net</A> -------------------------- MailScanner 
  list ----------------------<BR>To leave, send leave mailscanner to <A 
  href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A><BR>Before 
  posting, please see the Most Asked Questions at<BR><A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A> and 
  the archives at<BR><A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A><BR></BLOCKQUOTE></BODY><br />
<br />--
<br />This message has been scanned for viruses and dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>.
</HTML>
-------------------------- MailScanner list ----------------------<br>
To leave, send    leave mailscanner    to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>     and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>
</x-html>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 14:58:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.616.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:28 11/08/2004, you wrote:
>Hi!
>There is a virus test :
><http://www.aleph-tec.com/eicar/index.php>http://www.aleph-tec.com/eicar/index.php
>
>I wonder if there is a test for spamassassin so I can go there and send
>emails to test my setting.

There is a GTUBE test message string, just like the EICAR virus test
string. Look in SpamAssassin in the sample-spam.txt file in their
distribution.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Wed Aug 11 15:00:41 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:32 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.617.1137101192.24926.mailscanner@lists.mailscanner.info>

On Wed, August 11, 2004 10:28, James Hsieh said:
> Hi!
> There is a virus test :
> http://www.aleph-tec.com/eicar/index.php
>
> I wonder if there is a test for spamassassin so I can go there and send
> emails to test my setting.
>

Try http://spamassassin.apache.org/gtube/

Drew



--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From Stefan.Sabolowitsch at FELTENGMBH.DE  Wed Aug 11 15:14:07 2004
From: Stefan.Sabolowitsch at FELTENGMBH.DE (Stefan Sabolowitsch)
Date: Thu Jan 12 21:26:32 2006
Subject: Probs with latest Version and Postfix
Message-ID: <mailman.618.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi List,

I have a lot entrys in my maillog

Aug 11 16:17:05 mailmx MailScanner[8348]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:05 mailmx MailScanner[8348]: Config: calling custom init
function MailWatchLogging
Aug 11 16:17:15 mailmx MailScanner[8349]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:15 mailmx MailScanner[8349]: Config: calling custom init
function MailWatchLogging
Aug 11 16:17:25 mailmx MailScanner[8350]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:25 mailmx MailScanner[8350]: Config: calling custom init
function MailWatchLogging
Aug 11 16:17:35 mailmx MailScanner[8352]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:35 mailmx MailScanner[8352]: Config: calling custom init
function MailWatchLogging
Aug 11 16:17:45 mailmx MailScanner[8353]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:45 mailmx MailScanner[8353]: Config: calling custom init
function MailWatchLogging
Aug 11 16:17:55 mailmx MailScanner[8354]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:17:55 mailmx MailScanner[8354]: Config: calling custom init
function MailWatchLogging
Aug 11 16:18:05 mailmx MailScanner[8355]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:18:06 mailmx MailScanner[8355]: Config: calling custom init
function MailWatchLogging
Aug 11 16:18:15 mailmx MailScanner[8356]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:18:16 mailmx MailScanner[8356]: Config: calling custom init
function MailWatchLogging
Aug 11 16:18:25 mailmx MailScanner[8357]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:18:26 mailmx MailScanner[8357]: Config: calling custom init
function MailWatchLogging
Aug 11 16:18:35 mailmx MailScanner[8359]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 11 16:18:36 mailmx MailScanner[8359]: Config: calling custom init
function MailWatchLogging

Wath ist wrong here ?

Thanks

Stefan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug 11 15:36:34 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:32 2006
Subject: Probs with latest Version and Postfix
Message-ID: <mailman.619.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Stefan Sabolowitsch wrote:

> Hi List,
>
> I have a lot entrys in my maillog
>
> Aug 11 16:17:05 mailmx MailScanner[8348]: MailScanner E-Mail Virus Scanner
> version 4.32.5 starting...
> Aug 11 16:17:05 mailmx MailScanner[8348]: Config: calling custom init
> function MailWatchLogging
> Aug 11 16:17:15 mailmx MailScanner[8349]: MailScanner E-Mail Virus Scanner
> version 4.32.5 starting...

> Wath ist wrong here ?

probably your MailWatch.pm that has been renamed as MailWatch.pm.rpmnew
or something similar.

>
> Thanks
>
> Stefan
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From jase at SENSIS.COM  Wed Aug 11 15:38:33 2004
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:26:32 2006
Subject: Infected message delivered
Message-ID: <mailman.620.1137101192.24926.mailscanner@lists.mailscanner.info>

Pavel,

Are you using symbolic links anywhere?  I know McAfee will detect but not
remove viruses if you have a symbolic link and not the real path of your
Incoming Work Dir.  Has anything else changed since your upgrade?

Jase

Pavel Zichovsky wrote:
> Hi there,
>
> I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and
> Bitdefender as second antivirus). All was good, but now, when only AVG
> indetifies virus (Bitdefender not), Mailscanner will pass message as
> uninfected to recipient.
>
> Fragment of maillog:
> -------------------
> Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1
> messages, 1479 bytes
> Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: Starting
> Aug 11 14:10:30 server MailScanner[3547]: Virus and Content Scanning:
> Starting
> Aug 11 14:10:31 server MailScanner[3547]:
> ^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified
> EICAR_Test (+6)
> Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: Avg found 1
> infections
> Aug 11 14:10:32 server MailScanner[3547]: Uninfected: Delivered 1
> messages --------------------
>
> I suppose, that it is connected with "^M" problem in path (as written
> in another message). But virus passing through MailScanner is
> alarming.
>
> What to do with this?
>
> With Regards
> Pavel Zichovsky (zichovsky@trul.cz)
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 15:39:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: Probs with latest Version and Postfix
Message-ID: <mailman.621.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Is it processing mail at all?
If you aren't sure, follow
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/252.html
and see what results you get.

At 15:14 11/08/2004, you wrote:
>Hi List,
>
>I have a lot entrys in my maillog
>
>Aug 11 16:17:05 mailmx MailScanner[8348]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:05 mailmx MailScanner[8348]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:15 mailmx MailScanner[8349]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:15 mailmx MailScanner[8349]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:25 mailmx MailScanner[8350]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:25 mailmx MailScanner[8350]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:35 mailmx MailScanner[8352]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:35 mailmx MailScanner[8352]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:45 mailmx MailScanner[8353]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:45 mailmx MailScanner[8353]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:55 mailmx MailScanner[8354]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:55 mailmx MailScanner[8354]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:05 mailmx MailScanner[8355]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:06 mailmx MailScanner[8355]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:15 mailmx MailScanner[8356]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:16 mailmx MailScanner[8356]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:25 mailmx MailScanner[8357]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:26 mailmx MailScanner[8357]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:35 mailmx MailScanner[8359]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:36 mailmx MailScanner[8359]: Config: calling custom init
>function MailWatchLogging
>
>Wath ist wrong here ?
>
>Thanks
>
>Stefan
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From Stefan.Sabolowitsch at FELTENGMBH.DE  Wed Aug 11 15:39:48 2004
From: Stefan.Sabolowitsch at FELTENGMBH.DE (Stefan Sabolowitsch)
Date: Thu Jan 12 21:26:32 2006
Subject: AW: Probs with latest Version and Postfix
Message-ID: <mailman.622.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

that ist the result.

Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:       In Debugging mode, not forking...
Undefined subroutine &MailScanner::CustomConfig::InitMailWatchLogging called
at /usr/lib/MailScanner/MailScanner/Config.pm line 768.

Stefan


 -----Ursprüngliche Nachricht-----
Von:    Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
Gesendet:       Mittwoch, 11. August 2004 16:39
An:     MAILSCANNER@JISCMAIL.AC.UK
Betreff:        Re: Probs with latest Version and Postfix

Is it processing mail at all?
If you aren't sure, follow
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/252.html
and see what results you get.

At 15:14 11/08/2004, you wrote:
>Hi List,
>
>I have a lot entrys in my maillog
>
>Aug 11 16:17:05 mailmx MailScanner[8348]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:05 mailmx MailScanner[8348]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:15 mailmx MailScanner[8349]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:15 mailmx MailScanner[8349]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:25 mailmx MailScanner[8350]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:25 mailmx MailScanner[8350]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:35 mailmx MailScanner[8352]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:35 mailmx MailScanner[8352]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:45 mailmx MailScanner[8353]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:45 mailmx MailScanner[8353]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:17:55 mailmx MailScanner[8354]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:17:55 mailmx MailScanner[8354]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:05 mailmx MailScanner[8355]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:06 mailmx MailScanner[8355]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:15 mailmx MailScanner[8356]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:16 mailmx MailScanner[8356]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:25 mailmx MailScanner[8357]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:26 mailmx MailScanner[8357]: Config: calling custom init
>function MailWatchLogging
>Aug 11 16:18:35 mailmx MailScanner[8359]: MailScanner E-Mail Virus Scanner
>version 4.32.5 starting...
>Aug 11 16:18:36 mailmx MailScanner[8359]: Config: calling custom init
>function MailWatchLogging
>
>Wath ist wrong here ?
>
>Thanks
>
>Stefan
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From edu at ICARUS.COM.BR  Wed Aug 11 15:45:21 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:32 2006
Subject: Linux Distro
Message-ID: <mailman.623.1137101192.24926.mailscanner@lists.mailscanner.info>

Julian,


my name and Eduardo Santa Helena, and I is developing a Linux distro
specially for use as gateway of email.
I is requesting your agree  for include the MailScanner in this distro.
To same still this in phase of compilation of the packages and I is using
the .src  of the RHEL 3 and of the Fedora as base of the system.

This distro have GPL licence.

Tnx.

Eduardo

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 15:53:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: AW: Probs with latest Version and Postfix
Message-ID: <mailman.624.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In which case there is something wrong with your MailWatch installation.

At 15:39 11/08/2004, you wrote:
>Undefined subroutine &MailScanner::CustomConfig::InitMailWatchLogging called
>at /usr/lib/MailScanner/MailScanner/Config.pm line 768.

Can a MailWatch user help this guy out please?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug 11 16:16:25 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:32 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.625.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Am I the only one seeing these 'empty' attachments in the quarantine dir 
but a considerable payload in the df file?

Cheers!
Remco


On Mon, 9 Aug 2004, Remco Barendse wrote:

> I don't know really :)
>
> I think it is MailScanner that converted the filename that came with the
> email (user@domain.com.zip) to a 'normal' filename like userdomain.com.zip
>
> What worries me more is that the e-mail does seem to have some sort of 
> payload for the attachment but mailscanner apparently is unable to 
> decode/scan it properly. This means that if my filename rules would not have 
> stopped the mail, MailScanner would have considered the e-mail as harmless 
> (empty zip file and zips are allowed) and would have delivered the message.
>
> Not sure what is causing this behaviour, maybe the mime decoder is not able 
> to decode the attachment properly which passes the 0 size attachment to 
> MailScanner.
>
> I still have the df/qf pair if anyone is interested :)
>
>
>
> On Mon, 9 Aug 2004, Alex Neuman wrote:
>
>> This message in particular "tripped" Norton Antivirus 2004 for Windows.
>> Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the antivirus 
>> pop
>> up and say it found something since I installed MS so many months ago.
>> 
>> I usually have to get rid of the "catch all double extensions" rule because
>> of clients who insist on being able to name their files whatever they want;
>> I guess this means I'll have to use rules to disallow "dot + three
>> characters + dot zip"...
>> 
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
>> Behalf
>> Of Remco Barendse
>> Sent: Monday, August 09, 2004 4:42 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: 'Empty' zip files?
>> 
>> Guess this is slightly off-topic but we are getting viruses with a zipfile
>> (in the form of usernamemydomainname.com.zip)
>> 
>> MailScanner traps these zip files because of filename rules. The strange
>> thing is however that MS is just reporting a filename problem and no
>> virus name. The zip file in /var/spool/MailScanner/quarantine has a file
>> size of 0 (that would explain why no virus was reported) but I think the
>> zip file may not be 0 size on every client.
>> 
>> When I look into the df/qf pair there is a considerable amount of
>> data in it that would be for the attachment.
>> 
>> Could there be something wrong with the mime decoder and would M$ Outlook
>> be able to decode it properly (which would potentially mean that we would
>> be vulnerable to the virus?
>> 
>> I will paste the top part of the df file here:
>> 
>> This is a multi-part message in MIME format.
>> 
>> ------=_NextPart_000_0005_653AB3AB.01F72A06
>> Content-Type: text/plain;
>>        charset=us-ascii
>> Content-Transfer-Encoding: base64
>> 
>> RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
>> c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
>> cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
>> bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
>> IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
>> a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
>> cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
>> NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
>> cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
>> Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
>> b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
>> eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
>> bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
>> amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==
>> 
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http: //www.mailscanner.biz/maq/     and the archives at
>> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>> 
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 16:23:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.626.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:39 11/08/2004, you wrote:
>Hi there
>
>
>and first of all thanks to the answer :)
>
>
>On Wed, 11 Aug 2004, Jason Burzenski wrote:
>
> > > Again my Question:
> > >
> > > Is there a way to download the last stable Version (not the
> > > latest one) and reinstall that one? As all my Problems just
> > > occured with the latest Version.
> >
> > I have successfully downgraded in the past by running the ./install.sh
> > script from older versions.
> >
>
>but where can i download the old version? As i had deleted the
>install-tar-gz from the last stable one :( stupid me..i know

The downloads are always in the same place, just look at the link
properties and change the version number.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug 11 16:38:10 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.627.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Marcel Blenkers wrote:

> Hi there
>
>
> and first of all thanks to the answer :)
>
>
> On Wed, 11 Aug 2004, Jason Burzenski wrote:
>
>
>>>Again my Question:
>>>
>>>Is there a way to download the last stable Version (not the
>>>latest one) and reinstall that one? As all my Problems just
>>>occured with the latest Version.
>>
>>I have successfully downgraded in the past by running the ./install.sh
>>script from older versions.
>>
>
>
> but where can i download the old version? As i had deleted the
> install-tar-gz from the last stable one :( stupid me..i know

Easy trick... by looking at the url of the most recent version, you can
tell that...

http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/
>
> Greetings
>
> Marcel
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From SmartD at VMCMAIL.COM  Wed Aug 11 16:52:19 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:32 2006
Subject: Possible message corruption doing hold queue access...
Message-ID: <mailman.628.1137101192.24926.mailscanner@lists.mailscanner.info>

I'm doing some research and evaluation of using MailScanner with Postfix and
SpamAssassin.  I am concerned that the primary author of Postfix recommends
against using MailScanner since it reads the hold queue file directly
instead of using the LMTP protocol as amavis-new does.

Does anyone have any opinions on the likelihood of message corruption, and
the pros and cons of MailScanner in comparison to amavis-new?

<<Dan>>



> From: Wietse Venema (wietse@porcupine.org <mailto:wietse%40porcupine.org>
)
> Subject: Re: postfix/mailscanner configuration?
> Date: 2003-08-27 15:57:28 PST
>
> Do not use mailscanner. This software accesses Postfix queue files
> directly.  This can result in message corruption.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 16:54:41 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.629.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:16 11/08/2004, you wrote:
>Am I the only one seeing these 'empty' attachments in the quarantine dir 
>but a considerable payload in the df file?

Can you put one qf/df pair on a web site I can get at please, and mail me 
the URL off-list?


>Cheers!
>Remco
>
>
>On Mon, 9 Aug 2004, Remco Barendse wrote:
>
>>I don't know really :)
>>
>>I think it is MailScanner that converted the filename that came with the
>>email (user@domain.com.zip) to a 'normal' filename like userdomain.com.zip
>>
>>What worries me more is that the e-mail does seem to have some sort of 
>>payload for the attachment but mailscanner apparently is unable to 
>>decode/scan it properly. This means that if my filename rules would not 
>>have stopped the mail, MailScanner would have considered the e-mail as 
>>harmless (empty zip file and zips are allowed) and would have delivered 
>>the message.
>>
>>Not sure what is causing this behaviour, maybe the mime decoder is not 
>>able to decode the attachment properly which passes the 0 size attachment 
>>to MailScanner.
>>
>>I still have the df/qf pair if anyone is interested :)
>>
>>
>>
>>On Mon, 9 Aug 2004, Alex Neuman wrote:
>>
>>>This message in particular "tripped" Norton Antivirus 2004 for Windows.
>>>Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the antivirus pop
>>>up and say it found something since I installed MS so many months ago.
>>>I usually have to get rid of the "catch all double extensions" rule because
>>>of clients who insist on being able to name their files whatever they want;
>>>I guess this means I'll have to use rules to disallow "dot + three
>>>characters + dot zip"...
>>>-----Original Message-----
>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>>>Of Remco Barendse
>>>Sent: Monday, August 09, 2004 4:42 AM
>>>To: MAILSCANNER@JISCMAIL.AC.UK
>>>Subject: 'Empty' zip files?
>>>Guess this is slightly off-topic but we are getting viruses with a zipfile
>>>(in the form of usernamemydomainname.com.zip)
>>>MailScanner traps these zip files because of filename rules. The strange
>>>thing is however that MS is just reporting a filename problem and no
>>>virus name. The zip file in /var/spool/MailScanner/quarantine has a file
>>>size of 0 (that would explain why no virus was reported) but I think the
>>>zip file may not be 0 size on every client.
>>>When I look into the df/qf pair there is a considerable amount of
>>>data in it that would be for the attachment.
>>>Could there be something wrong with the mime decoder and would M$ Outlook
>>>be able to decode it properly (which would potentially mean that we would
>>>be vulnerable to the virus?
>>>I will paste the top part of the df file here:
>>>This is a multi-part message in MIME format.
>>>------=_NextPart_000_0005_653AB3AB.01F72A06
>>>Content-Type: text/plain;
>>>        charset=us-ascii
>>>Content-Transfer-Encoding: base64
>>>RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
>>>c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
>>>cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
>>>bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
>>>IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
>>>a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
>>>cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
>>>NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
>>>cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
>>>Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
>>>b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
>>>eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
>>>bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
>>>amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>Before posting, please see the Most Asked Questions at
>>>http: //www.mailscanner.biz/maq/     and the archives at
>>>http: //www.jiscmail.ac.uk/lists/mailscanner.html
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From marcel at IRC-ADDICTS.DE  Wed Aug 11 18:24:40 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.630.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there,



>
> Easy trick... by looking at the url of the most recent version, you can
> tell that...
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/
> >

ok..i downloaded the old version..
and the errors are the same..
now..what is wrong here..i thought :)

and then i tried the following:

moved my old Perl-Version  v5.8.0
into the path /usr/bin

moved the new version v5.8.4 outside of the search-path..

removed via rpm -e the mailscanner..
and reinstalled it again..

and voila..now it works..

it seems that mailscanner in combination with perl v5.8.4 somewhere within
the search path of the install.sh could get terribly wrong..

Sorry for all the fuzz i did..and i hope my ideas are of some help

because now even the creation of the MailScanner.pid within /var/run works
absolutely fine..

Greetings

Marcel

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From cparker at SWATGEAR.COM  Wed Aug 11 18:34:15 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:32 2006
Subject: Unsubscribe
Message-ID: <mailman.631.1137101192.24926.mailscanner@lists.mailscanner.info>

Martin Sapsed <mailto:m.sapsed@BANGOR.AC.UK>
    on Wednesday, August 11, 2004 1:38 AM said:

> OK - I'll make that change if it clarifies things. Anyone suggest a
> way of indicating that goes in the body rather than subject, but
> keeping it as a one liner? (Trying to keep the footer small if
> poss...)

here is my suggestion for a new footer. it has a slightly longer
unsubscribe text but the other lines have been shortened.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


.02
chris.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From marcel at IRC-ADDICTS.DE  Wed Aug 11 19:18:09 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:32 2006
Subject: Returned mail: User unknown (fwd)
Message-ID: <mailman.632.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there!!!

After some testing with some other Mail-Users at aol.com we experienced
the following..which is no error with mailscanner..

As AOL uses more then 1 Server for incoming mails, all of them should be
aware of what kind of users are at aol.
But it seems, that some servers do not know, what kind of users are at aol
and so this server sends as postmaster an mail to the sender that this
user is unknown.

So..forget my Problem-Mail!
This is an error at aol and on their side..
i also reported this behaviour of their mailservers to
postmaster@aol.com..

but i do not expect them to answer :)

Greetings

Marcel

On Wed, 11 Aug 2004, Marcel Blenkers wrote:

> Hi there,
>
> there seems to be an error with..i do not know...
>
> As i do send the mail to the recipient at aol (which is an existing
> mail-account) i get this return stating this account is unknown..
>
> but..if i stop mailscanner and just start sendmail, the mail was received
> by the person who should get the mail..
>
> Is there anyone having an idea why this could happen??
>
> Greetings
>
> Marcel
>
> ---------- Forwarded message ----------
> Date: Wed, 11 Aug 2004 13:37:42 -0400 (EDT)
> From: Mail Delivery Subsystem <MAILER-DAEMON@aol.com>
> To: marcel@irc-addicts.de
> Subject: Returned mail: User unknown
>
> The original message was received at Wed, 11 Aug 2004 13:37:34 -0400 (EDT)
> from irc-addicts.de [80.86.174.40]
>
>
> *** ATTENTION ***
>
> Your e-mail is being returned to you because there was a problem with its
> delivery.  The address which was undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal errors -----".
>
> The reason your mail is being returned to you is listed in the section
> labeled: "----- Transcript of Session Follows -----".
>
> The line beginning with "<<<" describes the specific reason your e-mail could
> not be delivered.  The next line contains a second error message which is a
> general translation for other e-mail servers.
>
> Please direct further questions regarding this message to your e-mail
> administrator.
>
> --AOL Postmaster
>
>
>
>    ----- The following addresses had permanent fatal errors -----
> <deletedbymarcel@aol.com>
>
>    ----- Transcript of session follows -----
> ... while talking to air-xa04.mail.aol.com.:
> >>> RCPT To:<deletedbymarcel@aol.com>
> 550 <deletedbymarcel@aol.com>... User unknown
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From raymond at PROLOCATION.NET  Wed Aug 11 19:39:40 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.633.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi!

> because now even the creation of the MailScanner.pid within /var/run works
> absolutely fine..

But many people are seeing this, so there must be something 'fuzzy'.
Today i had two machines with the same behaviour. They were running just
fine, but after a reboot the system as hanging on the 'starting
mailscanner'. That was on a FC1 box, but also got the same reported on a
Debian machine.

If i start MS manually it runs.

Any idea's Julian, did you change anything of the PID checks in the latest
version ?

Bye,
Raymond

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From pparsons at COLUMBIAFUELS.COM  Wed Aug 11 20:03:25 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:32 2006
Subject: MCP Checks showing up
Message-ID: <mailman.634.1137101192.24926.mailscanner@lists.mailscanner.info>

I have just upgraded to MailScanner-4.32.5-1 with sendmail and
bitdefender/Redhat 9

I have not inserted the MCP checks config into my Mailscanner.conf file
and I have gone through the file line by line.. But all of a sudden I
have the following showing up in my maillog 

MCP Checks completed at 4362 bytes per second.

Not that this is a bad thing but I would like to configure it and I
cannot find where to do that...

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From ugob at CAMO-ROUTE.COM  Wed Aug 11 20:14:39 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:32 2006
Subject: AW: Probs with latest Version and Postfix
Message-ID: <mailman.635.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> In which case there is something wrong with your MailWatch installation.
>
> At 15:39 11/08/2004, you wrote:
>
>> Undefined subroutine &MailScanner::CustomConfig::InitMailWatchLogging
>> called
>> at /usr/lib/MailScanner/MailScanner/Config.pm line 768.

Did you double check in the /usr/lib/MailScanner/MailScanner/ folder if
you have a MailWatch.pm file?  Does it have an extra extension like .rpmnew?

>
>
> Can a MailWatch user help this guy out please?
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From zichovsky at TRUL.CZ  Wed Aug 11 20:20:54 2004
From: zichovsky at TRUL.CZ (Pavel Zichovsky)
Date: Thu Jan 12 21:26:32 2006
Subject: Infected message delivered
Message-ID: <mailman.636.1137101192.24926.mailscanner@lists.mailscanner.info>

Hi there,

No, I do not use symbolic link in whole Mailscanner tree (incoming work
directory, quarantine etc.)
Since upgrade nothing has changed, upgrade was yesterday. Just before
upgrade of MailScanner I did upgrade of AVG Antivirus (from version 7.0.8 to
7.0.10) but I tested it and did not notice any change in output (of course
except version).

Is there any way to get exact commandline (all parameters etc) which is used
by wrapper script?
It could be the way testing this exact command manualy.

With Regards
Pavel Zichovsky (zichovsky@trul.cz)

> -----Pùvodní zpráva-----
> 
> Pavel,
> 
> Are you using symbolic links anywhere?  I know McAfee will 
> detect but not remove viruses if you have a symbolic link and 
> not the real path of your Incoming Work Dir.  Has anything 
> else changed since your upgrade?
> 
> Jase
> 
> Pavel Zichovsky wrote:
> > Hi there,
> >
> > I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and 
> > Bitdefender as second antivirus). All was good, but now, 
> when only AVG 
> > indetifies virus (Bitdefender not), Mailscanner will pass 
> message as 
> > uninfected to recipient.
> >
> > Fragment of maillog:
> > -------------------
> > Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
> > messages, 1479 bytes Aug 11 14:10:28 server MailScanner[3547]: Spam 
> > Checks: Starting Aug 11 14:10:30 server MailScanner[3547]: 
> Virus and 
> > Content Scanning:
> > Starting
> > Aug 11 14:10:31 server MailScanner[3547]:
> > ^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified 
> > EICAR_Test (+6) Aug 11 14:10:31 server MailScanner[3547]: Virus 
> > Scanning: Avg found 1 infections Aug 11 14:10:32 server 
> > MailScanner[3547]: Uninfected: Delivered 1 messages 
> > --------------------
> >
> > I suppose, that it is connected with "^M" problem in path 
> (as written 
> > in another message). But virus passing through MailScanner is 
> > alarming.
> >
> > What to do with this?
> >
> > With Regards
> > Pavel Zichovsky (zichovsky@trul.cz)
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From William.Burns at AEROFLEX.COM  Wed Aug 11 20:30:36 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.637.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex:

Yup, you've got the approach...
Sorry, I haven't implemented SPF yet, so I'm not the best resource for
implementation info.

But, here are links you could try for RPMs:
http://libspf.org/files.html
http://spf.userfriendly.net/downloads.html

-Bill


Alex Neuman wrote:

>Ok... So would a conservative-yet-effective approach be:
>
>1. Sendmail gets message, checks SPF. If SPF records say mail came from
>unauthorized server, drop the connection. If no SPF available, receive
>e-mail anyways (for now).
>2. MailScanner gets message from Sendmail, passes message to SpamAssassin
>for processing. SpamAssassin checks SPF records, assign arbitrary negative
>number (say, -2.0) if SPF records check out ok, otherwise process as usual.
>
>Less conservative efforts would range from harsh (assign positive score to
>non-SPF messages when checked by SA) to brutal (drop non-SPF messages at MTA
>level).
>
>Is my understanding correct? Has anybody who's already implemented SPF at
>the MTA level using RPM-installed sendmail worked out something like this,
>and if so, where did you find info on it?
>
>Thanks...
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of William Burns
>Sent: Tuesday, August 10, 2004 12:42 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: SPF
>
>John:
>
>SPF in your MTA blocks mail from IPs that don't belong to a senders
>domain. (if SPF is configured for that domain)
>
>
> ....

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From William.Burns at AEROFLEX.COM  Wed Aug 11 20:38:22 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.638.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Joshua:

I disagree..
Any sending domain that configured SPF and then became a spammer, would
find itself blacklisted pretty quickly.
The (admittedly minimal) cost of configuring a domain in the first place
should be a deterrant to spammers using valid SPF servers.
I think that's worth at least a small negative Spam Assassin value.

If you're NOT going to assign a negative Spam Assassin value for SPF
servers, then why SPF enable Spam Assassin at all?

-Bill

Hirsh, Joshua wrote:

>>2. MailScanner gets message from Sendmail, passes message to SpamAssassin
>>for processing. SpamAssassin checks SPF records, assign arbitrary negative
>>number (say, -2.0) if SPF records check out ok, otherwise process as
>>
>>
>usual.
>
> Personally, I wouldn't assign a negative value to any email with a proper
>SPF record. It's still very easy for a spammer to setup a domain and publish
>SPF records that make all addresses valid. If that happened, the message
>would hit your server and possibly make it through unscathed because of the
>added negative value..
>
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

From admin at LANNON.QC.CA  Wed Aug 11 20:38:56 2004
From: admin at LANNON.QC.CA (Real Melancon)
Date: Thu Jan 12 21:26:32 2006
Subject: SpamAssassin does not scan emails
Message-ID: <mailman.639.1137101192.24926.mailscanner@lists.mailscanner.info>

Hello List. Sorry for re-posting.

I filter only some of our users with a rule file. And from time
to time I get spam that goes right through without being scanned
by SpamAssassin.

Header looks like this:

---
X-MailScanner-Information: Internet Expresso - MailScanner + Clamd
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck:
---

There is no spamassassin score ?

My rule file is like this (only lines for my account):
Filename: expresso_antispam.users.rules

To:     admin@expresso.qc.ca            yes
To:     admin@lannon.qc.ca              yes
To:     admin                           yes

If found out that, the mail only get through when the CC or TO
field contains a lot of recipients.


Any ideas ?

Thanks.

Real Melancon.

__________________________________________________
Internet Expresso (FSI-ISP Mont-Tremblant/Quebec/Canada)




* * * Courriel protégé par Internet Expresso AntiVirus (ClamAV) * * *

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

From joshua.hirsh at PARTNERSOLUTIONS.CA  Wed Aug 11 20:59:13 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:32 2006
Subject: SPF
Message-ID: <mailman.640.1137101192.24926.mailscanner@lists.mailscanner.info>

> If you're NOT going to assign a negative Spam Assassin value for SPF
> servers, then why SPF enable Spam Assassin at all?

 Not assigning a negative value to valid SPF sites doesn't really concern
me, of course everyone is free to do as they please.

 Assigning a very high positive value to sites that fail SPF tests is the
key, which is the entire point of adding the support in SpamAssassin. You
know.. for catching SPAM. ;-)


 Cheers,
-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martelm at QUARK.VSC.EDU  Wed Aug 11 21:04:49 2004
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:26:32 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.641.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello!

I'm looking to use MailScanner to add a disclaimer (Bah!) to all my
outgoing emails.  I tried the inline sig, which works, but it adds it to
incoming mails as well.

Does anyone have something that they use that I could look at ?  Maybe
something like this should be in a FAQ/MAQ or the distribution ?

Many thanks!




Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   martelm@quark.vsc.edu          | Vermont State Colleges
   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 21:16:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.642.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:39 11/08/2004, you wrote:
> > because now even the creation of the MailScanner.pid within /var/run works
> > absolutely fine..
>
>But many people are seeing this, so there must be something 'fuzzy'.
>Today i had two machines with the same behaviour. They were running just
>fine, but after a reboot the system as hanging on the 'starting
>mailscanner'. That was on a FC1 box, but also got the same reported on a
>Debian machine.
>
>If i start MS manually it runs.
>
>Any idea's Julian, did you change anything of the PID checks in the latest
>version ?

I don't think so, no.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 21:17:11 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: Linux Distro
Message-ID: <mailman.643.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:45 11/08/2004, you wrote:
>Julian,
>
>
>my name and Eduardo Santa Helena, and I is developing a Linux distro
>specially for use as gateway of email.
>I is requesting your agree  for include the MailScanner in this distro.
>To same still this in phase of compilation of the packages and I is using
>the .src  of the RHEL 3 and of the Fedora as base of the system.
>
>This distro have GPL licence.

No problem, go ahead.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 21:18:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:32 2006
Subject: MCP Checks showing up
Message-ID: <mailman.644.1137101192.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:03 11/08/2004, you wrote:
>I have just upgraded to MailScanner-4.32.5-1 with sendmail and
>bitdefender/Redhat 9
>
>I have not inserted the MCP checks config into my Mailscanner.conf file
>and I have gone through the file line by line.. But all of a sudden I
>have the following showing up in my maillog
>
>MCP Checks completed at 4362 bytes per second.
>
>Not that this is a bad thing but I would like to configure it and I
>cannot find where to do that...

Read the MCP docs at www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 11 21:24:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.645.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
avgscan -arc -ext=* .
is the complete command.

At 20:20 11/08/2004, you wrote:
>Is there any way to get exact commandline (all parameters etc) which is used
>by wrapper script?
>It could be the way testing this exact command manualy.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Wed Aug 11 21:25:15 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:33 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.646.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michael H. Martel wrote:

> Hello!
>
> I'm looking to use MailScanner to add a disclaimer (Bah!) to all my
> outgoing emails.  I tried the inline sig, which works, but it adds it to
> incoming mails as well.
>
> Does anyone have something that they use that I could look at?

How about the EXAMPLES file in the etc/rules directory?

3. Only sign outgoing messages

   Set "Sign Clean Messages = /opt/MailScanner/etc/rules/signing.rules".
   If your messages come from "yourdomain.com", then try this:
   From:        192.168.                yes
   FromOrTo:    default                 no
   where your network is the whole of 192.168.xxx.xxx.

> Maybe something like this should be in a FAQ/MAQ or the distribution ?

Not needed, if it is already available in the distrobution!

Good luck!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Wed Aug 11 21:27:38 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:33 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.647.1137101193.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-08-11 at 21:04, Michael H. Martel wrote:
> Hello!
>
> I'm looking to use MailScanner to add a disclaimer (Bah!) to all my
> outgoing emails.  I tried the inline sig, which works, but it adds it to
> incoming mails as well.
>
> Does anyone have something that they use that I could look at ?  Maybe
> something like this should be in a FAQ/MAQ or the distribution ?
Use a ruleset for Sign Clean Messages so that signatures are applied to
emails from your internal servers but not to other mail.





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Wed Aug 11 21:41:43 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:33 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.648.1137101193.24926.mailscanner@lists.mailscanner.info>

I'd use a ruleset for the inline sigs:

From:           *@yourdomain.com                yes
From:           default                 no

Mike


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel
> Sent: Wednesday, August 11, 2004 3:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Using MailScanner to add a Disclaimer to outgoing emails
>
> Hello!
>
> I'm looking to use MailScanner to add a disclaimer (Bah!) to
> all my outgoing emails.  I tried the inline sig, which works,
> but it adds it to incoming mails as well.
>
> Does anyone have something that they use that I could look at
> ?  Maybe something like this should be in a FAQ/MAQ or the
> distribution ?
>
> Many thanks!
>
>
>
>
> Michael
>
> --
>
>   --------------------------------o---------------------------------
>    Michael H. Martel              | Systems Administrator
>    martelm@quark.vsc.edu          | Vermont State Colleges
>    http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From cpd at UNIVAP.BR  Wed Aug 11 21:48:02 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.649.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi Julian,


    This patch work fine, solve all problem with AVG scanning and
system report.

Thanks,


Vladimir Costa


> Please try this patch to SweepViruses.pm:
>
> -----SNIP-----
> --- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
> +++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
> @@ -2474,6 +2474,9 @@
>    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
>    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified
> EICAR_Test (+2)
>
> +  # Remove all the duff carriage-returns from the line
> +  $line =~ s/[\r\n]//g;
> +
>    #print STDERR "Line: $line\n";
>    return 0 unless $line =~ /Virus identified  (.+)$/;
>
> -----SNIP-----
>
> Let me know if that helps. I need to get a new version of Antivir to work
> on this.
>
> At 13:26 11/08/2004, you wrote:
>
>> Hi there,
>>
>> I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and
>> Bitdefender as second antivirus). All was good, but now, when only AVG
>> indetifies virus (Bitdefender not), Mailscanner will pass message as
>> uninfected to recipient.
>>
>> Fragment of maillog:
>> -------------------
>> Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 messages,
>> 1479 bytes
>> Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: Starting
>> Aug 11 14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>> Starting
>> Aug 11 14:10:31 server MailScanner[3547]:
>> ^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  EICAR_Test
>> (+6)
>> Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: Avg found 1
>> infections
>> Aug 11 14:10:32 server MailScanner[3547]: Uninfected: Delivered 1
>> messages
>> --------------------
>>
>> I suppose, that it is connected with "^M" problem in path (as written in
>> another message). But virus passing through MailScanner is alarming.
>>
>> What to do with this?
>>
>> With Regards
>> Pavel Zichovsky (zichovsky@trul.cz)
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From zichovsky at TRUL.CZ  Wed Aug 11 22:08:13 2004
From: zichovsky at TRUL.CZ (Pavel Zichovsky)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.650.1137101193.24926.mailscanner@lists.mailscanner.info>

Unfortunately this patch did not help :(
^M stays in log as before, and messages with virus (EICAR) are treated as
uninfected.
 
Pavel Zichovsky

> -----Pùvodní zpráva-----
> Od: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] za u¾ivatele Julian Field
> Odesláno: 11. srpna 2004 15:02
> Komu: MAILSCANNER@JISCMAIL.AC.UK
> Pøedmìt: Re: [MAILSCANNER] Infected message delivered
> 
> Please try this patch to SweepViruses.pm:
> 
> -----SNIP-----
> --- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
> +++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
> @@ -2474,6 +2474,9 @@
>     #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
>     #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus 
> identified  EICAR_Test (+2)
> 
> +  # Remove all the duff carriage-returns from the line  $line =~ 
> + s/[\r\n]//g;
> +
>     #print STDERR "Line: $line\n";
>     return 0 unless $line =~ /Virus identified  (.+)$/;
> 
> -----SNIP-----
> 
> Let me know if that helps. I need to get a new version of 
> Antivir to work on this.
> 
> At 13:26 11/08/2004, you wrote:
> >Hi there,
> >
> >I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and 
> >Bitdefender as second antivirus). All was good, but now, 
> when only AVG 
> >indetifies virus (Bitdefender not), Mailscanner will pass message as 
> >uninfected to recipient.
> >
> >Fragment of maillog:
> >-------------------
> >Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
> >messages,
> >1479 bytes
> >Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
> Starting Aug 11 
> >14:10:30 server MailScanner[3547]: Virus and Content Scanning:
> >Starting
> >Aug 11 14:10:31 server MailScanner[3547]:
> >^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  
> >EICAR_Test
> >(+6)
> >Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
> Avg found 1 
> >infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
> >Delivered 1 messages
> >--------------------
> >
> >I suppose, that it is connected with "^M" problem in path 
> (as written 
> >in another message). But virus passing through MailScanner 
> is alarming.
> >
> >What to do with this?
> >
> >With Regards
> >Pavel Zichovsky (zichovsky@trul.cz)
> >
> >-------------------------- MailScanner list ----------------------
> >To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/     and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
> 
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Aug 11 22:11:53 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:33 2006
Subject: Possible message corruption doing hold queue access...
Message-ID: <mailman.651.1137101193.24926.mailscanner@lists.mailscanner.info>

Smart,Dan wrote:
> I'm doing some research and evaluation of using MailScanner with
> Postfix and SpamAssassin.  I am concerned that the primary author of
> Postfix recommends against using MailScanner since it reads the hold
> queue file directly instead of using the LMTP protocol as amavis-new
> does.
>
> Does anyone have any opinions on the likelihood of message
> corruption, and the pros and cons of MailScanner in comparison to
> amavis-new?

Lots of posts about that - check the archive.  There was a bunch just last
week or the week before as a matter of fact...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dh at UPTIME.AT  Wed Aug 11 22:20:08 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:33 2006
Subject: Possible message corruption doing hold queue access...
Message-ID: <mailman.652.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Smart,Dan wrote:

| I'm doing some research and evaluation of using MailScanner with
Postfix and
| SpamAssassin.  I am concerned that the primary author of Postfix
recommends
| against using MailScanner since it reads the hold queue file directly
| instead of using the LMTP protocol as amavis-new does.
|
| Does anyone have any opinions on the likelihood of message corruption, and
| the pros and cons of MailScanner in comparison to amavis-new?
|
| <<Dan>>
|
THere have been lots of discussions in the past concerning Postfix and
MailScanner. In short ... do you _have_ to use Postfix? If not, _I_
would _personally_ recommend you use a different MTA:
*Personally I see no reason for using Postfix in the first place
anyways, but that is just me)-

Aopart from that Julian's method seems to work for those who use Postfix.
|

- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBGo2IPMoaMn4kKR4RA8kwAJ9jyauBD8tcHgMSIoT3T2s1NPG35wCfWH7b
HTNq5kyvJ55zElpi4LNgHt0=
=dcYZ
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cpd at UNIVAP.BR  Wed Aug 11 22:27:09 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.653.1137101193.24926.mailscanner@lists.mailscanner.info>

Pavel,

        This solved for me.

        You stop and star Mailscanner ?

Vladimir M Costa


> Unfortunately this patch did not help :(
> ^M stays in log as before, and messages with virus (EICAR) are treated as
> uninfected.
>  
> Pavel Zichovsky
> 
> 
>>-----P&#367;vodní zpráva-----
>>Od: MailScanner mailing list 
>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] za u^Þivatele Julian Field
>>Odesláno: 11. srpna 2004 15:02
>>Komu: MAILSCANNER@JISCMAIL.AC.UK
>>P&#345;edm&#283;t: Re: [MAILSCANNER] Infected message delivered
>>
>>Please try this patch to SweepViruses.pm:
>>
>>-----SNIP-----
>>--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
>>+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
>>@@ -2474,6 +2474,9 @@
>>    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
>>    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus 
>>identified  EICAR_Test (+2)
>>
>>+  # Remove all the duff carriage-returns from the line  $line =~ 
>>+ s/[\r\n]//g;
>>+
>>    #print STDERR "Line: $line\n";
>>    return 0 unless $line =~ /Virus identified  (.+)$/;
>>
>>-----SNIP-----
>>
>>Let me know if that helps. I need to get a new version of 
>>Antivir to work on this.
>>
>>At 13:26 11/08/2004, you wrote:
>>
>>>Hi there,
>>>
>>>I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and 
>>>Bitdefender as second antivirus). All was good, but now, 
>>
>>when only AVG 
>>
>>>indetifies virus (Bitdefender not), Mailscanner will pass message as 
>>>uninfected to recipient.
>>>
>>>Fragment of maillog:
>>>-------------------
>>>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
>>>messages,
>>>1479 bytes
>>>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
>>
>>Starting Aug 11 
>>
>>>14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>>>Starting
>>>Aug 11 14:10:31 server MailScanner[3547]:
>>>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  
>>>EICAR_Test
>>>(+6)
>>>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
>>
>>Avg found 1 
>>
>>>infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
>>>Delivered 1 messages
>>>--------------------
>>>
>>>I suppose, that it is connected with "^M" problem in path 
>>
>>(as written 
>>
>>>in another message). But virus passing through MailScanner 
>>
>>is alarming.
>>
>>>What to do with this?
>>>
>>>With Regards
>>>Pavel Zichovsky (zichovsky@trul.cz)
>>>
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>Before posting, please see the Most Asked Questions at
>>>http://www.mailscanner.biz/maq/     and the archives at
>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>Before posting, please see the Most Asked Questions at
>>http://www.mailscanner.biz/maq/     and the archives at
>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From zichovsky at TRUL.CZ  Wed Aug 11 22:48:39 2004
From: zichovsky at TRUL.CZ (Pavel Zichovsky)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.654.1137101193.24926.mailscanner@lists.mailscanner.info>

Yes, I am now runnig MailScanner in debug mode to see what it does with
messages. So it is started/stopped on every batch.

If patch solved it to you, maybe I applied patch incorrectly... Could you
please send me whole patched SweepViruses.pm?

Thanks in advance

With regards
Pavel Zichovsky (zichovsky@trul)
 

> 
> Pavel,
> 
>         This solved for me.
> 
>         You stop and star Mailscanner ?
> 
> Vladimir M Costa
> 
> 
> > Unfortunately this patch did not help :( ^M stays in log as before, 
> > and messages with virus (EICAR) are treated as uninfected.
> >  
> > Pavel Zichovsky
> > 
> > 
> >>-----P&#367;vodní zpráva-----
> >>Od: MailScanner mailing list
> >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] za u¾ivatele Julian Field
> >>Odesláno: 11. srpna 2004 15:02
> >>Komu: MAILSCANNER@JISCMAIL.AC.UK
> >>P&#345;edm&#283;t: Re: [MAILSCANNER] Infected message delivered
> >>
> >>Please try this patch to SweepViruses.pm:
> >>
> >>-----SNIP-----
> >>--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
> >>+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
> >>@@ -2474,6 +2474,9 @@
> >>    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
> >>    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified  
> >>EICAR_Test (+2)
> >>
> >>+  # Remove all the duff carriage-returns from the line  $line =~ 
> >>+ s/[\r\n]//g;
> >>+
> >>    #print STDERR "Line: $line\n";
> >>    return 0 unless $line =~ /Virus identified  (.+)$/;
> >>
> >>-----SNIP-----
> >>
> >>Let me know if that helps. I need to get a new version of 
> Antivir to 
> >>work on this.
> >>
> >>At 13:26 11/08/2004, you wrote:
> >>
> >>>Hi there,
> >>>
> >>>I am using MailScanner (currently 4.32.5-1) with AVG 
> Antivirus (and 
> >>>Bitdefender as second antivirus). All was good, but now,
> >>
> >>when only AVG
> >>
> >>>indetifies virus (Bitdefender not), Mailscanner will pass 
> message as 
> >>>uninfected to recipient.
> >>>
> >>>Fragment of maillog:
> >>>-------------------
> >>>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
> >>>messages,
> >>>1479 bytes
> >>>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
> >>
> >>Starting Aug 11
> >>
> >>>14:10:30 server MailScanner[3547]: Virus and Content Scanning:
> >>>Starting
> >>>Aug 11 14:10:31 server MailScanner[3547]:
> >>>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified 
> >>>EICAR_Test
> >>>(+6)
> >>>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
> >>
> >>Avg found 1
> >>
> >>>infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
> >>>Delivered 1 messages
> >>>--------------------
> >>>
> >>>I suppose, that it is connected with "^M" problem in path
> >>
> >>(as written
> >>
> >>>in another message). But virus passing through MailScanner
> >>
> >>is alarming.
> >>
> >>>What to do with this?
> >>>
> >>>With Regards
> >>>Pavel Zichovsky (zichovsky@trul.cz)
> >>>
> >>>-------------------------- MailScanner list ----------------------
> >>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >>>Before posting, please see the Most Asked Questions at
> >>>http://www.mailscanner.biz/maq/     and the archives at
> >>>http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>-------------------------- MailScanner list ----------------------
> >>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> >>Before posting, please see the Most Asked Questions at
> >>http://www.mailscanner.biz/maq/     and the archives at
> >>http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>
> > 
> > 
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kwang at UCALGARY.CA  Wed Aug 11 23:36:14 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:26:33 2006
Subject: Let MailScanner report the significant/all things
Message-ID: <mailman.655.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

We received many requests to un-quarantine the price.exe files recently.
The reason is that the messages attache one zip file with two files in.
One file(price.html) is infected and the other one (price.exe) matches
the file name extention rule. MailScanner only tells the recipient that
the exe file is dangerous and dos not show anything about the infected
one.  Is it possible for MailScanner to report all infections it found
or at least the most significant one?

Here is an example:

The infection report user received shows:
At Mon Aug 9 13:56:37 2004 the virus scanner reported:
          MailScanner: Executable DOS/Windows programs are dangerous in
email (price.exe)

The syslog shows:
Aug  9 13:56:27 mhub3 MailScanner[12094]: Saved archive copies of i79JuNr00332 i79JuLr32737 i79JuNr00327 i79JuLr32650
Aug  9 13:56:37 mhub3 MailScanner[12094]: /i79JuNr00327/price2.zip/PRICE.HTML/0000007b.js        Found the JS/IllWill trojan !!!
Aug  9 13:56:37 mhub3 MailScanner[12094]: /i79JuNr00327/price.html/0000007b.js        Found the JS/IllWill trojan !!!
Aug  9 13:56:37 mhub3 MailScanner[12094]: Infected message i79JuNr00327 came from 66.134.82.43
Aug  9 13:56:37 mhub3 MailScanner[12094]: Filename Checks: ZIP File (i79JuNr00327 price2.zip)
Aug  9 13:56:37 mhub3 MailScanner[12094]: Filename Checks: Windows/DOS Executable (i79JuNr00327 price/price.exe)
Aug  9 13:56:37 mhub3 MailScanner[12094]: Saved infected "price.exe" to /var/spool/MailScanner/quarantine/20040809/i79JuNr00327
Aug  9 13:56:37 mhub3 MailScanner[12094]: Saved infected "price.html" to /var/spool/MailScanner/quarantine/20040809/i79JuNr00327
Aug  9 13:56:37 mhub3 MailScanner[12094]: Saved infected "price2.zip" to /var/spool/MailScanner/quarantine/20040809/i79JuNr00327



Kai Wang
University of Calgary

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug 12 03:32:03 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:33 2006
Subject: Linux Distro
Message-ID: <mailman.656.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ed Andre wrote:
> Julian,
>
>
> my name and Eduardo Santa Helena, and I is developing a Linux distro
> specially for use as gateway of email.
> I is requesting your agree  for include the MailScanner in this distro.
> To same still this in phase of compilation of the packages and I is using
> the .src  of the RHEL 3 and of the Fedora as base of the system.
>
> This distro have GPL licence.

Did you take a look at sentinix?

>
> Tnx.
>
> Eduardo
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Thu Aug 12 03:38:19 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:33 2006
Subject: seznam.cz
Message-ID: <mailman.657.1137101193.24926.mailscanner@lists.mailscanner.info>

Is anyone else seeing a huge flood of forged seznam.cz emails trying come
through?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gcle at smcaus.com.au  Thu Aug 12 04:20:52 2004
From: gcle at smcaus.com.au (Gerard Cleary)
Date: Thu Jan 12 21:26:33 2006
Subject: seznam.cz
Message-ID: <mailman.658.1137101193.24926.mailscanner@lists.mailscanner.info>

On Thu, 12 Aug 2004 12:38, you wrote:
> Is anyone else seeing a huge flood of forged seznam.cz emails trying come
> through?
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

We have received only a single eMail from that sender in the past 24 hours.
Gerard.

--
Gerard Cleary
IT Manager   SMC Pneumatics Australia Pty Ltd
PH: (02) 9354 8222

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Thu Aug 12 04:55:33 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:33 2006
Subject: SPF
Message-ID: <mailman.659.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Joshua:

Hirsh, Joshua wrote:

>>If you're NOT going to assign a negative Spam Assassin value for SPF
>>servers, then why SPF enable Spam Assassin at all?
>>
>>
>
> Not assigning a negative value to valid SPF sites doesn't really concern
>me, of course everyone is free to do as they please.
>
> Assigning a very high positive value to sites that fail SPF tests is the
>key, which is the entire point of adding the support in SpamAssassin. You
>know.. for catching SPAM. ;-)
>
>
D'oh!
Ah yes, "catching" SPAM.... It's a good thing!
But in this case, why bother "catching", or even looking at it at all?
If you want to use SPF, have the MTA reject SPF failures up-front.

At the moment, most domains do not have SPF configured, so you can't
regard that as "failing" SPF.

The only time mail "fails" SPF, it tells you that the sender domain is
dis-owning or dis-avowing this mail. Disregarding the possibility of a
mis-configuration on the part of the sender domain, it is 100% known to
be forged. This isn't like a blacklist where there can be some
difference of opinion. The MTA should reject this mail outright.

If for some reason, your MTA just doesn't support SPF, or you don't have
the mental energy to implement it then, by-all-means, use SA to clobber
it w/ a huge positive value, but that's just a band-aid for not having
the "proper" support in your MTA.
This band-aid may leave MS/SA quarantining piles of mail that should
never have been accepted, but at least you won't deliver it to your users.

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james at 080.NET  Thu Aug 12 06:00:10 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:33 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.660.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!
Thanks for you guys!
But I try send email from outside of my server with message:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI........

Will that OK ?
How come I didn't receive email.

Also, is there any web based form like eicar and I just fill up the form and
it will send a test email to my email box ?

Regards,


James
----- Original Message ----- 
From: "Drew Marshall" <drew@THEMARSHALLS.CO.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, August 11, 2004 10:00 PM
Subject: Re: test for spam email, is there any ?


> On Wed, August 11, 2004 10:28, James Hsieh said:
> > Hi!
> > There is a virus test :
> > http://www.aleph-tec.com/eicar/index.php
> >
> > I wonder if there is a test for spamassassin so I can go there and send
> > emails to test my setting.
> >
>
> Try http://spamassassin.apache.org/gtube/
>
> Drew
>
>
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
>
>
>
>
> ------------------------------------------------------
> ¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
> Viruses Scanned by 080.net
>
>







------------------------------------------------------
¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
Viruses Scanned by 080.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Aug 12 08:10:21 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:33 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.661.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!

> >But many people are seeing this, so there must be something 'fuzzy'.
> >Today i had two machines with the same behaviour. They were running just
> >fine, but after a reboot the system as hanging on the 'starting
> >mailscanner'. That was on a FC1 box, but also got the same reported on a
> >Debian machine.

> >If i start MS manually it runs.

> >Any idea's Julian, did you change anything of the PID checks in the latest
> >version ?

> I don't think so, no.

Any other idea's, happened on two different linux versions, nobody else
having this?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Thu Aug 12 08:39:07 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:33 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.662.1137101193.24926.mailscanner@lists.mailscanner.info>

>> Yes from FreeBSD port but I think Mike Zanker may have found it. The
>> BSD ports tree has version 0.05, the latest version is 0.11. I wonder
>> if JP can submit 0.11 to a committer (As he is listed as the port
>> maintainer). 

I completely forgot. Has just been submitted...

Sorry,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Thu Aug 12 08:48:03 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:33 2006
Subject: ClamAV Module Failure
Message-ID: <mailman.663.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Jan-Peter Koopmann wrote:<br>
<blockquote
 cite="midAEF86EFA5497434190F6D57E2666EA7A033610@ERWIN.intern.seceidos.de"
 type="cite">
  <blockquote type="cite">
    <blockquote type="cite">
      <pre wrap="">Yes from FreeBSD port but I think Mike Zanker may have found it. The
BSD ports tree has version 0.05, the latest version is 0.11. I wonder
if JP can submit 0.11 to a committer (As he is listed as the port
maintainer).
      </pre>
    </blockquote>
  </blockquote>
  <pre wrap=""><!---->
I completely forgot. Has just been submitted...
  </pre>
</blockquote>
<br>
Great thanks, that will make life easier <span class="moz-smiley-s1"><span>
:-) </span></span><br>
<blockquote
 cite="midAEF86EFA5497434190F6D57E2666EA7A033610@ERWIN.intern.seceidos.de"
 type="cite">
  <pre wrap="">
Sorry,
  </pre>
</blockquote>
No worries<br>
<br>
Drew<br>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 12 08:54:00 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:33 2006
Subject: seznam.cz
Message-ID: <mailman.664.1137101193.24926.mailscanner@lists.mailscanner.info>

> Is anyone else seeing a huge flood of forged seznam.cz emails trying
> come through?
We've been getting them for the last couple of weeks



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Thu Aug 12 09:38:36 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.665.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-------
I think you'd be better off using the SBL list in sendmail and scoring
the XBL list in spamassassin.  I've seen a few false positives which
seem to come from the XBL list.

-------

Would someone please teach me how to go about implementing that? I really
love it when I added the above lines in my sendmail because my server went
from average of 10.00 load to 1.50 load. The extra idle could help ease up
my server on serving websites.

Thanks in advance.

At 06:51 PM 11/8/2004, you wrote:
>kfliong wrote:
> > Hi,
> >
> > I added the line below to my sendmail.mc and then regenerated
> > the sendmail.cf file.
> >
> > FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS
> > DENIED to <"$&f"> thru "$&{client_name}" by The Spamhaus
> > SBL+XBL DNSBL ; Please visit http://www.spamhaus.org/ for
> > more information."')dnl
> >
> > It's working fine by stopping spams from spamhaus list before
> > mails could even reach mailscanner and thus freeing my server
> > load. I love this feature a lot as we are getting tons of spams daily.
> >
> > But the problem is, some of my users also are unable to send
> > their emails using SMTP server as their "dynamic" IP is
> > banned because some of the ips are listed in spamhaus. They
> > keep getting the error above. How can I rectify this? Is
> > there a command for me to add to allow user based on their IP
> > address or email address?
> >
> > Perhaps I could allow IP address of certain range (within my
> > ISP) to go through this? After all, once the mails pass
> > through this barrier, there are also Mailscanner to take care
> > of the spams.
> >
> > Thanks in advance.
>
>I think you'd be better off using the SBL list in sendmail and scoring
>the XBL list in spamassassin.  I've seen a few false positives which
>seem to come from the  XBL list.
>
>Cheers,
>
>Phil
>----
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martelm at QUARK.VSC.EDU  Thu Aug 12 10:03:11 2004
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:26:33 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.666.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--On Wednesday, August 11, 2004 2:25 PM -0600 Dustin Baer
<dustin.baer@IHS.COM> wrote:

> How about the EXAMPLES file in the etc/rules directory?

You know, maybe one of these days I'll actually look in EVERY directory
before I go and send something off to the list.  I found the EXAMPLES right
after I sent the message off and then everything broke loose at work and I
forgot to send a message out.

Sorry to waste Bandwidth and people's time.

Thanks!




Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Vermont State Colleges
   martelm@quark.vsc.edu          | Systems Administrator
   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 12 10:04:19 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.667.1137101193.24926.mailscanner@lists.mailscanner.info>

> Would someone please teach me how to go about implementing
> that? I really love it when I added the above lines in my
> sendmail because my server went from average of 10.00 load to
> 1.50 load. The extra idle could help ease up my server on serving
> websites.

If you have a load of 10 then you are either doing something wrong, like
using BigEvil, or you need better hardware.
On a typical shared hosting server with over 300 sites and close to 1000
mail users we rarely see the load go above 3 during office hours.
>
>>
>> I think you'd be better off using the SBL list in sendmail and
>> scoring the XBL list in spamassassin.  I've seen a few false
>> positives which seem to come from the  XBL list.
It depends on your userbase to a degree, but we have seen a lot of issues
with ISP dialup pools being listed in both SBL and XBL. This is not
Spamhaus' fault, but there is no reason why the users need suffer as a
result.

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Thu Aug 12 10:31:06 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.668.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, I do use BigEvil script for spamassassin.

Here is my specs and you tell me if there's something wrong with my system.

- Intel P3 1GHz
- 512mb RAM
- Around 12 sites but only 2 are really active
- Very little user base for email around 50
- around 30,000 incoming mails per day of where 94% are spams


thanks in advance

At 05:04 PM 12/8/2004, you wrote:
> > Would someone please teach me how to go about implementing
> > that? I really love it when I added the above lines in my
> > sendmail because my server went from average of 10.00 load to
> > 1.50 load. The extra idle could help ease up my server on serving
> > websites.
>
>If you have a load of 10 then you are either doing something wrong, like
>using BigEvil, or you need better hardware.
>On a typical shared hosting server with over 300 sites and close to 1000
>mail users we rarely see the load go above 3 during office hours.
> >
> >>
> >> I think you'd be better off using the SBL list in sendmail and
> >> scoring the XBL list in spamassassin.  I've seen a few false
> >> positives which seem to come from the  XBL list.
>It depends on your userbase to a degree, but we have seen a lot of issues
>with ISP dialup pools being listed in both SBL and XBL. This is not
>Spamhaus' fault, but there is no reason why the users need suffer as a
>result.
>
>Mr Michele Neylon
>Blacknight Internet Solutions Ltd
>http://www.blacknight.ie/
>Tel. +353 59 9137101
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at WOFS.COM  Thu Aug 12 10:32:01 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:33 2006
Subject: procmail with mailscanner
Message-ID: <mailman.669.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

We are using sendmail as MTA for mailscanner. Can I turn off procmail? If
can, how do I turn it off?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcel at IRC-ADDICTS.DE  Thu Aug 12 10:33:13 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:33 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.670.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi there,

i could send you the spam-test-line from my gmx.de or web.de
account..which is my "spam-trigger"-account for online forums etc.

if that would help you then

Greetings

Marcel

On Thu, 12 Aug 2004, James Hsieh wrote:

> Hi!
> Thanks for you guys!
> But I try send email from outside of my server with message:
> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI........
>
> Will that OK ?
> How come I didn't receive email.
>
> Also, is there any web based form like eicar and I just fill up the form and
> it will send a test email to my email box ?
>
> Regards,
>
>
> James
> ----- Original Message -----
> From: "Drew Marshall" <drew@THEMARSHALLS.CO.UK>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Wednesday, August 11, 2004 10:00 PM
> Subject: Re: test for spam email, is there any ?
>
>
> > On Wed, August 11, 2004 10:28, James Hsieh said:
> > > Hi!
> > > There is a virus test :
> > > http://www.aleph-tec.com/eicar/index.php
> > >
> > > I wonder if there is a test for spamassassin so I can go there and send
> > > emails to test my setting.
> > >
> >
> > Try http://spamassassin.apache.org/gtube/
> >
> > Drew
> >
> >
> >
> > --
> > In line with our policy, this message has
> > been scanned for viruses and dangerous
> > content by MailScanner, and is believed to be clean.
> > www.themarshalls.co.uk/policy
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > ¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
> > Viruses Scanned by 080.net
> >
> >
>
>
>
>
>
>
>
> ------------------------------------------------------
> ¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
> Viruses Scanned by 080.net
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel at IRC-ADDICTS.DE  Thu Aug 12 10:44:32 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:33 2006
Subject: More Problems with new MailScanner-Version (fwd)
Message-ID: <mailman.671.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi there,

as i stated before, i am having these problems with perl v5.8.4.
Perl 5.8.0 is working fine.
Some of my Webscripts, which are using the thelock-command is no longer
working with the version 5.8.4..maybe they changed to much?

Marcel

On Thu, 12 Aug 2004, Raymond Dijkxhoorn wrote:

> Hi!
>
> > >But many people are seeing this, so there must be something 'fuzzy'.
> > >Today i had two machines with the same behaviour. They were running just
> > >fine, but after a reboot the system as hanging on the 'starting
> > >mailscanner'. That was on a FC1 box, but also got the same reported on a
> > >Debian machine.
>
> > >If i start MS manually it runs.
>
> > >Any idea's Julian, did you change anything of the PID checks in the latest
> > >version ?
>
> > I don't think so, no.
>
> Any other idea's, happened on two different linux versions, nobody else
> having this?
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From david.hooton at GMAIL.COM  Thu Aug 12 10:47:29 2004
From: david.hooton at GMAIL.COM (David Hooton)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.672.1137101193.24926.mailscanner@lists.mailscanner.info>

On Thu, 12 Aug 2004 17:31:06 +0800, kfliong <kfliong@wofs.com> wrote:
> Yes, I do use BigEvil script for spamassassin.

Get rid of it and install SURBL - www.surbl.org bigevil.cf is no
longer a production config as it's outgrown the practical limitations
of most machines.

> Here is my specs and you tell me if there's something wrong with my system.
>
> - Intel P3 1GHz
> - 512mb RAM
> - Around 12 sites but only 2 are really active
> - Very little user base for email around 50
> - around 30,000 incoming mails per day of where 94% are spams

Your box is probably underspec'd for that that volume, I would suggest
at least 1 Gig of RAM.

Running SBL at the MTA level is a pretty good start to removing some
additional load, SBL-XBL is probably not ideal however as it does list
dynamic IP's as you've noticed.

XBL can be added as a spamassassin rule, this is very easy to work out
with a quick google.
--
Regards,

David Hooton

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mustafa at palnet.com  Thu Aug 12 10:57:55 2004
From: mustafa at palnet.com (Mustafa N. Deeb)
Date: Thu Jan 12 21:26:33 2006
Subject: procmail with mailscanner
Message-ID: <mailman.673.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
hi

You can turn that off from sendmail , not mail scanner

Cheers
----- Original Message -----
From: "kfliong" <kfliong@WOFS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, August 12, 2004 11:32 AM
Subject: procmail with mailscanner


> Hi,
>
> We are using sendmail as MTA for mailscanner. Can I turn off procmail? If
> can, how do I turn it off?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 12 11:01:39 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.674.1137101193.24926.mailscanner@lists.mailscanner.info>

> Yes, I do use BigEvil script for spamassassin.

Simple solution. Remove BigEvil and use SURBL instead
This has been discussed at length here, on the spam assassin users' list and
on the SURBL list.


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 12 11:03:10 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:33 2006
Subject: procmail with mailscanner
Message-ID: <mailman.675.1137101193.24926.mailscanner@lists.mailscanner.info>

> Hi,
>
> We are using sendmail as MTA for mailscanner. Can I turn off
> procmail? If can, how do I turn it off?

You are probably using procmail to deliver the mail to mailboxes, so in a
word. NO

M



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Aug 12 11:41:49 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.676.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!

> Yes, I do use BigEvil script for spamassassin.

Do you watch whats going on on your system ? Did you see the size of those
list the last weeks ? Please start using SURBL, drop the BigEvil ruleset
and your server can breath again.

> - Intel P3 1GHz
> - 512mb RAM
> - Around 12 sites but only 2 are really active
> - Very little user base for email around 50
> - around 30,000 incoming mails per day of where 94% are spams

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Thu Aug 12 11:50:53 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.677.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Aug 12, 2004, at 2:04 AM, Michele Neylon:: Blacknight Solutions
wrote:

>> Would someone please teach me how to go about implementing
>> that? I really love it when I added the above lines in my
>> sendmail because my server went from average of 10.00 load to
>> 1.50 load. The extra idle could help ease up my server on serving
>> websites.
>
> If you have a load of 10 then you are either doing something wrong,
> like
> using BigEvil, or you need better hardware.
> On a typical shared hosting server with over 300 sites and close to
> 1000
> mail users we rarely see the load go above 3 during office hours.

How many messages per day?  That's much more interesting than the
number of users.

>>> I think you'd be better off using the SBL list in sendmail and
>>> scoring the XBL list in spamassassin.  I've seen a few false
>>> positives which seem to come from the  XBL list.
> It depends on your userbase to a degree, but we have seen a lot of
> issues
> with ISP dialup pools being listed in both SBL and XBL. This is not
> Spamhaus' fault, but there is no reason why the users need suffer as a
> result.
>

I don't have a problem with blocking dialup IP pools (other than my
own, of course).  Those users should be sending email through their
ISP, not directly to my front-line servers.  (for my own users, the
machines that do SMTP-AUTH are not the front-line machines, so it's not
an issue, whether they're roaming or local)

When analyzing our traffic, the SBL would really only "take the edge
off" of our peak loads, whereas the XBL really hits the spam well.
Even just doing the SBL and XBL via spam assassin, we quadrupled our
spam catching stats.  And, we haven't had any reports of false
positives via the SBL or XBL, nor have I found any.

(one thing that we do, is zone transfers from spamhaus, and then before
putting it into production we run filters on the zone files to report
any matches from our own networks, and remove them from our copies of
the zones)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cpd at UNIVAP.BR  Thu Aug 12 12:59:40 2004
From: cpd at UNIVAP.BR (Vladimir M Costa)
Date: Thu Jan 12 21:26:33 2006
Subject: Infected message delivered
Message-ID: <mailman.678.1137101193.24926.mailscanner@lists.mailscanner.info>

Pavell,

       I'm sending the Sweep file in off.


Vladimir M Costa
     

> Yes, I am now runnig MailScanner in debug mode to see what it does with
> messages. So it is started/stopped on every batch.
> 
> If patch solved it to you, maybe I applied patch incorrectly... Could you
> please send me whole patched SweepViruses.pm?
> 
> Thanks in advance
> 
> With regards
> Pavel Zichovsky (zichovsky@trul)
>  
> 
> 
>>Pavel,
>>
>>        This solved for me.
>>
>>        You stop and star Mailscanner ?
>>
>>Vladimir M Costa
>>
>>
>>
>>>Unfortunately this patch did not help :( ^M stays in log as before, 
>>>and messages with virus (EICAR) are treated as uninfected.
>>> 
>>>Pavel Zichovsky
>>>
>>>
>>>
>>>>-----P&#367;vodní zpráva-----
>>>>Od: MailScanner mailing list
>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] za u^Þivatele Julian Field
>>>>Odesláno: 11. srpna 2004 15:02
>>>>Komu: MAILSCANNER@JISCMAIL.AC.UK
>>>>P&#345;edm&#283;t: Re: [MAILSCANNER] Infected message delivered
>>>>
>>>>Please try this patch to SweepViruses.pm:
>>>>
>>>>-----SNIP-----
>>>>--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
>>>>+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
>>>>@@ -2474,6 +2474,9 @@
>>>>   #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
>>>>   #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified  
>>>>EICAR_Test (+2)
>>>>
>>>>+  # Remove all the duff carriage-returns from the line  $line =~ 
>>>>+ s/[\r\n]//g;
>>>>+
>>>>   #print STDERR "Line: $line\n";
>>>>   return 0 unless $line =~ /Virus identified  (.+)$/;
>>>>
>>>>-----SNIP-----
>>>>
>>>>Let me know if that helps. I need to get a new version of 
>>
>>Antivir to 
>>
>>>>work on this.
>>>>
>>>>At 13:26 11/08/2004, you wrote:
>>>>
>>>>
>>>>>Hi there,
>>>>>
>>>>>I am using MailScanner (currently 4.32.5-1) with AVG 
>>
>>Antivirus (and 
>>
>>>>>Bitdefender as second antivirus). All was good, but now,
>>>>
>>>>when only AVG
>>>>
>>>>
>>>>>indetifies virus (Bitdefender not), Mailscanner will pass 
>>
>>message as 
>>
>>>>>uninfected to recipient.
>>>>>
>>>>>Fragment of maillog:
>>>>>-------------------
>>>>>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
>>>>>messages,
>>>>>1479 bytes
>>>>>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
>>>>
>>>>Starting Aug 11
>>>>
>>>>
>>>>>14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>>>>>Starting
>>>>>Aug 11 14:10:31 server MailScanner[3547]:
>>>>>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified 
>>>>>EICAR_Test
>>>>>(+6)
>>>>>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
>>>>
>>>>Avg found 1
>>>>
>>>>
>>>>>infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
>>>>>Delivered 1 messages
>>>>>--------------------
>>>>>
>>>>>I suppose, that it is connected with "^M" problem in path
>>>>
>>>>(as written
>>>>
>>>>
>>>>>in another message). But virus passing through MailScanner
>>>>
>>>>is alarming.
>>>>
>>>>
>>>>>What to do with this?
>>>>>
>>>>>With Regards
>>>>>Pavel Zichovsky (zichovsky@trul.cz)
>>>>>
>>>>>-------------------------- MailScanner list ----------------------
>>>>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>>>Before posting, please see the Most Asked Questions at
>>>>>http://www.mailscanner.biz/maq/     and the archives at
>>>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>>
>>>>--
>>>>Julian Field
>>>>www.MailScanner.info
>>>>MailScanner thanks transtec Computers for their support
>>>>
>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris at scorpion.nl  Thu Aug 12 13:16:50 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.679.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi !

Just completed a small test to see if F-Prot finds viruses Clam passed as
virusfree ..... and yes .. it did.

But: I am not yet convinced if F-Prot is doing the 'Right thing TM :)"

Scenario:
        - 1. An email containing a virus as an attachment is send to a
foreign mailserver.
        - 2. Foreign mailserver bounces the message attaching the complete
message in mbox format in de message body.
        - 3. Clam scans the messages -> No virus found
        - 4. F-Prot scans the message -> Zafi.B found ....

- The actual virus is in de mbox formatted body ... this is not executable
by a normal user if he/she receives it ?
- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.

Should MailScanner do a double check ?.. one with and one without de mbox
parameter, or is F-Prot just to paranoid ?

Which is right ?

bye,
Chrs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From joe at TAO.ORG.UK  Thu Aug 12 13:26:44 2004
From: joe at TAO.ORG.UK (Josef Karthauser)
Date: Thu Jan 12 21:26:33 2006
Subject: Spam assassin 3 versus version 2.x and mailscanner.
Message-ID: <mailman.680.1137101193.24926.mailscanner@lists.mailscanner.info>

To make the transition to spamassassin 3 is it as easy as installing and
and mailscanner will just work - or do I need to tweak something?

Joe
-- 
Josef Karthauser (joe@tao.org.uk)              http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker)     http://www.uk.FreeBSD.org/
Physics Particle Theory (student)   http://www.pact.cpes.sussex.ac.uk/
================ An eclectic mix of fact and theory. =================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  202bytes. ]
    [ Unable to print this part. ]


From dene at DATATECHIE.COM  Thu Aug 12 13:41:28 2004
From: dene at DATATECHIE.COM (Dene Ulmschneider)
Date: Thu Jan 12 21:26:33 2006
Subject: need assistance with log entry
Message-ID: <mailman.681.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="address"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Eurostile ExtendedTwo";
        panose-1:0 11 5 0 0 0 0 0 0 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello all-<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am running RHL 9 with MailScanner version 4.29.7. I have
been getting an error in my daily logs that reads:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in;text-autospace:none'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>/etc/cron.daily/clean.quarantine:<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-autospace:none'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in;text-autospace:none'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>Scalar found where operator expected at
/etc/cron.daily/clean.quarantine line 15, near &quot;$quarantine_dir&quot;<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-autospace:none'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Missing
semicolon on previous line?)<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in;text-autospace:none'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>syntax error at /etc/cron.daily/clean.quarantine line 15, near
&quot;$quarantine_dir &quot;<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in;text-autospace:none'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>Execution of /etc/cron.daily/clean.quarantine aborted due to
compilation errors.<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>/etc/cron.daily/f-prot.cron:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Can anyone assist in fixing this? I am not sure what
needs to be done. Below is a snip form the file mentioned above:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'>$disabled = 0<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'>$quarantine_dir =
'/var/spool/MailScanner/quarantine';<o:p></o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'>$days_to_keep&nbsp;&nbsp;
= 30;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'>exit if $disabled;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Any help would be greatly appreciated.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>Regards,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>Dene Ulmschneider<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Times New Roman"><span style='font-size:
10.0pt'><img width=205 height=23 id="_x0000_i1025"
src="cid:image001.jpg@01C48047.DDF830C0"></span></font><font size=2
face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'><o:p></o:p></span></font></p>

<p class=MsoNormal><st1:Street w:st="on"><st1:address w:st="on"><font size=2
  face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>142
  Willis Avenue</span></font></st1:address></st1:Street><font size=2
face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'><o:p></o:p></span></font></p>

<p class=MsoNormal><st1:place w:st="on"><st1:City w:st="on"><font size=2
  face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>Mineola</span></font></st1:City><font
 size=2 face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:
 "Eurostile ExtendedTwo"'>, <st1:State w:st="on">N.Y.</st1:State> <st1:PostalCode
 w:st="on">11501</st1:PostalCode></span></font></st1:place><font size=2
face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>tel:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
866.MY.PC.HELP<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>fax:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
718.228.2657<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>web:&nbsp;&nbsp;&nbsp;&nbsp;
<a href="http://www.datatechie.com/" title="http://www.datatechie.com/">www.datatechie.com</a><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face="Eurostile ExtendedTwo"><span
style='font-size:10.0pt;font-family:"Eurostile ExtendedTwo"'>email:&nbsp;&nbsp;
<a href="mailto:dene@datatechie.com" title="mailto:dene@datatechie.com">dene@datatechie.com</a></span></font><font
size=2 face="Eurostile ExtendedTwo"><span style='font-size:10.0pt;font-family:
"Eurostile ExtendedTwo"'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>
Embedded Content: image00122.jpg: 00000001,3c4665fe,00000000,00000000

From rcooper at DWFORD.COM  Thu Aug 12 13:43:14 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with AVG scanner after update to 4.32
Message-ID: <mailman.682.1137101193.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Vladimir M Costa
> Sent: Wednesday, August 11, 2004 8:35 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Problem with AVG scanner after update to 4.32
>
>
>    I've the same problem with AVG and post this to list some days ago.
>
>
> Vladimir M Costa
>
>
> > Hi There
> >
> > I was using MailScanner version 4.30.3-1 with AVG Antivirus and
> it worked
> > perfectly.
> >
> > But after upgrading to version 4.32.5-1 (and adding BitDefender console
> > edtion as second virus scanner) Mailscanner stopped stating "AVG found
> > virus" in "notice mails" and also in Mailwatch.
> >
> > As you can see from maillog (fragment added below) AVG and Bitdefender
> > correctly found EICAR virus, but in "notice mail" and MailWatch
> is stated,
> > that only Bitdefender found virus (not any mention about AVG).
> >
> > --------------- maillog fragment
> > ---------------------------------------------
> > Aug 11 13:42:10 server MailScanner[2842]: Virus and Content Scanning:
> > Starting
> > Aug 11 13:42:10 server MailScanner[2842]: Commencing scanning by avg...
> > Aug 11 13:42:11 server MailScanner[2842]:
> >
> ^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M^M
> ^M./i7BBUF
> > p02507/eicar.com  Virus identified  EICAR_Test

Sorry, I haven't been paying close attention to the list the last couple
weeks (very busy). Have you changed versions of AVG? the output above looks
very odd but the end part is still valid. does any of the actual output have
new line chars in it or is that just mail formatting?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Thu Aug 12 13:44:55 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:33 2006
Subject: Using MailScanner to add a Disclaimer to outgoing emails
Message-ID: <mailman.683.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michael H. Martel wrote:
> --On Wednesday, August 11, 2004 2:25 PM -0600 Dustin Baer
> <dustin.baer@IHS.COM> wrote:
>
>> How about the EXAMPLES file in the etc/rules directory?
>
>
> You know, maybe one of these days I'll actually look in EVERY directory
> before I go and send something off to the list.  I found the EXAMPLES right
> after I sent the message off and then everything broke loose at work and I
> forgot to send a message out.

Don't take it bad, it's just that this is the single most asked question
on this list, and it is well documented in the MAQ, FAQ, and manual.

>
> Sorry to waste Bandwidth and people's time.
>
> Thanks!
>
>
>
>
> Michael
>
> --
>
>  --------------------------------o---------------------------------
>   Michael H. Martel              | Vermont State Colleges
>   martelm@quark.vsc.edu          | Systems Administrator
>   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug 12 13:45:58 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:33 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.684.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James Hsieh wrote:

> Hi!
> Thanks for you guys!
> But I try send email from outside of my server with message:
> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI........
>
> Will that OK ?
> How come I didn't receive email.

maybe it was blocked by another spam filter?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From joshua.hirsh at PARTNERSOLUTIONS.CA  Thu Aug 12 13:57:58 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:33 2006
Subject: Possible message corruption doing hold queue access...
Message-ID: <mailman.685.1137101193.24926.mailscanner@lists.mailscanner.info>

> Does anyone have any opinions on the likelihood of message corruption,

 Wietse' comment was concerning how MailScanner read from the deferred queue
directly, which was prior to when someone suggested using the hold queue
method.

 In previous versions I did see some message corruption when MailScanner
accessed the deferred queues, which has apparently been fixed in the later
versions. However, I switched to the hold queue method awhile back and
haven't seen a single corrupted message since the change (of course, YMMV,
but no one has reported one to me). We regularly see between 30k and 40k
messages per day, so I'm sure we would have experienced a problem with the
hold queue method if one existed..



 Cheers,
-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dan.farmer at PHONEDIR.COM  Thu Aug 12 15:05:58 2004
From: dan.farmer at PHONEDIR.COM (Dan Farmer)
Date: Thu Jan 12 21:26:33 2006
Subject: test for spam email, is there any ?
Message-ID: <mailman.686.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You can try just sending it straight to your MS machine yourself.

I just do the following-

telnet to the machine on port 25...
give it some basic commands:

HELO <your.ip.add.ress> or <machine-name>
Mail From: user@domain.com
Rcpt To: youraddress@yourdomain.com
DATA
<paste GTUBE string here>
.

It should respond with message accepted, then watch your maillog to se 
what happens - you can do the same with the eicar string as well.

dan

On Aug 11, 2004, at 11:00 PM, James Hsieh wrote:

> Hi!
> Thanks for you guys!
> But I try send email from outside of my server with message:
> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI........
>
> Will that OK ?
> How come I didn't receive email.
>
> Also, is there any web based form like eicar and I just fill up the 
> form and
> it will send a test email to my email box ?
>
> Regards,
>
>
> James
> ----- Original Message -----
> From: "Drew Marshall" <drew@THEMARSHALLS.CO.UK>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Wednesday, August 11, 2004 10:00 PM
> Subject: Re: test for spam email, is there any ?
>
>
>> On Wed, August 11, 2004 10:28, James Hsieh said:
>>> Hi!
>>> There is a virus test :
>>> http://www.aleph-tec.com/eicar/index.php
>>>
>>> I wonder if there is a test for spamassassin so I can go there and 
>>> send
>>> emails to test my setting.
>>>
>>
>> Try http://spamassassin.apache.org/gtube/
>>
>> Drew
>>
>>
>>
>> --
>> In line with our policy, this message has
>> been scanned for viruses and dangerous
>> content by MailScanner, and is believed to be clean.
>> www.themarshalls.co.uk/policy
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------
>> ¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
>> Viruses Scanned by 080.net
>>
>>
>
>
>
>
>
>
>
> ------------------------------------------------------
> ¥»¶l¥ó¤w¸g¹L080.net ¸s·ù¬ì§Þ¯f¬r±½ºË
> Viruses Scanned by 080.net
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From rob at THEHOSTMASTERS.COM  Thu Aug 12 15:24:38 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.687.1137101193.24926.mailscanner@lists.mailscanner.info>

I use 2 or 3 AV ... I use MacAfee and Clam try using both and or add a
third....

My 2 cents


Rob....



----- Original Message -----
From: "Christiaan den Besten" <chris@scorpion.nl>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, August 12, 2004 8:16 AM
Subject: Which AV is right :) ?


> Hi !
>
> Just completed a small test to see if F-Prot finds viruses Clam passed as
> virusfree ..... and yes .. it did.
>
> But: I am not yet convinced if F-Prot is doing the 'Right thing TM :)"
>
> Scenario:
>         - 1. An email containing a virus as an attachment is send to a
> foreign mailserver.
>         - 2. Foreign mailserver bounces the message attaching the complete
> message in mbox format in de message body.
>         - 3. Clam scans the messages -> No virus found
>         - 4. F-Prot scans the message -> Zafi.B found ....
>
> - The actual virus is in de mbox formatted body ... this is not executable
> by a normal user if he/she receives it ?
> - "Clamscan --mbox [body of msg]" does find the Zafi.B virus.
>
> Should MailScanner do a double check ?.. one with and one without de mbox
> parameter, or is F-Prot just to paranoid ?
>
> Which is right ?
>
> bye,
> Chrs
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Tim at NSOPTIMUM.CO.UK  Thu Aug 12 15:44:03 2004
From: Tim at NSOPTIMUM.CO.UK (Tim Guy)
Date: Thu Jan 12 21:26:33 2006
Subject: Any current DNBSL outages?
Message-ID: <mailman.688.1137101193.24926.mailscanner@lists.mailscanner.info>

I'm experiencing an increase in legitimate mail being caught in the
filter.

Its too early to say if its only the white list domains that are getting
through but I remember having the same problem when "infinite monkeys"
headed south???

Cheers

Tim

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Thu Aug 12 16:07:12 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.689.1137101193.24926.mailscanner@lists.mailscanner.info>

On Thu, 12 Aug 2004 14:16:50 +0200, you wrote:

>Just completed a small test to see if F-Prot finds viruses Clam passed as
>virusfree ..... and yes .. it did.
>
>But: I am not yet convinced if F-Prot is doing the 'Right thing TM :)"
>
>Scenario:
>        - 1. An email containing a virus as an attachment is send to a
>foreign mailserver.
>        - 2. Foreign mailserver bounces the message attaching the complete
>message in mbox format in de message body.
>        - 3. Clam scans the messages -> No virus found
>        - 4. F-Prot scans the message -> Zafi.B found ....
>
>- The actual virus is in de mbox formatted body ... this is not executable
>by a normal user if he/she receives it ?

It is. People click on the attachment, which probably is an RFC822
attachment", which opens up a new message window with (AFAIK) the same
rules regarding opening and starting attachments. I know Agent has the
possibility to show RFC822 attachments just as normal messages in your
folder. Allthough it will ask you a whole lot of questions before you
can start an attachment.

>- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.
>
>Should MailScanner do a double check ?.. one with and one without de mbox
>parameter, or is F-Prot just to paranoid ?
>
>Which is right ?

I would consider F-Prot to be right in protecting people used to
clicking on attachments.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris at scorpion.nl  Thu Aug 12 16:17:34 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.690.1137101193.24926.mailscanner@lists.mailscanner.info>

> It is. People click on the attachment, which probably is an RFC822
> attachment", which opens up a new message window with (AFAIK) the same
> rules regarding opening and starting attachments. I know Agent has the
> possibility to show RFC822 attachments just as normal messages in your
> folder. Allthough it will ask you a whole lot of questions before you
> can start an attachment.
>
> >- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.
> >
> >Should MailScanner do a double check ?.. one with and one
> without de mbox
> >parameter, or is F-Prot just to paranoid ?
> >
> >Which is right ?
>
> I would consider F-Prot to be right in protecting people used to
> clicking on attachments.

Ok, so might it be an idea to let the MailScanner clam-wrapper do a double
check ?.. one with and one without the '--mbox' parameter? Is that even
possible ?

Or perhaps the MailScanner mime-decoder should check if the 'decoded' part
is a valid multi-mime result and should decode that message as well ?... It
is a bit like a multi-level archive ...

bye,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From KShortt at AZERTY.COM  Thu Aug 12 17:03:32 2004
From: KShortt at AZERTY.COM (Shortt, Kevin)
Date: Thu Jan 12 21:26:33 2006
Subject: procmail with mailscanner
Message-ID: <mailman.691.1137101193.24926.mailscanner@lists.mailscanner.info>

Actually, you can turn it off by changing your local mailer in the sendmail
configuration. Procmail is set to be your local delivery agent in
sendmail.cf. It is set by default on Linux.  I do not know what OS you are
running, but most *nix'es have /bin/mail (or others) available for use.

Read more about changing it in chapter 6 of the o'reilly sendmail book.

Some info links for you to read up on are:
 http://www.sendmail.org/faq/section4.html#4.9
 http://www.sendmail.org/m4/mailers.html
 http://www.sendmail.org/m4/ostype.html


For what it is worth, do not remove procmail. I do not see from a system
support perspective why you want to remove it. What is the reason for
wanting to remove procmail?


-k




Michele Neylon :: Blacknight Solutions wrote:
>> Hi,
>>
>> We are using sendmail as MTA for mailscanner. Can I turn off
>> procmail? If can, how do I turn it off?
>
> You are probably using procmail to deliver the mail to mailboxes, so
> in a word. NO
>
> M
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From yoloits at ycoe.org  Thu Aug 12 17:44:48 2004
From: yoloits at ycoe.org (Jay Ehrhart)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.692.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV>I have found just the opposite.&nbsp; I run Calmav and F-prot both check 
for updates every hour.&nbsp; Clamav frequently finds viruses that F-prot hasn't 
been updated to see.&nbsp; For example:</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>MessageID: i79K0kEA006340<BR>&nbsp;&nbsp;&nbsp; 
Report: ClamAV: price_new.zip contains Trojan.JS.RunMe 
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ClamAV: 
price.exe contains Worm.Bagle.AI 
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
MailScanner: Executable DOS/Windows programs are dangerous in email 
(price.exe)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
ClamAV: price.html contains Trojan.JS.RunMe <BR>&nbsp;&nbsp;&nbsp; Report: 
ClamAV: price.exe contains Worm.Bagle.AI 
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
MailScanner: Executable DOS/Windows programs are dangerous in email 
(price.exe)<BR>&nbsp;&nbsp;&nbsp; Report: ClamAV: price.html contains 
Trojan.JS.RunMe </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>And</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>MessageID: i7CFYJdv011960<BR>&nbsp;&nbsp;&nbsp; 
Report: MailScanner: Message contained password-protected 
archive<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
ClamAV: text_document.zip contains Worm.Bagle.Gen-zippwd </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>This what it looks like when both catch a 
virus:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>MessageID: i7BFvmfe013859<BR>&nbsp;&nbsp;&nbsp; 
Report: F-Prot: 
/var/spool/MailScanner/incoming/5595/i7BFvmfe013859/your_picture.pif&nbsp; 
Infection: <A 
href="mailto:W32/Netsky.D@mm">W32/Netsky.D@mm</A><BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
ClamAV: your_picture.pif contains Worm.SomeFool.Gen-1 
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
MailScanner: Shortcuts to MS-Dos programs are very dangerous in email 
(your_picture.pif)<BR></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>----- Original Message ----- 
<DIV>From: "Christiaan den Besten" &lt;<A 
href="mailto:chris@scorpion.nl">chris@scorpion.nl</A>&gt;</DIV>
<DIV>To: &lt;<A 
href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A>&gt;</DIV>
<DIV>Sent: Thursday, August 12, 2004 5:16 AM</DIV>
<DIV>Subject: Which AV is right :) ?</DIV></DIV>
<DIV><BR></DIV>&gt; Hi !<BR>&gt; <BR>&gt; Just completed a small test to see if 
F-Prot finds viruses Clam passed as<BR>&gt; virusfree ..... and yes .. it 
did.<BR>&gt; <BR>&gt; But: I am not yet convinced if F-Prot is doing the 'Right 
thing TM :)"<BR>&gt; <BR>&gt; Scenario:<BR>&gt; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - 1. An email containing a virus as 
an attachment is send to a<BR>&gt; foreign mailserver.<BR>&gt; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - 2. Foreign mailserver bounces the 
message attaching the complete<BR>&gt; message in mbox format in de message 
body.<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - 3. Clam scans the 
messages -&gt; No virus found<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
- 4. F-Prot scans the message -&gt; Zafi.B found ....<BR>&gt; <BR>&gt; - The 
actual virus is in de mbox formatted body ... this is not executable<BR>&gt; by 
a normal user if he/she receives it ?<BR>&gt; - "Clamscan --mbox [body of msg]" 
does find the Zafi.B virus.<BR>&gt; <BR>&gt; Should MailScanner do a double 
check ?.. one with and one without de mbox<BR>&gt; parameter, or is F-Prot just 
to paranoid ?<BR>&gt; <BR>&gt; Which is right ?<BR>&gt; <BR>&gt; bye,<BR>&gt; 
Chrs<BR>&gt; <BR>&gt; ------------------------ MailScanner list 
------------------------<BR>&gt; To unsubscribe, email <A 
href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
words:<BR>&gt; 'leave mailscanner' in the body of the email.<BR>&gt; Before 
posting, read the MAQ (<A 
href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>) 
and<BR>&gt; the archives (<A 
href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>).</BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From chris at scorpion.nl  Thu Aug 12 17:45:43 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:33 2006
Subject: need assistance with log entry
Message-ID: <mailman.693.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v = 
"urn:schemas-microsoft-com:vml" xmlns:o = 
"urn:schemas-microsoft-com:office:office" xmlns:w = 
"urn:schemas-microsoft-com:office:word" xmlns:st1 = 
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
        BEHAVIOR: url(#default#VML)
}
o\:* {
        BEHAVIOR: url(#default#VML)
}
w\:* {
        BEHAVIOR: url(#default#VML)
}
.shape {
        BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]--><o:SmartTagType name="place" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType 
name="PostalCode" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType 
name="State" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType 
name="City" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType 
name="Street" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType 
name="address" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if !mso]>
<STYLE>st1\:* {
        BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
        font-family: Eurostile ExtendedTwo;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2>Well,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2>you could follow the advice and place a semicolon on the 
previous line :)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2>"$disabled = 0;" ... (add the ";")</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=093534416-12082004><FONT face=Arial 
color=#0000ff size=2>bye,<BR>Chris</FONT></SPAN></DIV><BR>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
  <HR tabIndex=-1>
  <FONT face=Tahoma size=2><B>From:</B> MailScanner mailing list 
  [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of </B>Dene 
  Ulmschneider<BR><B>Sent:</B> donderdag 12 augustus 2004 14:41<BR><B>To:</B> 
  MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> need assistance with log 
  entry<BR></FONT><BR></DIV>
  <DIV></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hello 
  all-<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I am running RHL 9 with 
  MailScanner version 4.29.7. I have been getting an error in my daily logs that 
  reads:<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face="Courier New" 
  color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">/etc/cron.daily/clean.quarantine:<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Courier New" color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face="Courier New" 
  color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">Scalar found 
  where operator expected at /etc/cron.daily/clean.quarantine line 15, near 
  "$quarantine_dir"<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Courier New" color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Missing semicolon on previous 
  line?)<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face="Courier New" 
  color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">syntax error 
  at /etc/cron.daily/clean.quarantine line 15, near "$quarantine_dir 
  "<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face="Courier New" 
  color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">Execution of 
  /etc/cron.daily/clean.quarantine aborted due to compilation 
  errors.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face="Courier New" 
  color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: 'Courier New'">/etc/cron.daily/f-prot.cron:<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Courier New" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Courier New" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Can anyone assist in 
  fixing this? I am not sure what needs to be done. Below is a snip form the 
  file mentioned above:<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Courier New" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face=Arial color=red 
  size=2><SPAN style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial">$disabled 
  = 0<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face=Arial color=red 
  size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face=Arial color=red 
  size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial">$quarantine_dir = 
  '/var/spool/MailScanner/quarantine';<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face=Arial color=red 
  size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial">$days_to_keep&nbsp;&nbsp; 
  = 30;<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial color=red size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal style="TEXT-INDENT: 0.5in"><FONT face=Arial color=red 
  size=2><SPAN style="FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: Arial">exit if 
  $disabled;<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Any help would be greatly 
  appreciated.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">Regards,<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">Dene 
  Ulmschneider<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Times New Roman" size=2><SPAN 
  style="FONT-SIZE: 10pt"><IMG id=_x0000_i1025 height=23 
  src="cid:093534416@12082004-1057" width=205></SPAN></FONT><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'"><o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><st1:Street w:st="on"><st1:address w:st="on"><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">142 Willis 
  Avenue</SPAN></FONT></st1:address></st1:Street><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'"><o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><st1:place w:st="on"><st1:City w:st="on"><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">Mineola</SPAN></FONT></st1:City><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">, <st1:State 
  w:st="on">N.Y.</st1:State> <st1:PostalCode 
  w:st="on">11501</st1:PostalCode></SPAN></FONT></st1:place><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'"><o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">tel:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  866.MY.PC.HELP<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">fax:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  718.228.2657<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">web:&nbsp;&nbsp;&nbsp;&nbsp; 
  <A title=http://www.datatechie.com/ 
  href="http://www.datatechie.com/">www.datatechie.com</A><o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'">email:&nbsp;&nbsp; 
  <A title=mailto:dene@datatechie.com 
  href="mailto:dene@datatechie.com">dene@datatechie.com</A></SPAN></FONT><FONT 
  face="Eurostile ExtendedTwo" size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: 'Eurostile ExtendedTwo'"><o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></P></DIV>------------------------ 
  MailScanner list ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>
Embedded Content: image00121.jpg: 00000001,5e9f0efb,00000000,00000000

From kevins at BMRB.CO.UK  Thu Aug 12 17:48:35 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:33 2006
Subject: need assistance with log entry
Message-ID: <mailman.694.1137101193.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-12 at 13:41, Dene Ulmschneider wrote:

> Scalar found where operator expected at
> /etc/cron.daily/clean.quarantine line 15, near "$quarantine_dir"
>
>             (Missing semicolon on previous line?)
<snip>
> Can anyone assist in fixing this? I am not sure what needs to be done.
> Below is a snip form the file mentioned above:
> $disabled = 0
>
>
>
> $quarantine_dir = '/var/spool/MailScanner/quarantine';
<snip>
Summary: an error occurred at line 15  due to a missing semicolon on the
previous line.

The previous line reads
$disabled=0
it should read
$disabled=0;






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From SmartD at VMCMAIL.COM  Thu Aug 12 17:50:02 2004
From: SmartD at VMCMAIL.COM (Smart,Dan)
Date: Thu Jan 12 21:26:33 2006
Subject: Possible message corruption doing hold queue ac cess...
Message-ID: <mailman.695.1137101193.24926.mailscanner@lists.mailscanner.info>

Sorry.  I thought I searched for this first, but I searched on "corrupt"
instead of "postfix" in titles only.

Missed the reply.  The thread your refer to is from July 7.

The upshot I get is that the hold queue technique solves the queue access
problem.

<<Dan>>




>  -----Original Message-----
>  [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller
>  Sent: Wednesday, August 11, 2004 4:12 PM
>  To: MAILSCANNER@JISCMAIL.AC.UK
>
>  Lots of posts about that - check the archive.  There was a
>  bunch just last week or the week before as a matter of fact...
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris at scorpion.nl  Thu Aug 12 18:03:16 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.696.1137101193.24926.mailscanner@lists.mailscanner.info>

Jay,

fyi: Most people don't like html-formatted mail :) ... please use plain ....

I am not asking which virus checked is 'better' at finding virusses.
Offcourse, running more than one virus checker if you have a. the money, b.
the (cpu) resources is (probably) always better :)

My question is more directed to the level of depth Clam and F-Prot dive into
a message to see if it contains a virus. In this case the 'bounce' message
contained a virus in de body-text. So .. Peter already answered that there
are clients who can still 'run' the virus conceiled in such a body, so the
virus-checker should at least dig as deep into a message as any client would
be able to do.

Therefore I am wondering if we should change the way Clam does checking on a
message ... or perhaps increase the depth of mime-decoding MailScanner does
before handing it over to the virus scanner ...

bye,
Chris


________________________________

        From: Jay Ehrhart [mailto:yoloits@ycoe.org]

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Aug 12 18:22:39 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:33 2006
Subject: Any current DNBSL outages?
Message-ID: <mailman.697.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:44 AM 8/12/2004, Tim Guy wrote:
>I'm experiencing an increase in legitimate mail being caught in the
>filter.
>
>Its too early to say if its only the white list domains that are getting
>through but I remember having the same problem when "infinite monkeys"
>headed south???

Checking at www.dnsstuff.com and www.openrbl.org, no major ones seem to be
offline, and I've not seen any recent announcements of dead RBLs in any
lists I'm on (here, spamassassin-users, razor-user).

I also checked the NANAE archives on google groups, all posts going back to
and including august 9th, nothing there. Searches for RBL, DNSBL, and RHSBL
and sorting by date did not turn up anything useful either.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Thu Aug 12 18:30:19 2004
From: alex at NKPANAMA.COM (Alex Neuman)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.698.1137101193.24926.mailscanner@lists.mailscanner.info>

Use AUTH. Works like a charm.

Look for "enabling SMTP AUTH" on Google.

> Hi,
>
> I added the line below to my sendmail.mc and then regenerated the
> sendmail.cf file.
>
> FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to
> <"$&f"> thru "$&{client_name}" by The Spamhaus SBL+XBL DNSBL ; Please
> visit
> http://www.spamhaus.org/ for more information."')dnl
>
> It's working fine by stopping spams from spamhaus list before mails could
> even reach mailscanner and thus freeing my server load. I love this
> feature
> a lot as we are getting tons of spams daily.
>
> But the problem is, some of my users also are unable to send their emails
> using SMTP server as their "dynamic" IP is banned because some of the ips
> are listed in spamhaus. They keep getting the error above. How can I
> rectify this? Is there a command for me to add to allow user based on
> their
> IP address or email address?
>
> Perhaps I could allow IP address of certain range (within my ISP) to go
> through this? After all, once the mails pass through this barrier, there
> are also Mailscanner to take care of the spams.
>
> Thanks in advance.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at NKPANAMA.COM  Thu Aug 12 18:32:28 2004
From: alex at NKPANAMA.COM (Alex Neuman)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with sendmail and spamhaus
Message-ID: <mailman.699.1137101193.24926.mailscanner@lists.mailscanner.info>

I believe it's RIGHT. Have hardly had any FP's because of it in more than
3 years - and for legit users SMTP AUTH takes care of everything.

I use 6 or 7 RBL's at the MTA level.

> Blocking based on an RBL is WRONG. You are simply asking for trouble
>
>
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From david.weber at BACKBONESECURITY.COM  Thu Aug 12 19:22:54 2004
From: david.weber at BACKBONESECURITY.COM (David CM Weber)
Date: Thu Jan 12 21:26:33 2006
Subject: Sendmail as a SmartHost for Exchange
Message-ID: <mailman.700.1137101193.24926.mailscanner@lists.mailscanner.info>

Partially off topic, but I am in an environment where all of the
incoming mail goes through a Mailscanner system, and is forwarded onto
an Exchange 2000 server for final delivery.

I'm trying to get the opposite to occur, mostly because my boss can't
send mail to a single person because the outgoing email box doesn't have
Reverse DNS (well, it hasn't propagated yet).  I'm able to receive email
from the sendmail box, and I'm able to manually relay outgoing mail from
the exchange system to the Internet.  

However, when I enable the "smart host" setting on Exchange, the mail
headers don't change from going through MailScanner, and we still can't
send to this recipient.

Is there more to it, to get sendmail/mailscanner working as an outgoing
Smart host?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jstevens at ATHENSDISTRIBUTING.COM  Thu Aug 12 19:43:28 2004
From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens)
Date: Thu Jan 12 21:26:33 2006
Subject: Sendmail as a SmartHost for Exchange
Message-ID: <mailman.701.1137101193.24926.mailscanner@lists.mailscanner.info>

MS Q Article 265293 should get the job done..

This will stop the Exchange server from doing the lookup and sending
outgoing SMTP. The work will be done by the host you define.

-----Original Message-----
From: David CM Weber [mailto:david.weber@BACKBONESECURITY.COM] 
Sent: Thursday, August 12, 2004 1:23 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Sendmail as a SmartHost for Exchange


Partially off topic, but I am in an environment where all of the
incoming mail goes through a Mailscanner system, and is forwarded onto
an Exchange 2000 server for final delivery.

I'm trying to get the opposite to occur, mostly because my boss can't
send mail to a single person because the outgoing email box doesn't have
Reverse DNS (well, it hasn't propagated yet).  I'm able to receive email
from the sendmail box, and I'm able to manually relay outgoing mail from
the exchange system to the Internet.  

However, when I enable the "smart host" setting on Exchange, the mail
headers don't change from going through MailScanner, and we still can't
send to this recipient.

Is there more to it, to get sendmail/mailscanner working as an outgoing
Smart host?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From david.weber at BACKBONESECURITY.COM  Thu Aug 12 19:51:10 2004
From: david.weber at BACKBONESECURITY.COM (David CM Weber)
Date: Thu Jan 12 21:26:33 2006
Subject: Sendmail as a SmartHost for Exchange
Message-ID: <mailman.702.1137101193.24926.mailscanner@lists.mailscanner.info>

*shakes fist at microsoft*

I was changing it on the virtual server, not the SMTP connector

Thanks

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James R. Stevens
> Sent: Thursday, August 12, 2004 2:43 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Sendmail as a SmartHost for Exchange
> 
> 
> MS Q Article 265293 should get the job done..
> 
> This will stop the Exchange server from doing the lookup and 
> sending outgoing SMTP. The work will be done by the host you define.
> 
> -----Original Message-----
> From: David CM Weber [mailto:david.weber@BACKBONESECURITY.COM] 
> Sent: Thursday, August 12, 2004 1:23 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Sendmail as a SmartHost for Exchange
> 
> 
> Partially off topic, but I am in an environment where all of 
> the incoming mail goes through a Mailscanner system, and is 
> forwarded onto an Exchange 2000 server for final delivery.
> 
> I'm trying to get the opposite to occur, mostly because my 
> boss can't send mail to a single person because the outgoing 
> email box doesn't have Reverse DNS (well, it hasn't 
> propagated yet).  I'm able to receive email from the sendmail 
> box, and I'm able to manually relay outgoing mail from the 
> exchange system to the Internet.  
> 
> However, when I enable the "smart host" setting on Exchange, 
> the mail headers don't change from going through MailScanner, 
> and we still can't send to this recipient.
> 
> Is there more to it, to get sendmail/mailscanner working as 
> an outgoing Smart host?
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' 
> in the body of the email. Before posting, read the MAQ 
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Aug 12 19:53:47 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.703.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!

> >- "Clamscan --mbox [body of msg]" does find the Zafi.B virus.
> >
> >Should MailScanner do a double check ?.. one with and one without de mbox
> >parameter, or is F-Prot just to paranoid ?
> >
> >Which is right ?
>
> I would consider F-Prot to be right in protecting people used to
> clicking on attachments.

What could we do to avoid this?

Example:

[raymond@vmx80 raymond]$ clamscan msg-29387-93.txt
msg-29387-93.txt: OK

[raymond@vmx80 raymond]$ clamscan --mbox msg-29387-93.txt
msg-29387-93.txt: Worm.Zafi.B FOUND

These ones walk right in if you are using only clam...

Julian, suggestions ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jase at SENSIS.COM  Thu Aug 12 19:59:13 2004
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.704.1137101193.24926.mailscanner@lists.mailscanner.info>

>
> What could we do to avoid this?
>
> Example:
>
> [raymond@vmx80 raymond]$ clamscan msg-29387-93.txt
> msg-29387-93.txt: OK
>
> [raymond@vmx80 raymond]$ clamscan --mbox msg-29387-93.txt
> msg-29387-93.txt: Worm.Zafi.B FOUND
>
> These ones walk right in if you are using only clam...

Are you sure that the file contains valid mime headers that are not broken
because of a bounce message?  Can you make that file available via http?

Jase

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Aug 12 20:18:50 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.705.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!

> > [raymond@vmx80 raymond]$ clamscan msg-29387-93.txt
> > msg-29387-93.txt: OK
> >
> > [raymond@vmx80 raymond]$ clamscan --mbox msg-29387-93.txt
> > msg-29387-93.txt: Worm.Zafi.B FOUND
> >
> > These ones walk right in if you are using only clam...
>
> Are you sure that the file contains valid mime headers that are not broken
> because of a bounce message?  Can you make that file available via http?

Sure, grab it at:

http://mailscanner.prolocation.net/example.txt

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jase at SENSIS.COM  Thu Aug 12 20:31:43 2004
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.706.1137101193.24926.mailscanner@lists.mailscanner.info>

>>> [raymond@vmx80 raymond]$ clamscan msg-29387-93.txt
>>> msg-29387-93.txt: OK
>>>
>>> [raymond@vmx80 raymond]$ clamscan --mbox msg-29387-93.txt
>>> msg-29387-93.txt: Worm.Zafi.B FOUND
>>>
>>> These ones walk right in if you are using only clam...
>>
>> Are you sure that the file contains valid mime headers that are not
>> broken because of a bounce message?  Can you make that file
>> available via http?
>
> Sure, grab it at:
>
> http://mailscanner.prolocation.net/example.txt

I'm no expert, but it looks to me like there are no valid mime attachments
to this message.  And it does look like a bounce message.  My guess is that
the mta (in this case, it looks like qmail) sent a delivery failure message,
and just included the contents of the original message without making it a
mime attachment.  So I think technically, a mail client should not be able
to decode the virus that was in the original message.

Maybe clam, when used with --mbox, will look for mime attachments anywhere
in the file (as if the file were an mbox) and not care if it is truly valid
or not.

Do you know of any clients that could successfully save that attachment?
(You may have to disable any desktop AV too, as it may detect it as well).

Jase

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 12 20:32:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.707.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:18 12/08/2004, you wrote:
> > > These ones walk right in if you are using only clam...
> >
> > Are you sure that the file contains valid mime headers that are not broken
> > because of a bounce message?  Can you make that file available via http?
>
>Sure, grab it at:
>
>http://mailscanner.prolocation.net/example.txt

The reason MailScanner doesn't detect it is at the end of the included
headers, you get this:
X-Priority: 3
Microsoft Outlook Express 5.00.2314.1300

Notice that the last line has no header name. Therefore this message in
invalid. Headers need to have a name.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Thu Aug 12 20:37:42 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:33 2006
Subject: Which AV is right :) ?
Message-ID: <mailman.708.1137101193.24926.mailscanner@lists.mailscanner.info>

Hi!

> >http://mailscanner.prolocation.net/example.txt

> The reason MailScanner doesn't detect it is at the end of the included
> headers, you get this:
> X-Priority: 3
> Microsoft Outlook Express 5.00.2314.1300
>
> Notice that the last line has no header name. Therefore this message in
> invalid. Headers need to have a name.

The question is, what does outlook with this. If its 'valid' there people
still have a problem. F-prot does detect it anyway, so my users wont see
them, but ...

I'll remove the provided url, to avoid people fooling around with it :)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Tim at NSOPTIMUM.CO.UK  Thu Aug 12 20:52:40 2004
From: Tim at NSOPTIMUM.CO.UK (Tim Guy)
Date: Thu Jan 12 21:26:33 2006
Subject: Any current DNBSL outages?
Message-ID: <mailman.709.1137101193.24926.mailscanner@lists.mailscanner.info>

-----Original Message-----
From: Matt Kettler [mailto:mkettler@EVI-INC.COM] 
Sent: 12 August 2004 18:23
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Any current DNBSL outages?


>Checking at www.dnsstuff.com and www.openrbl.org, no major ones seem to
be
>offline, and I've not seen any recent announcements of dead RBLs in any
>lists I'm on (here, spamassassin-users, razor-user).
>
>I also checked the NANAE archives on google groups, all posts going
back to
>and including august 9th, nothing there. Searches for RBL, DNSBL, and
RHSBL
>and sorting by date did not turn up anything useful either.

Matt I appreciate you looking.

That's mate

Tim

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dwinkler at ALGORITHMICS.COM  Thu Aug 12 21:38:54 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:33 2006
Subject: Problem with clamav-autoupdate
Message-ID: <mailman.710.1137101193.24926.mailscanner@lists.mailscanner.info>

I had to comment out this line:

eval { Sys::Syslog::setlogsock('unix'); }; # This may fail!

to get /opt/MailScanner/lib/clamav-autoupdate logging to work.

Solaris 8, ClamAV 0.75.1

# ./MailScanner --version
This is Perl version 5.008005
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.64    Mail::SpamAssassin
missing Net::LDAP
0.15    SAVI
missing Mail::ClamAV
#

Thanks,

Derek

---

This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jimkrebs at GMAIL.COM  Thu Aug 12 21:45:30 2004
From: jimkrebs at GMAIL.COM (Jean Krebs)
Date: Thu Jan 12 21:26:33 2006
Subject: clamdscan + MailScanner
Message-ID: <mailman.711.1137101193.24926.mailscanner@lists.mailscanner.info>

Hello, All!

I've looked through the archives, someone had a similar problem but I
didn't find any solutions to this:

I have the following setup:

FreeBSD 4.10
Postfix 2.01
ClamAV 0.7
MailScanner 4.29

I have modified the clamav-wrapper file to use clamdscan instead of
clamscan by modifying the following line:

ClamScan=$1/bin/clamscan

for

ClamScan=$1/bin/clamdscan


MailScanner is working fine, but I get the following from my maillog.
Viruses are being let through:

Aug 12 12:58:03 kamino MailScanner[4377]: New Batch: Scanning 1
messages, 776 bytes
Aug 12 12:58:04 kamino MailScanner[4377]: Virus and Content Scanning: Starting
Aug 12 12:58:05 kamino MailScanner[4377]:
/var/spool/MailScanner/incoming/4377/.: Can't access the file ERROR
Aug 12 12:58:05 kamino MailScanner[4377]: ProcessClamAVOutput:
unrecognised line "/var/spool/MailScanner/incoming/4377/.: Can't
access the file ERROR". Please contact the authors!


The permissions on /var/spool/MailScanner/incoming are correct. They
are owned by postfix:postfix.

Any suggestions would be gratly appreciated.


Thank you,

--
Jean Krebs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Thu Aug 12 22:05:46 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:33 2006
Subject: clamdscan + MailScanner
Message-ID: <mailman.712.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jean Krebs wrote:
> I have modified the clamav-wrapper file to use clamdscan instead of
> clamscan by modifying the following line:

Have you tested it without modifications? Did it work then?

> Aug 12 12:58:05 kamino MailScanner[4377]:
> /var/spool/MailScanner/incoming/4377/.: Can't access the file ERROR

> The permissions on /var/spool/MailScanner/incoming are correct. They
> are owned by postfix:postfix.

Clam is normally executed as user clamav so it would have helped if you
posted the actual permissions instead of just saying they are correct.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jimkrebs at GMAIL.COM  Thu Aug 12 22:16:17 2004
From: jimkrebs at GMAIL.COM (Jean Krebs)
Date: Thu Jan 12 21:26:33 2006
Subject: clamdscan + MailScanner
Message-ID: <mailman.713.1137101193.24926.mailscanner@lists.mailscanner.info>

>
> Have you tested it without modifications? Did it work then?

Yes, it worked then!

> > The permissions on /var/spool/MailScanner/incoming are correct. They
> > are owned by postfix:postfix.
>
> Clam is normally executed as user clamav so it would have helped if you
> posted the actual permissions instead of just saying they are correct.

Here are the permissions:

/var/spool/MailScanner
total 8
drwxr-xr-x   4 root     wheel    512 Aug  9 18:04 .
drwxr-xr-x  12 root     wheel    512 Aug  9 18:04 ..
drwxr-xr-x   4 postfix  postfix  512 Aug 12 17:44 incoming
drwxr-xr-x   3 postfix  postfix  512 Aug 12 12:39 quarantine


Tnx,
--
Jean Krebs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Thu Aug 12 22:41:36 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:33 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.714.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just a heads up, if you upgrade to SpamAssassin 2.64 AND are running the
SpamcopURI plugin, make sure you upgrade to SpamcopURI 0.22 *BEFORE* you
restart MailScanner/SpamAssassin.

Guess who upgraded SpamAssassin last night and went home?....then the
phone started ringing.  No mail being delivered.  Seems there's some
sort of compile error with SA 2.64 and older versions of SpamcopURI
which prevented MailScanner from starting.

So before anyone else shoots them self in the foot, I thought I'd share
my stupidity with others.  Now excuse me while I self-LART for a while.

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Fri Aug 13 00:57:24 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:33 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.715.1137101193.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of James Gray
> Sent: Thursday, August 12, 2004 5:42 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Spamassassin 2.64 + SpamcopURI
>
> Just a heads up, if you upgrade to SpamAssassin 2.64 AND are running the
> SpamcopURI plugin, make sure you upgrade to SpamcopURI 0.22 *BEFORE* you
> restart MailScanner/SpamAssassin.
>
The order is important:

        1. Stop MailScanner
        2. Upgrade to SpamAssassin 2.64
        3. Upgrade to Mail::SpamAssassin::SpamCopURI
           (You can use CPAN or download the files)
        4. Start MailScanner
        5. Check for proper message handling
        6. Go home

I've updated the package and instructions for installing
Mail::SpamAssassin::SpamCopURI along with a multi.surbl.org.cf file, You can
download from:

        http://www.fsl.com/support

Please let me know if you have any problems installing from this package.

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> Guess who upgraded SpamAssassin last night and went home?....then the
> phone started ringing.  No mail being delivered.  Seems there's some
> sort of compile error with SA 2.64 and older versions of SpamcopURI
> which prevented MailScanner from starting.
>
> So before anyone else shoots them self in the foot, I thought I'd share
> my stupidity with others.  Now excuse me while I self-LART for a while.
>
> Cheers,
>
> James



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 01:07:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:33 2006
Subject: Antivir fixed?
Message-ID: <mailman.716.1137101193.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Did my Antivir support patch fix the problem for all the Antivir users?
Remember you need to completely stop and restart MailScanner after applying
the patch.

I heard 1 positive response but that was about it.
I need more responses than that...

Thanks folks.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hden at KCBBS.GEN.NZ  Fri Aug 13 01:14:41 2004
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:26:34 2006
Subject: eTRUST and MailScanner
Message-ID: <mailman.717.1137101193.24926.mailscanner@lists.mailscanner.info>

Hello

We've just installed etrust on a Linux RedHat 8 server.
All the Docs related to installing on RedHat only seem
to go up to RH v7 - but ino seemed to install OK, except
MailScanner doesn't seem to 'see' it ?

I'm aware of previous mail group mail RE: etrust, they
mention a patch for RH v8 on the ca web site.

Q: Will I need this? and if so, where on the WEB site
is ir? [and yup, I did have a look but couldn't spot it]

and/or what else do we need in order to use etrust?

Cheers!
Hendrik

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 01:16:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.718.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Would you like me to add things to the Solaris distribution?
Things I have recently written in the way of installation scripts include
Mail::ClamAV and all its dependencies, including clam itself, along with
Mail::SpamAssassin including all its dependencies.

These are all currently designed for the tar distribution for Solaris
systems, I can also give you a set of the most useful freeware packages
(for i386 & sparc) along with a script to install them. Are there Solaris
users out there who would like this?

This is all coming out of a one-command Solaris 9 distribution I am putting
together for a potential user.

I'm not sure it will appear for RPM systems, I haven't really got time.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 01:41:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: eTRUST and MailScanner
Message-ID: <mailman.719.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 01:14 13/08/2004, you wrote:
>Hello
>
>We've just installed etrust on a Linux RedHat 8 server.
>All the Docs related to installing on RedHat only seem
>to go up to RH v7 - but ino seemed to install OK, except
>MailScanner doesn't seem to 'see' it ?
>
>I'm aware of previous mail group mail RE: etrust, they
>mention a patch for RH v8 on the ca web site.
>
>Q: Will I need this? and if so, where on the WEB site
>is ir? [and yup, I did have a look but couldn't spot it]
>
>and/or what else do we need in order to use etrust?

You need to check where you installed it and, if necessary, change
MailScanner's setting for where to look for the scanner.
In
         /etc/MailScanner/virus.scanners.conf
there is a table that describes where MailScanner will think the virus
scanner is installed. Check that this setting is correct for your eTrust
installation.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From danielk at AVALONPUB.COM  Fri Aug 13 02:28:07 2004
From: danielk at AVALONPUB.COM (Daniel Kleinsinger)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.720.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James Gray wrote:

> Guess who upgraded SpamAssassin last night and went home?....then the
> phone started ringing.  No mail being delivered.  Seems there's some
> sort of compile error with SA 2.64 and older versions of SpamcopURI
> which prevented MailScanner from starting.
>
spamassassin --lint
is your friend.

Daniel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at OCS.COM  Fri Aug 13 03:35:42 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.721.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Stephen Swaney wrote:
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of James Gray

>>Just a heads up, if you upgrade to SpamAssassin 2.64 AND are running the
>>SpamcopURI plugin, make sure you upgrade to SpamcopURI 0.22 *BEFORE* you
>>restart MailScanner/SpamAssassin.
>>
>
> The order is important:
>
>         1. Stop MailScanner
>         2. Upgrade to SpamAssassin 2.64
>         3. Upgrade to Mail::SpamAssassin::SpamCopURI
>            (You can use CPAN or download the files)
>         4. Start MailScanner
>         5. Check for proper message handling
>         6. Go home

Er yep.  Normally I'm pretty religious about all this and do exactly
what you describe above.  A combination of late nights (3 week old baby
in the house), busy day, stupid lusers, lack of caffeine and general
"screw it" attitude meant I was slack.  Silly me, that's when Murphy visits!

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at OCS.COM  Fri Aug 13 03:39:44 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.722.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Daniel Kleinsinger wrote:
> James Gray wrote:
>
>> Guess who upgraded SpamAssassin last night and went home?....then the
>> phone started ringing.  No mail being delivered.  Seems there's some
>> sort of compile error with SA 2.64 and older versions of SpamcopURI
>> which prevented MailScanner from starting.
>>
> spamassassin --lint
> is your friend.
>
> Daniel

Indeed.  I even have a script that verifies a "functioning" mailscanner
system before telling it to restart (I build stuff in a developement
directory tree before copying it over the "working" stuff).  Alas I was
in too much of a hurry to escape the orifice and missed the SpamcopURI
upgrade and didn't bother running the verification script.  Just did the
SA 2.64 upgrade, did the /usr/local/etc/init.d/mailscanner.sh restart"
and went home - didn't even tail the log for a few seconds to make sure
it worked! Doh! Doh! Doh!

Sleep has been had, coffee consumed and LARTing complete.  I think it
safe to wear the Mail Admin hat again.

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greyhair at GREYHAIR.NET  Fri Aug 13 05:39:44 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.723.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Congrats on the 3 wk old!

James Gray wrote:
> Daniel Kleinsinger wrote:
>
>> James Gray wrote:
>>
>>> Guess who upgraded SpamAssassin last night and went home?....then the
>>> phone started ringing.  No mail being delivered.  Seems there's some
>>> sort of compile error with SA 2.64 and older versions of SpamcopURI
>>> which prevented MailScanner from starting.
>>>
>> spamassassin --lint
>> is your friend.
>>
>> Daniel
>
>
> Indeed.  I even have a script that verifies a "functioning" mailscanner
> system before telling it to restart (I build stuff in a developement
> directory tree before copying it over the "working" stuff).  Alas I was
> in too much of a hurry to escape the orifice and missed the SpamcopURI
> upgrade and didn't bother running the verification script.  Just did the
> SA 2.64 upgrade, did the /usr/local/etc/init.d/mailscanner.sh restart"
> and went home - didn't even tail the log for a few seconds to make sure
> it worked! Doh! Doh! Doh!
>
> Sleep has been had, coffee consumed and LARTing complete.  I think it
> safe to wear the Mail Admin hat again.
>
> Cheers,
>
> James
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james at 080.NET  Fri Aug 13 06:26:23 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:34 2006
Subject: Web based Administration
Message-ID: <mailman.724.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Hi!</DIV>
<DIV>Is there any open source Web based Administration for MailScanner 
configuration ? (for Admin and users)</DIV>
<DIV>After a few weeks of using MailScanner + ClamAV + SA , I feel it is quite 
powerful and useful solutions (except the loading, it really eat some resource 
of my server) , and I prepare to use this solution for my hosting clients, but 
we have to give them a web-based confirguation interface, I wondering if there 
is already someone have done this.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards,</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>James</DIV></BODY><br />
<br />
<br />
<br />----------------------------------------------------------
<br />¥»¶l¥ó¤w¸g¹L<a href="http://080.net">080.net</a> ¸s·ù¬ì§Þ¯f¬r±½ºË
<br />Viruses Scanned by <a href="http://080.net">080.net</a>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From jah at CALEOTECH.COM  Fri Aug 13 07:04:32 2004
From: jah at CALEOTECH.COM (Jens Ahlin)
Date: Thu Jan 12 21:26:34 2006
Subject: eTRUST and MailScanner
Message-ID: <mailman.725.1137101194.24926.mailscanner@lists.mailscanner.info>

I'm running RH 8 and eTrust 7 with mailscanner.
I had to apply the patch in order to install it what I can remember.

You can find the patch here:
Note that you need to login to access this page.
http://esupport.ca.com/index.html?/premium/antivirus/downloads/linux/QO39863
.asp

        Jens


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Hendrik den Hartog
> Sent: den 13 augusti 2004 02:15
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: eTRUST and MailScanner
>
> Hello
>
> We've just installed etrust on a Linux RedHat 8 server.
> All the Docs related to installing on RedHat only seem to go
> up to RH v7 - but ino seemed to install OK, except
> MailScanner doesn't seem to 'see' it ?
>
> I'm aware of previous mail group mail RE: etrust, they
> mention a patch for RH v8 on the ca web site.
>
> Q: Will I need this? and if so, where on the WEB site is ir?
> [and yup, I did have a look but couldn't spot it]
>
> and/or what else do we need in order to use etrust?
>
> Cheers!
> Hendrik
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gary at SAHARA.CO.ZA  Fri Aug 13 08:11:35 2004
From: gary at SAHARA.CO.ZA (Gary Alexander)
Date: Thu Jan 12 21:26:34 2006
Subject: OT: Stopping sendmail from allowing external hosts to use local
    email addresses
Message-ID: <mailman.726.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi All

As per my subject, can anyone point me to some documentation on how to
achieve this in sendmail ie: If a most likely virus infected host tries
to send a mail using someuser@mydomain.co.za to
someotheruser@mydomain.co.za and that host is not one of a set of
predefined hosts, is there a way to reject it?

This would really help to cut down the load of viruses I've seen lately
that are doing this, and I have no valid users that would require to do
this.

Thanks for any help in this regard.

Gary Alexander
Technical Manager
Sahara Systems, South Africa
Tel: +27 (0)11 5421000
Fax: +27 (0)11 5421100





-  PLEASE NOTE -

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of Sahara Computers (Pty) Ltd. Finally, while Sahara
Computers attempts to ensure that all email is virus-free, Sahara
Computers accepts no liability for any damage caused by any virus
transmitted by this email.

Sahara Computers (PTY) Ltd
89 Gazelle Avenue, Corporate Park, Midrand, South Africa
Private Bag X180, Halfway House, 1685, South Africa

-----
Scanned and protected by MailScanner @ mail.sahara.co.za

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Fri Aug 13 08:16:37 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.727.1137101194.24926.mailscanner@lists.mailscanner.info>

On Fri, 13 Aug 2004 12:39:44 +1000, you wrote:

>Sleep has been had, coffee consumed and LARTing complete.  I think it
>safe to wear the Mail Admin hat again.

Probably it's mail screw up week. In automating blocking of virus
infected PC's I managed to block allmost all virus sending mailservers
of Dutch ISP's.

Yes, I know. I should use virbl, but that would be the first BL used in
sendmail and I want to test that first. But then I have to get my hands
on a test system. I had one untill November 20, 2002.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Fri Aug 13 08:19:49 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:34 2006
Subject: Spamassassin 2.64 + SpamcopURI
Message-ID: <mailman.728.1137101194.24926.mailscanner@lists.mailscanner.info>

On Thu, 12 Aug 2004 19:57:24 -0400, you wrote:

>> Just a heads up, if you upgrade to SpamAssassin 2.64 AND are running the
>> SpamcopURI plugin, make sure you upgrade to SpamcopURI 0.22 *BEFORE* you
>> restart MailScanner/SpamAssassin.
>>
>The order is important:
>
>        1. Stop MailScanner
>        2. Upgrade to SpamAssassin 2.64

Using CPAN of a tarbal?

>        3. Upgrade to Mail::SpamAssassin::SpamCopURI
>           (You can use CPAN or download the files)
>        4. Start MailScanner
>        5. Check for proper message handling

I normally do this. But as everybody knows, it goes wrong the one time
you forget this.

>        6. Go home

First I have to upgrade the other systems.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Fri Aug 13 08:23:28 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:34 2006
Subject: Nod 32 and mailscanner
Message-ID: <mailman.729.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please,
how to install MailScanner witn AV Nod32?

File nod32-wrapper dont work because file nod32 (from installation) not
exist.

I have last trial installation of nod32 for linux from eset and there
are only files:

nod32d
nod32mdu
nod32mta
nod32smtp


...

Thanks

Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From p.g.m.peters at utwente.nl  Fri Aug 13 08:31:54 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:34 2006
Subject: OT: Stopping sendmail from allowing external hosts to use
    local email addresses
Message-ID: <mailman.730.1137101194.24926.mailscanner@lists.mailscanner.info>

On Fri, 13 Aug 2004 09:11:35 +0200, you wrote:

>As per my subject, can anyone point me to some documentation on how to
>achieve this in sendmail ie: If a most likely virus infected host tries
>to send a mail using someuser@mydomain.co.za to
>someotheruser@mydomain.co.za and that host is not one of a set of
>predefined hosts, is there a way to reject it?

You are looking for a way to prevent address forgeries. You could have a
look at SPF. Google for "sendmail spf" and "sendmail libspf". You need
at least sendmail 8.13 I believe.

And check out the newsgroup comp.mail.sendmail.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Fri Aug 13 08:32:10 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:34 2006
Subject: clamdscan + MailScanner
Message-ID: <mailman.731.1137101194.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-12 at 21:45, Jean Krebs wrote:
> I have modified the clamav-wrapper file to use clamdscan instead of
> clamscan by modifying the following line:
>
> ClamScan=$1/bin/clamscan
>
> for
>
> ClamScan=$1/bin/clamdscan

Why don't you just use the ClamAV perl module if you are concerned about
performance?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Peter.Botcherby at GENETICS.KCL.AC.UK  Fri Aug 13 08:33:08 2004
From: Peter.Botcherby at GENETICS.KCL.AC.UK (Peter K. Botcherby)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.732.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian,

Sounds interesting as a current Solaris 9 user

regards
Peter

Julian Field wrote:

> Would you like me to add things to the Solaris distribution?
> Things I have recently written in the way of installation scripts include
> Mail::ClamAV and all its dependencies, including clam itself, along with
> Mail::SpamAssassin including all its dependencies.
>
> These are all currently designed for the tar distribution for Solaris
> systems, I can also give you a set of the most useful freeware packages
> (for i386 & sparc) along with a script to install them. Are there Solaris
> users out there who would like this?
>
> This is all coming out of a one-command Solaris 9 distribution I am putting
> together for a potential user.
>
> I'm not sure it will appear for RPM systems, I haven't really got time.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Andreas.Doerfler at KEMPTEN.DE  Fri Aug 13 09:39:16 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.733.1137101194.24926.mailscanner@lists.mailscanner.info>

the sweepviruses.pm.patch ?
the file from
http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_
eicar
still passes ms and clamd without getting blocked

but looks like it´s a problem from clamav ...

ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
/5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
authors!

greetings
andy

> -----Ursprüngliche Nachricht-----
> Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
> Gesendet: Freitag, 13. August 2004 02:07
> An: MAILSCANNER@JISCMAIL.AC.UK
> Betreff: Antivir fixed?
> 
> 
> Did my Antivir support patch fix the problem for all the 
> Antivir users?
> Remember you need to completely stop and restart MailScanner 
> after applying
> the patch.
> 
> I heard 1 positive response but that was about it.
> I need more responses than that...
> 
> Thanks folks.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 09:57:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.734.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It's not Clam I'm interested in here, it's Antivir.

At 09:39 13/08/2004, you wrote:
>the sweepviruses.pm.patch ?
>the file from
>http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_
>eicar
>still passes ms and clamd without getting blocked
>
>but looks like it´s a problem from clamav ...
>
>ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
>/5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
>authors!
>
>greetings
>andy
>
> > -----Ursprüngliche Nachricht-----
> > Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
> > Gesendet: Freitag, 13. August 2004 02:07
> > An: MAILSCANNER@JISCMAIL.AC.UK
> > Betreff: Antivir fixed?
> >
> >
> > Did my Antivir support patch fix the problem for all the
> > Antivir users?
> > Remember you need to completely stop and restart MailScanner
> > after applying
> > the patch.
> >
> > I heard 1 positive response but that was about it.
> > I need more responses than that...
> >
> > Thanks folks.
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From marcel at IRC-ADDICTS.DE  Fri Aug 13 10:59:39 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.735.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi there,

i also replied with this error and that the patch did not work properly on
my system :(

Greetings

Marcel

On Fri, 13 Aug 2004, Dörfler Andreas wrote:

> the sweepviruses.pm.patch ?
> the file from
> http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_
> eicar
> still passes ms and clamd without getting blocked
>
> but looks like it´s a problem from clamav ...
>
> ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
> /5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
> authors!
>
> greetings
> andy
>
> > -----Ursprüngliche Nachricht-----
> > Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
> > Gesendet: Freitag, 13. August 2004 02:07
> > An: MAILSCANNER@JISCMAIL.AC.UK
> > Betreff: Antivir fixed?
> >
> >
> > Did my Antivir support patch fix the problem for all the
> > Antivir users?
> > Remember you need to completely stop and restart MailScanner
> > after applying
> > the patch.
> >
> > I heard 1 positive response but that was about it.
> > I need more responses than that...
> >
> > Thanks folks.
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 11:22:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.736.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The message says it is encoded as 7-bit, when it clearly isn't (it's 8 bit).
The attachment says it is Base64 encoded, when it isn't (all the line 
lengths are totally wrong).

At 11:04 13/08/2004, you wrote:
>Hi!
>
>This is the url, i just tarred and gzipped the files as they appear in the 
>quarantine dir.
>
>http://www.ecem.it/virus.tar.gz
>
>Thanks!!
>Remco
>
>
>On Wed, 11 Aug 2004, Julian Field wrote:
>
>>At 16:16 11/08/2004, you wrote:
>>>Am I the only one seeing these 'empty' attachments in the quarantine dir 
>>>but a considerable payload in the df file?
>>
>>Can you put one qf/df pair on a web site I can get at please, and mail me 
>>the URL off-list?
>>
>>
>>>Cheers!
>>>Remco
>>>
>>>On Mon, 9 Aug 2004, Remco Barendse wrote:
>>>
>>>>I don't know really :)
>>>>I think it is MailScanner that converted the filename that came with the
>>>>email (user@domain.com.zip) to a 'normal' filename like userdomain.com.zip
>>>>What worries me more is that the e-mail does seem to have some sort of 
>>>>payload for the attachment but mailscanner apparently is unable to 
>>>>decode/scan it properly. This means that if my filename rules would not 
>>>>have stopped the mail, MailScanner would have considered the e-mail as 
>>>>harmless (empty zip file and zips are allowed) and would have delivered 
>>>>the message.
>>>>Not sure what is causing this behaviour, maybe the mime decoder is not 
>>>>able to decode the attachment properly which passes the 0 size 
>>>>attachment to MailScanner.
>>>>I still have the df/qf pair if anyone is interested :)
>>>>
>>>>On Mon, 9 Aug 2004, Alex Neuman wrote:
>>>>
>>>>>This message in particular "tripped" Norton Antivirus 2004 for Windows.
>>>>>Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the 
>>>>>antivirus pop
>>>>>up and say it found something since I installed MS so many months ago.
>>>>>I usually have to get rid of the "catch all double extensions" rule 
>>>>>because
>>>>>of clients who insist on being able to name their files whatever they 
>>>>>want;
>>>>>I guess this means I'll have to use rules to disallow "dot + three
>>>>>characters + dot zip"...
>>>>>-----Original Message-----
>>>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
>>>>>Behalf
>>>>>Of Remco Barendse
>>>>>Sent: Monday, August 09, 2004 4:42 AM
>>>>>To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>Subject: 'Empty' zip files?
>>>>>Guess this is slightly off-topic but we are getting viruses with a zipfile
>>>>>(in the form of usernamemydomainname.com.zip)
>>>>>MailScanner traps these zip files because of filename rules. The strange
>>>>>thing is however that MS is just reporting a filename problem and no
>>>>>virus name. The zip file in /var/spool/MailScanner/quarantine has a file
>>>>>size of 0 (that would explain why no virus was reported) but I think the
>>>>>zip file may not be 0 size on every client.
>>>>>When I look into the df/qf pair there is a considerable amount of
>>>>>data in it that would be for the attachment.
>>>>>Could there be something wrong with the mime decoder and would M$ Outlook
>>>>>be able to decode it properly (which would potentially mean that we would
>>>>>be vulnerable to the virus?
>>>>>I will paste the top part of the df file here:
>>>>>This is a multi-part message in MIME format.
>>>>>------=_NextPart_000_0005_653AB3AB.01F72A06
>>>>>Content-Type: text/plain;
>>>>>        charset=us-ascii
>>>>>Content-Transfer-Encoding: base64
>>>>>RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
>>>>>c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
>>>>>cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
>>>>>bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
>>>>>IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
>>>>>a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
>>>>>cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
>>>>>NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
>>>>>cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
>>>>>Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
>>>>>b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
>>>>>eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
>>>>>bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
>>>>>amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==
>>>>>-------------------------- MailScanner list ----------------------
>>>>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>>>Before posting, please see the Most Asked Questions at
>>>>>http: //www.mailscanner.biz/maq/     and the archives at
>>>>>http: //www.jiscmail.ac.uk/lists/mailscanner.html
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>Before posting, please see the Most Asked Questions at
>>>http: //www.mailscanner.biz/maq/     and the archives at
>>>http: //www.jiscmail.ac.uk/lists/mailscanner.html
>>
>></x-flowed>

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Fri Aug 13 11:27:11 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.737.1137101194.24926.mailscanner@lists.mailscanner.info>

> but looks like it´s a problem from clamav ...
>
> ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
> /5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
> authors!

The inbuilt RAR handling in clamav doesn't always work.  Install unrar and make sure the clamav-wrapper script has the line containing --unrar uncommented.  




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel at IRC-ADDICTS.DE  Fri Aug 13 11:34:56 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.738.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi there,

i did as stated below..and still it does not work..

these are the lines within my log:

Aug 13 12:33:05 marcel MailScanner[15790]:
/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar: RAR
module failure
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line
"/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar: RAR
module failure". Please contact the authors!
Aug 13 12:33:05 marcel MailScanner[15790]:
/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar: RAR module failure
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line "/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar:
RAR module failure". Please contact the authors!
Aug 13 12:33:05 marcel MailScanner[15790]: UNRAR 3.00 freeware
Copyright (c) 1993-2002 Eugene Roshal
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
Roshal". Please contact the authors!
Aug 13 12:33:05 marcel MailScanner[15790]: Extracting from
/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line "Extracting from
/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar". Please contact the
authors!
Aug 13 12:33:05 marcel MailScanner[15790]: Extracting  eicar.com
^H^H^H^H 65%^H^H^H^H^H  OK
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line "Extracting  eicar.com
^H^H^H^H 65%^H^H^H^H^H  OK ". Please contact the authors!
Aug 13 12:33:05 marcel MailScanner[15790]:
/tmp/clamav.15864/clamav-3f13d71ec457535f/eicar.com: Eicar-Test-Signature
FOUND
Aug 13 12:33:05 marcel MailScanner[15790]:
/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar: Infected Archive
FOUND
Aug 13 12:33:05 marcel MailScanner[15790]: (Real infected archive:
/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar)
Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
unrecognised line "(Real infected archive:
/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar)". Please
contact the authors!
Aug 13 12:33:05 marcel MailScanner[15790]: Virus Scanning: ClamAV found 2
infections
Aug 13 12:33:06 marcel MailScanner[15790]: Uninfected: Delivered 1
messages
Aug 13 12:33:10 marcel sendmail[15885]: i7DAX1jY015851:
to=<marcel@irc-addicts.de>, delay=00:00:09, xdelay=00:00:04, mailer=local,
pri=120515, dsn=2.0.0, stat=Sent




On Fri, 13 Aug 2004, Spicer, Kevin wrote:

> > but looks like it´s a problem from clamav ...
> >
> > ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
> > /5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
> > authors!
>
> The inbuilt RAR handling in clamav doesn't always work.  Install unrar and make sure the clamav-wrapper script has the line containing --unrar uncommented.
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pmb1 at YORK.AC.UK  Fri Aug 13 11:40:06 2004
From: pmb1 at YORK.AC.UK (Mike Brudenell)
Date: Thu Jan 12 21:26:34 2006
Subject: "can't find EOCD signature" error message
Message-ID: <mailman.739.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greetings -

I'm doing some Serious Playing on my development mail gateway and have:

    MailScanner     4.32.5
    ClamAV          0.75.1
    Mail::ClamAV    0.11

(The latter two are the new things I'm playing with.)

I've just had MailScanner running in debug mode and sent it 8
virus-infected messages I keep around for this purpose.  (Let me emphasise
that this is a DEVELOPMENT server, used for TESTING!)

The scannerlog shows MailScanner detecting the viruses with both the
clamavmodule and Sophos.  However entries for the batch of messages ends
with this in the scannerlog:

    INFO:: Meaningless output that goes nowhere, to keep SAVI happy
    format error: can't find EOCD signature
     at /opt/york/MailScanner-4.32.5/bin/MailScanner line 479
    Stopping now as you are debugging me.
    [OK]

I've tried Googling for "can't find EOCD signature" and found a small
number of matches, pointing the finger of suspicion at Archive::Zip

The comments seem to suggest there used to be a problem in this area, but
was fixed around version 0.11 of Archive::Zip.  (I have 0.12 installed)

Does anyone know anything about this?
And should I be concerned about getting such a log entry?
    (I'm suspecting not, as other comments suggest it can be given when an
    invalid Zip archive is processed ... and I guess this is possible if it
    was produced by a virus?)

Cheers,

Mike B-)

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pmb1 at YORK.AC.UK  Fri Aug 13 11:43:00 2004
From: pmb1 at YORK.AC.UK (Mike Brudenell)
Date: Thu Jan 12 21:26:34 2006
Subject: "can't find EOCD signature" error message
Message-ID: <mailman.740.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
AAARRGGHH!!!

--On Friday, August 13, 2004 11:40 am +0100 Mike Brudenell
<pmb1@york.ac.uk> wrote:

> The comments seem to suggest there used to be a problem in this area, but
> was fixed around version 0.11 of Archive::Zip.  (I have 0.12 installed)

Correction:
----------
    The comment I saw does indeed suggest a problem fixed around 0.11

    HOWEVER the version we have installed is actually 1.12 (not 0.12!)

Cheers,

Mike B-)

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 11:56:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.741.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You are getting confused. The Antivir issue is related to the virus scanner 
called "Antivir". You are talking about "ClamAV" and not "Antivir".

If you applied the "Antivir" patch, then I am hardly surprised it didn't 
help your "ClamAV" problem :-)

At 11:34 13/08/2004, you wrote:
>Hi there,
>
>i did as stated below..and still it does not work..
>
>these are the lines within my log:
>
>Aug 13 12:33:05 marcel MailScanner[15790]:
>/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar: RAR
>module failure
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line
>"/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar: RAR
>module failure". Please contact the authors!
>Aug 13 12:33:05 marcel MailScanner[15790]:
>/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar: RAR module failure
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line "/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar:
>RAR module failure". Please contact the authors!
>Aug 13 12:33:05 marcel MailScanner[15790]: UNRAR 3.00 freeware
>Copyright (c) 1993-2002 Eugene Roshal
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
>Roshal". Please contact the authors!
>Aug 13 12:33:05 marcel MailScanner[15790]: Extracting from
>/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line "Extracting from
>/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar". Please contact the
>authors!
>Aug 13 12:33:05 marcel MailScanner[15790]: Extracting  eicar.com
>^H^H^H^H 65%^H^H^H^H^H  OK
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line "Extracting  eicar.com
>^H^H^H^H 65%^H^H^H^H^H  OK ". Please contact the authors!
>Aug 13 12:33:05 marcel MailScanner[15790]:
>/tmp/clamav.15864/clamav-3f13d71ec457535f/eicar.com: Eicar-Test-Signature
>FOUND
>Aug 13 12:33:05 marcel MailScanner[15790]:
>/tmp/clamav.15864/clamav-5629223b5dd8e81c/eicar.rar: Infected Archive
>FOUND
>Aug 13 12:33:05 marcel MailScanner[15790]: (Real infected archive:
>/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar)
>Aug 13 12:33:05 marcel MailScanner[15790]: ProcessClamAVOutput:
>unrecognised line "(Real infected archive:
>/var/spool/MailScanner/incoming/15790/./i7DAX1jY015851/eicar.rar)". Please
>contact the authors!
>Aug 13 12:33:05 marcel MailScanner[15790]: Virus Scanning: ClamAV found 2
>infections
>Aug 13 12:33:06 marcel MailScanner[15790]: Uninfected: Delivered 1
>messages
>Aug 13 12:33:10 marcel sendmail[15885]: i7DAX1jY015851:
>to=<marcel@irc-addicts.de>, delay=00:00:09, xdelay=00:00:04, mailer=local,
>pri=120515, dsn=2.0.0, stat=Sent
>
>
>
>
>On Fri, 13 Aug 2004, Spicer, Kevin wrote:
>
> > > but looks like it´s a problem from clamav ...
> > >
> > > ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
> > > /5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
> > > authors!
> >
> > The inbuilt RAR handling in clamav doesn't always work.  Install unrar 
> and make sure the clamav-wrapper script has the line containing --unrar 
> uncommented.
> >
> >
> >
> >
> > BMRB International
> > http://www.bmrb.co.uk
> > +44 (0)20 8566 5000
> > _________________________________________________________________
> > This message (and any attachment) is intended only for the
> > recipient and may contain confidential and/or privileged
> > material.  If you have received this in error, please contact the
> > sender and delete this message immediately.  Disclosure, copying
> > or other action taken in respect of this email or in
> > reliance on it is prohibited.  BMRB International Limited
> > accepts no liability in relation to any personal emails, or
> > content of any email which does not directly relate to our
> > business.
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 12:16:18 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: "can't find EOCD signature" error message
Message-ID: <mailman.742.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It is a sign of a corrupted zip file, and shouldn't cause any harm.
MailScanner should just ignore it and carry on.

At 11:43 13/08/2004, you wrote:
>AAARRGGHH!!!
>
>--On Friday, August 13, 2004 11:40 am +0100 Mike Brudenell
><pmb1@york.ac.uk> wrote:
>
>>The comments seem to suggest there used to be a problem in this area, but
>>was fixed around version 0.11 of Archive::Zip.  (I have 0.12 installed)
>
>Correction:
>----------
>    The comment I saw does indeed suggest a problem fixed around 0.11
>
>    HOWEVER the version we have installed is actually 1.12 (not 0.12!)
>
>Cheers,
>
>Mike B-)
>
>--
>The Computing Service, University of York, Heslington, York Yo10 5DD, UK
>Tel:+44-1904-433811  FAX:+44-1904-433740
>
>* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pete at EATATHOME.COM.AU  Fri Aug 13 12:46:07 2004
From: pete at EATATHOME.COM.AU (Pete)
Date: Thu Jan 12 21:26:34 2006
Subject: AW: Antivir fixed?
Message-ID: <mailman.743.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Why do some people posts always break the thread and some even add some
prefix like AW:

Make it pretty hard to follow the thread....

If you can stop you client from doijng this it would be appreciated,
otherwise not that big a deal either :)

Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jimkrebs at GMAIL.COM  Fri Aug 13 13:24:32 2004
From: jimkrebs at GMAIL.COM (Jean Krebs)
Date: Thu Jan 12 21:26:34 2006
Subject: clamdscan + MailScanner
Message-ID: <mailman.744.1137101194.24926.mailscanner@lists.mailscanner.info>

I could, but it was already working this way, I just wanted to fix
it!. Anyway, where can I find documentation about using the perl
module?

On Fri, 13 Aug 2004 08:32:10 +0100, Kevin Spicer <kevins@bmrb.co.uk> wrote:
> On Thu, 2004-08-12 at 21:45, Jean Krebs wrote:
> > I have modified the clamav-wrapper file to use clamdscan instead of
> > clamscan by modifying the following line:
> >
> > ClamScan=$1/bin/clamscan
> >
> > for
> >
> > ClamScan=$1/bin/clamdscan
>
> Why don't you just use the ClamAV perl module if you are concerned about
> performance?
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
Jean Krebs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vosburgh at DALSEMI.COM  Fri Aug 13 13:55:06 2004
From: vosburgh at DALSEMI.COM (David Vosburgh)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.745.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, please.  We use fast/cheap Linux system for incoming mail, but
still use our old/slow Sparc systems for outgoing mail.  The Linux MS
install has spoiled me forever...

Dave

Julian Field wrote:

> Would you like me to add things to the Solaris distribution?
> Things I have recently written in the way of installation scripts include
> Mail::ClamAV and all its dependencies, including clam itself, along with
> Mail::SpamAssassin including all its dependencies.
>
> These are all currently designed for the tar distribution for Solaris
> systems, I can also give you a set of the most useful freeware packages
> (for i386 & sparc) along with a script to install them. Are there Solaris
> users out there who would like this?
>
> This is all coming out of a one-command Solaris 9 distribution I am
> putting
> together for a potential user.
>
> I'm not sure it will appear for RPM systems, I haven't really got time.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--

Dave Vosburgh
Sr. Unix System Administrator
Dallas Semiconductor
vosburgh@dalsemi.com  972-371-4418

"By order of the prophet, we ban that boogie sound."

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Fri Aug 13 14:01:39 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:34 2006
Subject: SV: Web based Administration
Message-ID: <mailman.746.1137101194.24926.mailscanner@lists.mailscanner.info>

give webmin a try, got addons for mailscanner

________________________________

Från: James Hsieh [mailto:james@080.NET] 
Skickat: den 13 augusti 2004 07:26
Till: MAILSCANNER@JISCMAIL.AC.UK
Ã^Ämne: Web based Administration


Hi!
Is there any open source Web based Administration for MailScanner
configuration ? (for Admin and users)
After a few weeks of using MailScanner + ClamAV + SA , I feel it is quite
powerful and useful solutions (except the loading, it really eat some
resource of my server) , and I prepare to use this solution for my hosting
clients, but we have to give them a web-based confirguation interface, I
wondering if there is already someone have done this.
 
Regards,
 
 
James




---------------------------------------------------------- 
æ^ܬé^õ件已ç¶^Óé^Á^Î080.net 群ç^Û^ßç§^Ñæ^Ê^Àç^×^Åæ¯^Òæ^Î^Ãç^Þ^Ä 
Viruses Scanned by 080.net ------------------------ MailScanner list
------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with
the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pmb1 at YORK.AC.UK  Fri Aug 13 14:22:15 2004
From: pmb1 at YORK.AC.UK (Mike Brudenell)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.747.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greetings -

--On Friday, August 13, 2004 7:55 am -0500 David Vosburgh
<vosburgh@DALSEMI.COM> wrote:

> Yes, please.  We use fast/cheap Linux system for incoming mail, but
> still use our old/slow Sparc systems for outgoing mail.  The Linux MS
> install has spoiled me forever...

Please could I put in a plea for the OPPOSITE of what everyone else seems
to be wanting?

Personally I really loathe packages which take it upon themselves to
provide and install every single library/module they are themselves
dependent on.  I'm sorry, but I take care to keep our Perl modules etc up
to date using CPAN and hate the idea of a MailScanner installation
tampering with it in any shape or form.  (I also take care to read notes
about dependencies, and check we have them installed and up to date.)

Consequently I've had to track down and work out where the MailScanner kit
now lives within the distribution in order to continue to build it by hand.

However the size of that kit has now bloated with all these other
unnecessary (to me!) copies of Perl modules that are easily available using
CPAN  ...  the only exception is the patched copy of MIME::Tools, which it
*is* very useful to have to hand (at least until the day a suitable copy
makes its way onto CPAN).

Perhaps there might be mileage in separating the distribution into a
"MailScanner" kit and a "support" kit, with the latter to be
downloaded/unpacked into MailScanner's directory by those who want it?
Either that or provide two tarballs: one with just MailScanner, and the
other with the whole kaboodle?

Sorry to be a misery, etc...

Cheers,

Mike B-}

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Fri Aug 13 15:13:59 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:34 2006
Subject: Stopping sendmail from allowing external hosts to use local
    email addresses
Message-ID: <mailman.748.1137101194.24926.mailscanner@lists.mailscanner.info>

SPF - spf.pobox.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Gary Alexander
Sent: Friday, August 13, 2004 2:12 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: OT: Stopping sendmail from allowing external hosts to use local
email addresses

Hi All

As per my subject, can anyone point me to some documentation on how to
achieve this in sendmail ie: If a most likely virus infected host tries
to send a mail using someuser@mydomain.co.za to
someotheruser@mydomain.co.za and that host is not one of a set of
predefined hosts, is there a way to reject it?

This would really help to cut down the load of viruses I've seen lately
that are doing this, and I have no valid users that would require to do
this.

Thanks for any help in this regard.

Gary Alexander
Technical Manager
Sahara Systems, South Africa
Tel: +27 (0)11 5421000
Fax: +27 (0)11 5421100





-  PLEASE NOTE -

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of Sahara Computers (Pty) Ltd. Finally, while Sahara
Computers attempts to ensure that all email is virus-free, Sahara
Computers accepts no liability for any damage caused by any virus
transmitted by this email.

Sahara Computers (PTY) Ltd
89 Gazelle Avenue, Corporate Park, Midrand, South Africa
Private Bag X180, Halfway House, 1685, South Africa

-----
Scanned and protected by MailScanner @ mail.sahara.co.za

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Fri Aug 13 16:21:44 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:34 2006
Subject: clamav 0.75 Oversized Zip
Message-ID: <mailman.749.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

MailScanner-4.31.6
Sendmail 8.13.0
Solaris 2.9

I've been using Sophos, but have also just installed ClamAV 0.75 and am
having the Oversized Zip problem.  There are a few past threads in the
list concerning this in older version of ClamAV.   With 0.75, there is
an option in clamav.conf, which is supposed to take care of the problem:

    # Mark potential archive bombs as viruses (0 disables the limit)
    ArchiveMaxCompressionRatio 200

When I set this to "0" the files is still found to have Oversized Zip.

Before I write to the Clam list, I'll ask here...does MailScanner use
clamav.conf?  I think not, since moving clamav.conf out of the way
doesn't break anything else.

I've also uncommented the following line in lib/clamav-wrapper, with no
effect:

# Uncomment next line if you need to disable Clam's DoS protection
ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0
$ExtraScanOptions"

Here is the output of a test

$ /opt/MailScanner/lib/clamav-wrapper /usr/local "13-aug-2004 08-25.pra"

/var/spool/MailScanner/quarantine/20040813/i7D6d02E026595/13-aug-2004
08-25.pra: Oversized.Zip FOUND

----------- SCAN SUMMARY -----------
Known viruses: 23388
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 4.645 sec (0 m 4 s)


Can anybody clue me into how I can stop the ClamAV checks that find
"Oversized.Zip FOUND"

Thanks,

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dwinkler at ALGORITHMICS.COM  Fri Aug 13 16:27:09 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:34 2006
Subject: clamav 0.75 Oversized Zip
Message-ID: <mailman.750.1137101194.24926.mailscanner@lists.mailscanner.info>

> Before I write to the Clam list, I'll ask here...does MailScanner use
> clamav.conf?  I think not, since moving clamav.conf out of the way
> doesn't break anything else.

clamscan does not use clamav.conf

>
> I've also uncommented the following line in
> lib/clamav-wrapper, with no
> effect:
>
> # Uncomment next line if you need to disable Clam's DoS protection
> ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0
> $ExtraScanOptions"

Need to add --max-ratio here, sorry not sure if zero disables it.

>

This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Fri Aug 13 16:53:13 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:34 2006
Subject: clamav 0.75 Oversized Zip
Message-ID: <mailman.751.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The Genius Derek Winkler wrote:

>>I've also uncommented the following line in
>>lib/clamav-wrapper, with no effect:
>>
>># Uncomment next line if you need to disable Clam's DoS protection
>>ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0
>>$ExtraScanOptions"
>>
>>
>
>Need to add --max-ratio here, sorry not sure if zero disables it.
>

YOU DA MAN!  Zero does disable it.

Thanks, Derek!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Aug 13 17:22:27 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:34 2006
Subject: Web based Administration
Message-ID: <mailman.752.1137101194.24926.mailscanner@lists.mailscanner.info>

James Hsieh wrote:
> Hi!
>
> Is there any open source Web based Administration for MailScanner
> configuration ? (for Admin and users)
>
> After a few weeks of using MailScanner + ClamAV + SA , I feel it is
> quite powerful and useful solutions (except the loading, it really
> eat some resource of my server) , and I prepare to use this solution
> for my hosting clients, but we have to give them a web-based
> confirguation interface, I wondering if there is already someone have
> done this.
>
It depends on what you want to give them access to.
The webmin module is only suitable for you the admin.
There are other things out there, such as mailwatch, but if you want to
provide per user/domain control you would have to go with a commercial
solution.
To the best of my knowledge only two companies have developed anything with
that level of control.

Michele


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 17:56:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.753.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
There appears to be some confusion over the 2 patches I recently issued, 
one for support of the new version of Antivir and one for better RAR 
support for a very recent RAR format with ClamAV.

Attached to this message is a patch file for SweepViruses.pm which applies 
both patches.
When you apply the patch, it may say the one of the patches is already 
applied, in which case skip that one and just apply the other one.

cd /usr/lib/MailScanner/MailScanner
patch < SweepViruses.pm.clam-antivir.patch

Then completely stop and restart MailScanner.

Please let me know if
1) This patch makes Clam spot the new RAR format properly
and/or
2) Support for the new Antivir now works properly.


At 10:59 13/08/2004, you wrote:
>On Fri, 13 Aug 2004, Dörfler Andreas wrote:
> > the sweepviruses.pm.patch ?
> > the file from
> > 
> http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=rar_mit_
> > eicar
> > still passes ms and clamd without getting blocked
> >
> > but looks like it´s a problem from clamav ...
> >
> > ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming
> > /5297/./i7D8XaSe006363/eicar.rar: RAR module failure". Please contact the
> > authors!

You will still get some of this output, but it should detect the virus in 
the RAR file. You will need to have told the clamav-wrapper script to use 
the external unrar command.

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Jan-Peter.Koopmann at SECEIDOS.DE  Fri Aug 13 18:02:01 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.754.1137101194.24926.mailscanner@lists.mailscanner.info>

> Attached to this message is a patch file for SweepViruses.pm which

Am I blind or did you forget to attach it? :-)

Regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 18:28:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.755.1137101194.24926.mailscanner@lists.mailscanner.info>

At 18:02 13/08/2004, you wrote:
> > Attached to this message is a patch file for SweepViruses.pm which
>
>Am I blind or did you forget to attach it? :-)

It's been a long day...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: ]
    [ "SweepViruses.pm.clam-antivir.patch")  2KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From marcel at IRC-ADDICTS.DE  Fri Aug 13 19:00:28 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.756.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi there,

ok..i patched the original SweepViruses.pm with the applied patch.

First the good news:

The RAR-File with the Eicar-Test-File within was blocked.

Now the depressing part..

but i do got some error-messages..and it said, within the mail would be 3
infected files..even if there is only one ..

secondary..how can i get rid of those entries within my logfile..

i just would like to see

Incoming Mail
Checking Mail
Infected..

as it worked within the past.

within my config of MailScanner it says NO to every Log-Entry possible..

and now..

my Logfile-Excerpt...if you would like to see it:

Aug 13 19:56:02 marcel MailScanner[23384]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 13 19:56:05 marcel MailScanner[23384]: Using locktype = flock
Aug 13 19:56:12 marcel MailScanner[23395]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 13 19:56:15 marcel MailScanner[23395]: Using locktype = flock
Aug 13 19:56:18 marcel sendmail-in[23400]: i7DHuHV9023400:
from=<emailcheck-robot@ct.heise.de>, size=1927, class=0, nrcpts=1,
msgid=<E1BvgHk-00040o-00.octo20@www.heise.de>, proto=ESMTP, daemon=MTA,
relay=www.heise.de [193.99.144.71]
Aug 13 19:56:20 marcel MailScanner[23384]: New Batch: Scanning 1 messages,
2405 bytes
Aug 13 19:56:23 marcel MailScanner[23384]: Virus and Content Scanning:
Starting
Aug 13 19:56:24 marcel MailScanner[23384]: UNRAR 3.00 freeware
Copyright (c) 1993-2002 Eugene Roshal
Aug 13 19:56:24 marcel MailScanner[23384]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
Roshal". Please contact the authors!
Aug 13 19:56:24 marcel MailScanner[23384]:
/tmp/clamav.23409/clamav-7d5afde136b48adc/eicar.com: Eicar-Test-Signature
FOUND
Aug 13 19:56:24 marcel MailScanner[23384]:
/tmp/clamav.23409/clamav-545f3ac5700ba6ea/eicar.rar: Infected Archive
FOUND
Aug 13 19:56:24 marcel MailScanner[23384]: (Real infected archive:
/var/spool/MailScanner/incoming/23384/./i7DHuHV9023400/eicar.rar)
Aug 13 19:56:24 marcel MailScanner[23384]: Virus Scanning: ClamAV found 3
infections
Aug 13 19:56:25 marcel MailScanner[23384]: Infected message i7DHuHV9023400
came from 193.99.144.71
Aug 13 19:56:25 marcel MailScanner[23384]: Saved infected "eicar.rar" to
/var/spool/MailScanner/quarantine/20040813/i7DHuHV9023400
Aug 13 19:56:25 marcel MailScanner[23384]: Silent: Delivered 1 messages
containing silent viruses
Aug 13 19:56:26 marcel sendmail[23430]: i7DHuPIR023430: from=postmaster,
size=1164, class=0, nrcpts=1,
msgid=<200408131756.i7DHuPIR023430@marcel.netfinish.de>,
relay=root@localhost
Aug 13 19:56:26 marcel sendmail-in[23435]: i7DHuQV9023435:
from=<postmaster@marcel.netfinish.de>, size=1435, class=0, nrcpts=1,
msgid=<200408131756.i7DHuPIR023430@marcel.netfinish.de>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Aug 13 19:56:27 marcel sendmail[23430]: i7DHuPIR023430: to=postmaster,
delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=30073,
relay=localhost.netfinish.de. [127.0.0.1], dsn=2.0.0, stat=Sent
(i7DHuQV9023435 Message accepted for delivery)
Aug 13 19:56:27 marcel MailScanner[23384]: Notices: Warned about 1
messages
Aug 13 19:56:27 marcel MailScanner[23384]: New Batch: Scanning 1 messages,
1908 bytes
Aug 13 19:56:29 marcel sendmail[23431]: i7DHuHV9023400:
to=<marcel@irc-addicts.de>, delay=00:00:11, xdelay=00:00:04, mailer=local,
pri=120515, dsn=2.0.0, stat=Sent
Aug 13 19:56:30 marcel MailScanner[23384]: Virus and Content Scanning:
Starting
Aug 13 19:56:32 marcel MailScanner[23384]: Uninfected: Delivered 1
messages
Aug 13 19:56:35 marcel sendmail[23462]: i7DHuQV9023435: to=root,
delay=00:00:09, xdelay=00:00:03, mailer=local, pri=120344, dsn=2.0.0,
stat=Sent


On Fri, 13 Aug 2004, Julian Field wrote:

> At 18:02 13/08/2004, you wrote:
> > > Attached to this message is a patch file for SweepViruses.pm which
> >
> >Am I blind or did you forget to attach it? :-)
>
> It's been a long day...
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel at IRC-ADDICTS.DE  Fri Aug 13 19:08:49 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.757.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi there,

another strange thing happening with these rar-files..

as i do send the exact same file within a zip-file i do get this mail to
the postmaster:

Subject: Bad Filename Detected : Virus Detected
Content:

The following e-mails were found to have:Bad Filename Detected : Virus
Detected

    Sender: emailcheck-robot@ct.heise.de
IP Address: 193.99.144.71
 Recipient: marcel@irc-addicts.de
   Subject: c't-Emailcheck: EICAR-ZIP (uiycctx)
 MessageID: i7DI3lV9023794
    Report: ClamAV: eicar.com contains Eicar-Test-Signature
            AntiVir: ALERT: [Eicar-Test-Signatur virus]
./i7DI3lV9023794/eicar.com
<<< Contains code of the Eicar-Test-Signatur virus
            F-Prot:
/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.com
Infection: EICAR_Test_File
            MailScanner: Executable DOS/Windows programs are dangerous in
email (eicar.com)
    Report: ClamAV: eicar.zip contains Eicar-Test-Signature
            AntiVir: ALERT: [Eicar-Test-Signatur virus]
./i7DI3lV9023794/eicar.zip
--> eicar.com <<< Contains code of the Eicar-Test-Signatur virus
            F-Prot:
/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.zip->eicar.com
Infection: EICAR_Test_File
            ClamAV: eicar.com contains Eicar-Test-Signature
            AntiVir: ALERT: [Eicar-Test-Signatur virus]
./i7DI3lV9023794/eicar.com
<<< Contains code of the Eicar-Test-Signatur virus
            F-Prot:
/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.com
Infection: EICAR_Test_File
            MailScanner: Executable DOS/Windows programs are dangerous in
email (eicar.com)


If i do send the same file within a rar-file, i do get this one:

Subject: Virus Detected

content:

The following e-mails were found to have:Virus Detected

    Sender: emailcheck-robot@ct.heise.de
IP Address: 193.99.144.71
 Recipient: marcel@irc-addicts.de
   Subject: c't-Emailcheck: EICAR-RAR (qomobjz)
 MessageID: i7DHuHV9023400
    Report: ClamAV: eicar.rar contains a virus


Ok..the virus did not get through..but within the logfile there is the
entry what kind of virus it is..and it would be great for the user and the
postmaster to see, what kind of virus tries to sneak in..

in the past this worked fine..at least at my place :(

or maybe i am a bit..over the edge?

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 13 19:35:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.758.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It is often very difficult (as it is in this case) to attempt to extract
the virus name, sorry.

It 19:08 13/08/2004, you wrote:
>Hi there,
>
>another strange thing happening with these rar-files..
>
>as i do send the exact same file within a zip-file i do get this mail to
>the postmaster:
>
>Subject: Bad Filename Detected : Virus Detected
>Content:
>
>The following e-mails were found to have:Bad Filename Detected : Virus
>Detected
>
>     Sender: emailcheck-robot@ct.heise.de
>IP Address: 193.99.144.71
>  Recipient: marcel@irc-addicts.de
>    Subject: c't-Emailcheck: EICAR-ZIP (uiycctx)
>  MessageID: i7DI3lV9023794
>     Report: ClamAV: eicar.com contains Eicar-Test-Signature
>             AntiVir: ALERT: [Eicar-Test-Signatur virus]
>./i7DI3lV9023794/eicar.com
><<< Contains code of the Eicar-Test-Signatur virus
>             F-Prot:
>/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.com
>Infection: EICAR_Test_File
>             MailScanner: Executable DOS/Windows programs are dangerous in
>email (eicar.com)
>     Report: ClamAV: eicar.zip contains Eicar-Test-Signature
>             AntiVir: ALERT: [Eicar-Test-Signatur virus]
>./i7DI3lV9023794/eicar.zip
>--> eicar.com <<< Contains code of the Eicar-Test-Signatur virus
>             F-Prot:
>/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.zip->eicar.com
>Infection: EICAR_Test_File
>             ClamAV: eicar.com contains Eicar-Test-Signature
>             AntiVir: ALERT: [Eicar-Test-Signatur virus]
>./i7DI3lV9023794/eicar.com
><<< Contains code of the Eicar-Test-Signatur virus
>             F-Prot:
>/var/spool/MailScanner/incoming/23395/i7DI3lV9023794/eicar.com
>Infection: EICAR_Test_File
>             MailScanner: Executable DOS/Windows programs are dangerous in
>email (eicar.com)
>
>
>If i do send the same file within a rar-file, i do get this one:
>
>Subject: Virus Detected
>
>content:
>
>The following e-mails were found to have:Virus Detected
>
>     Sender: emailcheck-robot@ct.heise.de
>IP Address: 193.99.144.71
>  Recipient: marcel@irc-addicts.de
>    Subject: c't-Emailcheck: EICAR-RAR (qomobjz)
>  MessageID: i7DHuHV9023400
>     Report: ClamAV: eicar.rar contains a virus
>
>
>Ok..the virus did not get through..but within the logfile there is the
>entry what kind of virus it is..and it would be great for the user and the
>postmaster to see, what kind of virus tries to sneak in..
>
>in the past this worked fine..at least at my place :(
>
>or maybe i am a bit..over the edge?
>
>Greetings
>
>Marcel
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Sat Aug 14 07:08:11 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:34 2006
Subject: 'Empty' zip files?
Message-ID: <mailman.759.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
But does this mean that some ignorant mail clients (like OutLooK) would 
not be able to decode the attachment either?

Or should some sort of check be implemented for such undecodable 
attachments that the mail is not let through if such errors occur?

These mails are spreading so i guess some clients must be able to decode 
and open them

On Fri, 13 Aug 2004, Julian Field wrote:

> The message says it is encoded as 7-bit, when it clearly isn't (it's 8 bit).
> The attachment says it is Base64 encoded, when it isn't (all the line lengths 
> are totally wrong).
>
> At 11:04 13/08/2004, you wrote:
>> Hi!
>> 
>> This is the url, i just tarred and gzipped the files as they appear in the 
>> quarantine dir.
>> 
>> http://www.ecem.it/virus.tar.gz
>> 
>> Thanks!!
>> Remco
>> 
>> 
>> On Wed, 11 Aug 2004, Julian Field wrote:
>> 
>>> At 16:16 11/08/2004, you wrote:
>>>> Am I the only one seeing these 'empty' attachments in the quarantine dir 
>>>> but a considerable payload in the df file?
>>> 
>>> Can you put one qf/df pair on a web site I can get at please, and mail me 
>>> the URL off-list?
>>> 
>>> 
>>>> Cheers!
>>>> Remco
>>>> 
>>>> On Mon, 9 Aug 2004, Remco Barendse wrote:
>>>> 
>>>>> I don't know really :)
>>>>> I think it is MailScanner that converted the filename that came with the
>>>>> email (user@domain.com.zip) to a 'normal' filename like 
>>>>> userdomain.com.zip
>>>>> What worries me more is that the e-mail does seem to have some sort of 
>>>>> payload for the attachment but mailscanner apparently is unable to 
>>>>> decode/scan it properly. This means that if my filename rules would not 
>>>>> have stopped the mail, MailScanner would have considered the e-mail as 
>>>>> harmless (empty zip file and zips are allowed) and would have delivered 
>>>>> the message.
>>>>> Not sure what is causing this behaviour, maybe the mime decoder is not 
>>>>> able to decode the attachment properly which passes the 0 size 
>>>>> attachment to MailScanner.
>>>>> I still have the df/qf pair if anyone is interested :)
>>>>> 
>>>>> On Mon, 9 Aug 2004, Alex Neuman wrote:
>>>>> 
>>>>>> This message in particular "tripped" Norton Antivirus 2004 for Windows.
>>>>>> Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the 
>>>>>> antivirus pop
>>>>>> up and say it found something since I installed MS so many months ago.
>>>>>> I usually have to get rid of the "catch all double extensions" rule 
>>>>>> because
>>>>>> of clients who insist on being able to name their files whatever they 
>>>>>> want;
>>>>>> I guess this means I'll have to use rules to disallow "dot + three
>>>>>> characters + dot zip"...
>>>>>> -----Original Message-----
>>>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
>>>>>> Behalf
>>>>>> Of Remco Barendse
>>>>>> Sent: Monday, August 09, 2004 4:42 AM
>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>> Subject: 'Empty' zip files?
>>>>>> Guess this is slightly off-topic but we are getting viruses with a 
>>>>>> zipfile
>>>>>> (in the form of usernamemydomainname.com.zip)
>>>>>> MailScanner traps these zip files because of filename rules. The 
>>>>>> strange
>>>>>> thing is however that MS is just reporting a filename problem and no
>>>>>> virus name. The zip file in /var/spool/MailScanner/quarantine has a 
>>>>>> file
>>>>>> size of 0 (that would explain why no virus was reported) but I think 
>>>>>> the
>>>>>> zip file may not be 0 size on every client.
>>>>>> When I look into the df/qf pair there is a considerable amount of
>>>>>> data in it that would be for the attachment.
>>>>>> Could there be something wrong with the mime decoder and would M$ 
>>>>>> Outlook
>>>>>> be able to decode it properly (which would potentially mean that we 
>>>>>> would
>>>>>> be vulnerable to the virus?
>>>>>> I will paste the top part of the df file here:
>>>>>> This is a multi-part message in MIME format.
>>>>>> ------=_NextPart_000_0005_653AB3AB.01F72A06
>>>>>> Content-Type: text/plain;
>>>>>>        charset=us-ascii
>>>>>> Content-Transfer-Encoding: base64
>>>>>> RGVhciB1c2VyIG9mIHh4eC5jb20sDQoNCllvdXIgZW1haWwgYWNjb3VudCBoYXMgYmVlbiB1
>>>>>> c2VkIHRvIHNlbmQgYSBodWdlIGFtb3VudCBvZiBzcGFtIG1lc3NhZ2VzDQpkdXJpbmcgdGhp
>>>>>> cyB3ZWVrLg0KV2Ugc3VzcGVjdCB0aGF0IHlvdXIgY29tcHV0ZXIgaGFkIGJlZW4gY29tcHJv
>>>>>> bWlzZWQgYW5kIG5vdyBydW5zIGEgdHJvamFuZWQNCnByb3h5IHNlcnZlci4NCg0KUGxlYXNl
>>>>>> IGZvbGxvdyBpbnN0cnVjdGlvbnMgaW4gdGhlIGF0dGFjaGVkIGZpbGUgaW4gb3JkZXIgdG8g
>>>>>> a2VlcCB5b3VyDQpjb21wdXRlciBzYWZlLg0KDQpCZXN0IHdpc2hlcywNCnh4eC5jb20gc3Vw
>>>>>> cG9ydCB0ZWFtLg0KDQoNCi0tLS0tLT1fTmV4dFBhcnRfMDAwXzAwMDVfNjUzQUIzQUIuMDFG
>>>>>> NzJBMDYNCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4dDsNCgluYW1lPSJOb3J0b24gQW50aVZp
>>>>>> cnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0K
>>>>>> Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsNCiAgICAgICAgIGZpbGVuYW1lPSJO
>>>>>> b3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCg0KVG05eWRHOXVJRUZ1ZEdsV2FYSjFj
>>>>>> eUJ5WlcxdmRtVmtJSFJvWlNCaGRIUmhZMmh0Wlc1ME9pQjFjMlZ5UUhoNGVDNWpiMjB1DQpl
>>>>>> bWx3TGcwS1ZHaGxJRmN6TWk1TmVXUnZiMjB1VFVCdGJTQjBhSEpsWVhRZ2QyRnpJR1JsZEdW
>>>>>> amRHVmtJR2x1SUhSb1pTQmgNCmRIUmhZMmh0Wlc1MExnPT0NCg==
>>>>>> -------------------------- MailScanner list ----------------------
>>>>>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>>>> Before posting, please see the Most Asked Questions at
>>>>>> http: //www.mailscanner.biz/maq/     and the archives at
>>>>>> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>>>> -------------------------- MailScanner list ----------------------
>>>> To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
>>>> Before posting, please see the Most Asked Questions at
>>>> http: //www.mailscanner.biz/maq/     and the archives at
>>>> http: //www.jiscmail.ac.uk/lists/mailscanner.html
>>> 
>>> </x-flowed>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Carl.Boberg at NRM.SE  Sat Aug 14 10:02:04 2004
From: Carl.Boberg at NRM.SE (Carl Boberg)
Date: Thu Jan 12 21:26:34 2006
Subject: Notice error?
Message-ID: <mailman.760.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText84542 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Hi,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>In the notice emails from MS Im getting </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>subject: noticefilenameinfected : noticevirusinfected</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>And in the top of the MailScanner report mail:</FONT></DIV>
<DIV dir=ltr>noticeprefix:noticefilenameinfected : noticevirusinfected</DIV></DIV>
<DIV id=idSignature75507 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2>
<DIV><FONT size=2></FONT>&nbsp;</DIV>
<DIV>I have checked the lang settings and the languages.conf file and the MS conf file. Everything looks ok...</DIV>
<DIV>&nbsp;</DIV>
<DIV>Fedroa Core2 </DIV>
<DIV>MailScanner latest stable </DIV>
<DIV>&nbsp;</DIV>
<DIV>It appeared just after I uppgraded to the latest stable version of MS.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Any ideas?</DIV>
<DIV>&nbsp;</DIV>
<DIV>/ cheers</DIV>
<DIV><FONT size=2>--------------------------------</FONT> <BR><FONT size=2>Carl Boberg</FONT> <BR><FONT size=2>System &amp; Network Administrator</FONT> <BR><FONT size=2>Swedish Museum of Naturalhistory</FONT> <BR><FONT size=2>Frescativägen 40</FONT> <BR><FONT size=2>104 05 Stockholm</FONT> <BR><FONT size=2>Sweden</FONT> <BR><FONT size=2>Tel nr: 08-5195 5116</FONT> <BR><FONT size=2>Mobile: 0701-82 4055 </FONT><BR><FONT size=2>E-mail: carl.boberg@nrm.se</FONT> <BR><FONT size=2>--------------------------------</FONT> </DIV></FONT></DIV></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From dbird at SGHMS.AC.UK  Sat Aug 14 10:56:28 2004
From: dbird at SGHMS.AC.UK (Daniel Bird)
Date: Thu Jan 12 21:26:34 2006
Subject: [Fwd: trend-autoupdate]
Message-ID: <mailman.761.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dear all,
Info below on the trend autoupdate. We're no longer using trend so did
not notice the change in the opr.ini file

Dan

-------- Original Message --------
The trend-autoupdate script that comes with MailScanner package is know
broken after Trend modified their opr.ini file, I got it to work again
by changing this line:

NEWVER=`grep PatternVersion /tmp/opr.ini.$$ | sed s/^PatternVersion=//g
| cut -c 1-3`
to this:
NEWVER=`grep PatternVersionNPF /tmp/opr.ini.$$ | sed
s/^PatternVersionNPF=//g | cut -c 3-5`

However the script could need further changes because of this new NPF
numbering scheme, what happens after they (Trend) go over 999

Kind Regards
Stefan Thor Hreinsson
Systems Administrator Anza


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Aug 14 11:33:55 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:34 2006
Subject: Notice error?
Message-ID: <mailman.762.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Carl Boberg wrote:
> Hi,
> In the notice emails from MS Im getting
> subject: noticefilenameinfected : noticevirusinfected
> And in the top of the MailScanner report mail:
> noticeprefix:noticefilenameinfected : noticevirusinfected
>
> I have checked the lang settings and the languages.conf file and the MS
> conf file. Everything looks ok...

If you're on a RPM based Linux, have you looked for rpmnew files in your
report directory? You lack the newly added lines in language.conf. You
should have something like this at the end:

# Used in Postmaster notices
NoticeVirusInfected = Virus Detected
NoticeFilenameInfected = Bad Filename Detected
NoticeOtherInfected = Other Bad Content Detected
NoticePasswordProtected = Password-protected Archive Detected
NoticePrefix = The following e-mails were found to have

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Aug 14 11:37:48 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:34 2006
Subject: Notice error?
Message-ID: <mailman.763.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:
> If you're on a RPM based Linux

Oops, I trimmed your post so fast I missed that you said FC2, sorry.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Aug 14 14:56:58 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.764.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Brudenell wrote:
> Please could I put in a plea for the OPPOSITE of what everyone else seems
> to be wanting?
>
> Personally I really loathe packages which take it upon themselves to
> provide and install every single library/module they are themselves
> dependent on.  I'm sorry, but I take care to keep our Perl modules etc up
> to date using CPAN and hate the idea of a MailScanner installation
> tampering with it in any shape or form.  (I also take care to read notes
> about dependencies, and check we have them installed and up to date.)
>
> Consequently I've had to track down and work out where the MailScanner kit
> now lives within the distribution in order to continue to build it by hand.
>
> However the size of that kit has now bloated with all these other
> unnecessary (to me!) copies of Perl modules that are easily available using
> CPAN  ...  the only exception is the patched copy of MIME::Tools, which it
> *is* very useful to have to hand (at least until the day a suitable copy
> makes its way onto CPAN).

Well, not everyone is like you and me and want control over their
systems. Many prefer Linux over Solaris because of the RPM system. The
new tar dist is a wonderful way of bridging the gap between the all
manual way of the old tar dist and the almost automatic way of the RPM
dist. It saves a lot of time on new installations and even on upgrades
so you're updated with new Perl module versions, like lately the new
Archive::Zip 1.12.

Of course you can use the old way since it's still there in the dist, I
did so myself on my production systems the first time. The new way
worked very well though on my test systems so for 4.32.5 I used it on my
production systems as well.

My systems are dedicated for this task so I have no problem relying on
Julian to determine what Perl modules and versions I need for MS to work
well. Could be different if I had lots of other stuff running on them.

> Perhaps there might be mileage in separating the distribution into a
> "MailScanner" kit and a "support" kit, with the latter to be
> downloaded/unpacked into MailScanner's directory by those who want it?
> Either that or provide two tarballs: one with just MailScanner, and the
> other with the whole kaboodle?

Why having Julian administer this? The size of the dist is not that
large that it matters if it downloads in 10 seconds or in 20, especially
since it's at the most once a month. As long as the old tar dist is kept
in the dist unchanged I'm happy because then we can choose for ourself
and choice is a good thing. :-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Aug 14 14:58:00 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.765.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Vosburgh wrote:
> Yes, please.  We use fast/cheap Linux system for incoming mail, but
> still use our old/slow Sparc systems for outgoing mail.  The Linux MS
> install has spoiled me forever...

No offence but I think you misunderstood what Julian meant. He's
suggesting adding stuff the RPM dist doesn't contain either, like Clam
and SpamAssassin.

The new way of installing the tar dist is already simple and when it
comes to upgrading I like the power of having the system running while
I'm preparing the upgrade and if something still goes wrong I can switch
back in a second by moving the symlink. That's not possible with the RPM
dist even though it's slightly easier with reports, rules and stuff. Not
much though since you still have to diff your files with the rpmnew ones.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Aug 14 15:31:12 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.766.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> Would you like me to add things to the Solaris distribution?
> Things I have recently written in the way of installation scripts include
> Mail::ClamAV and all its dependencies, including clam itself, along with
> Mail::SpamAssassin including all its dependencies.
>
> These are all currently designed for the tar distribution for Solaris
> systems, I can also give you a set of the most useful freeware packages
> (for i386 & sparc) along with a script to install them. Are there Solaris
> users out there who would like this?
>
> This is all coming out of a one-command Solaris 9 distribution I am putting
> together for a potential user.
>
> I'm not sure it will appear for RPM systems, I haven't really got time.

I think the new way of installing the tar dist is already great. I
tested it a lot before using it on my production systems for 4.32.5 and
it works very well. I maintain several Linux based MS systems too and
still prefer the power of the tar dist. That symlink is very important
for peace of mind during an upgrade. :-) The only thing I would want in
the tar dist is a generic start script for MS only and a script for
updating reports, I would settle for them being in a contrib directory
instead of being used during install. I have sent you my simple scripts
earlier.

The demand for this kind of complete system install might be larger
within the Linux community because of not only that more MS systems
seems to be Linux based but also that there are more inexperienced
sysadmins within that community.

To be more geared towards Sun it probably should use packages, be in the
form of a Flash archive, use Jumpstart or some combination. But that
would make it harder to maintain for you.

I'm very happy with the way it is now.  :-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 14 15:54:52 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Add things to the Solaris distribution?
Message-ID: <mailman.767.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:58 14/08/2004, you wrote:
>David Vosburgh wrote:
>>Yes, please.  We use fast/cheap Linux system for incoming mail, but
>>still use our old/slow Sparc systems for outgoing mail.  The Linux MS
>>install has spoiled me forever...
>
>No offence but I think you misunderstood what Julian meant. He's
>suggesting adding stuff the RPM dist doesn't contain either, like Clam
>and SpamAssassin.

To let you have a look, you can download
www.sng.ecs.soton.ac.uk/mailscanner/files/4/MailScanner-Clam-SA.install.tar.gz

It's quite big, as it happens to include all the perl modules shipped in
the main MailScanner tar distro. I could have carefully removed them all,
but the general idea is to ship one tar distro containing the combination
of MailScanner and ClamAV/SpamAssassin.

It will install ClamAV, the Perl ClamAV module and SpamAssassin-3.0.0pre4.

Notes:

1) You will need GNU make to be installed in /usr/local/bin (get it from
www.sunfreeware.com) before attempting to run the install-Clam-SA.sh
script. The script will fail with Sun's make, as ClamAV requires GNU make.

2) It assumes you already have MailScanner and its dependencies installed.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 14 16:06:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: Upgrading languages.conf to new releases
Message-ID: <mailman.768.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It just occurred to me that upgrade_MailScanner_conf should be able to do
exactly the same job on languages.conf files.

I just tried it and it worked very nicely. Instead of the usual command,
try this on a Linux system:
   cd /etc/MailScanner/reports/en
   upgrade_MailScanner_conf languages.conf languages.conf.rpmnew >
languages.new

Then take a look at languages.new and see if it has all the new strings added.

I'm sure the non-Linux users among you know enough of what you're doing to
be able to work out the corresponding commands on your own systems. Just
replace "MailScanner.conf" with "languages.conf" and make sure you are in
the right directory.

Does this work?
If so, I've just solved the problem of upgrading languages.conf files :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Carl.Boberg at NRM.SE  Sat Aug 14 16:07:11 2004
From: Carl.Boberg at NRM.SE (Carl Boberg)
Date: Thu Jan 12 21:26:34 2006
Subject: Notice error?
Message-ID: <mailman.769.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText97459 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Thanks </FONT><FONT face=Arial size=2>but,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>As I said, I have checked all the config files and I can not find anything out of order. </FONT></DIV>
<DIV dir=ltr>The "# Used in Postmaster notices" are all there.</DIV>
<DIV dir=ltr>and&nbsp; "%report-dir% = /etc/MailScanner/reports/en" looks ok&nbsp;to me.</DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT>&nbsp;</DIV>
<DIV dir=ltr><FONT face=Arial size=2>What else might I be missing?</FONT></DIV></DIV>
<DIV id=idSignature85427>
<DIV>
<DIV><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter Bonivart<BR><B>Sent:</B> Sat 2004-08-14 12:33<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re: Notice error?<BR></FONT><BR></DIV></DIV></DIV>
<DIV><PRE style="WORD-WRAP: break-word">Carl Boberg wrote:
&gt; Hi,
&gt; In the notice emails from MS Im getting
&gt; subject: noticefilenameinfected : noticevirusinfected
&gt; And in the top of the MailScanner report mail:
&gt; noticeprefix:noticefilenameinfected : noticevirusinfected
&gt;
&gt; I have checked the lang settings and the languages.conf file and the MS
&gt; conf file. Everything looks ok...

If you're on a RPM based Linux, have you looked for rpmnew files in your
report directory? You lack the newly added lines in language.conf. You
should have something like this at the end:

# Used in Postmaster notices
NoticeVirusInfected = Virus Detected
NoticeFilenameInfected = Bad Filename Detected
NoticeOtherInfected = Other Bad Content Detected
NoticePasswordProtected = Password-protected Archive Detected
NoticePrefix = The following e-mails were found to have

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</PRE></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From Carl.Boberg at NRM.SE  Sat Aug 14 16:25:38 2004
From: Carl.Boberg at NRM.SE (Carl Boberg)
Date: Thu Jan 12 21:26:34 2006
Subject: Notice error?
Message-ID: <mailman.770.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText62462 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Doh!</FONT></DIV>
<DIV dir=ltr>Checking a bit further down in MailScanner.conf I found</DIV>
<DIV dir=ltr>"Language Strings = /etc/MailScanner/reports/sv/languages.conf"</DIV>
<DIV dir=ltr>Which pointed to my own swedish translations.</DIV>
<DIV dir=ltr>&nbsp;</DIV>
<DIV dir=ltr>Sorry to have bother the list about this. I consider myself an experienced MailScanner user so this is&nbsp;a bit of an embarresment :-)</DIV>
<DIV dir=ltr>&nbsp;</DIV>
<DIV dir=ltr>/ Carl</DIV></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From james at 080.NET  Sat Aug 14 18:43:21 2004
From: james at 080.NET (James Hsieh)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.771.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Hi!</DIV>
<DIV>One of our servers got very huge server loading today, I spent 1 hour and 
found it's cause by MailScanner because one of users of this server got "catch 
all" email box and his domain got a lot of spam, every second spam from 
everywhere comes in his emails cause the email is "catch all" means <A 
href="mailto:no-real-name@domain.com">no-real-name@domain.com</A> will also 
arrive successfully to his box, and every time, mailscanner has to spend time on 
each email.</DIV>
<DIV>After I shutdown his "catch all" function, the loading went down right away 
from 90 to 0.9 on this P4 3.0 box.</DIV>
<DIV>&nbsp;</DIV>
<DIV>What my question is, I found this problem by "guessing", and I hope one of 
you guys can tell me if I need to find out those emails coming in right this 
moment is goes to where, what should I do ?&nbsp; (I am using a whitebox Linux 
with Cpanel )</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards,</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>James</DIV></BODY><br />
<br />
<br />
<br />----------------------------------------------------------
<br />¥»¶l¥ó¤w¸g¹L<a href="http://080.net">080.net</a> ¸s·ù¬ì§Þ¯f¬r±½ºË
<br />Viruses Scanned by <a href="http://080.net">080.net</a>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Aug 14 18:53:46 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele: Blacknight Solutions)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.772.1137101194.24926.mailscanner@lists.mailscanner.info>

On Sat 14 Aug 2004 18:43, James Hsieh wrote:
> Hi!
> One of our servers got very huge server loading today, I spent 1 hour and
> found it's cause by MailScanner because one of users of this server got
> "catch all" email box and his domain got a lot of spam, every second spam
> from everywhere comes in his emails cause the email is "catch all" means
> no-real-name@domain.com will also arrive successfully to his box, and every
> time, mailscanner has to spend time on each email.
> After I shutdown his "catch all" function, the loading went down right away
> from 90 to 0.9 on this P4 3.0 box.

You don't say what you are running. That kind of load is _not_ normal
regardless of the amount of spam you may have to process it should never go
that high.

--
Mr. Michele Neylon
Blacknight Solutions
http://www.blacknight.ie/
+353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sat Aug 14 18:53:49 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.773.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi!

> time, mailscanner has to spend time on each email.
> After I shutdown his "catch all" function, the loading went down right away
> from 90 to 0.9 on this P4 3.0 box.
>
> What my question is, I found this problem by "guessing", and I hope one of
> you guys can tell me if I need to find out those emails coming in right this
> moment is goes to where, what should I do ?  (I am using a whitebox Linux
> with Cpanel )

What about looking at your logfiles, if you would have descent log
analyzers running you would have seen (more or less) right away... This
sounds like a dictionary attack, and unortunately thats pretty 'normal'
these days.

This is however not really a MailScanner issue.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sat Aug 14 18:56:16 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.774.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi!

> > time, mailscanner has to spend time on each email.
> > After I shutdown his "catch all" function, the loading went down right away
> > from 90 to 0.9 on this P4 3.0 box.

> You don't say what you are running. That kind of load is _not_ normal
> regardless of the amount of spam you may have to process it should never go
> that high.

If hes gotten hit by a dictionary attack, by a zilion IP's then its
normal, we have seen situations like that more then once... The question
is however how many mails, in what timespan, and how many unique sending
IPs.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Sat Aug 14 19:23:52 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.775.1137101194.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on :

> On Sat 14 Aug 2004 18:43, James Hsieh wrote:
>> Hi!
>> One of our servers got very huge server loading today, I spent 1 hour
>> and found it's cause by MailScanner because one of users of this
>> server got "catch all" email box and his domain got a lot of spam,
>> every second spam from everywhere comes in his emails cause the email
>> is "catch all" means no-real-name@domain.com will also arrive
>> successfully to his box, and every time, mailscanner has to spend
>> time on each email. After I shutdown his "catch all" function, the
>> loading went down right away from 90 to 0.9 on this P4 3.0 box.
>
> You don't say what you are running. That kind of load is
> _not_ normal regardless of the amount of spam you may have to
> process it should never go that high.

I'd also wonder which SpamAssassin rules you are running.  BigEvil?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From micoots at YAHOO.COM  Sun Aug 15 06:58:53 2004
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.776.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi,

I'm using Fedora Core 1 and 2, sendmail and
mailscanner.

My primary mailserver is on Fedora Core 1.
My backup mailserver is on Fedora Core 2.
Both run sendmail and MailScanner.

For my backup mailserver, I use mailertable and dsmtp
configured in that with the primary server making ETRN
connections to the backup every hour (I'm using the
sendmail etrn.pl script from the contrib directory to
perform this step).

I've recently installed MailScanner on my backup
server and now ETRN responses aren't being made to it.

I tracked this down to the MailScanner startup script
which had the following entry:

        $SENDMAIL -bd -OPrivacyOptions=noetrn \

Commenting that out and restarting MailScanner allows
MailScanner to respond with ETRN on an SMTP
connection.

I've read the list archives on this and it was
mentioned in there that enabling this in MailScanner
means that clients could receive unscanned virus and
spam emails, bypassing MailScanner altogether.

Is this true?

Does this matter in my situation anyway since the
primary mailserver also runs MailScanner and would
scan the messages when it picks them up anyway?

Note I do not have _any_ users picking up any mail
from the backup server, all it does is handle mailing
lists and backup mail services for my domain.

I've commented out the above "noetrn" line so I can
continue to have my backup mail server facility
working. Is this the best way to go about it?

I'm using MailScanner 4.31.6-1 on the backup server
and MailScanner 4.25-14 on the primary mail server.

Thanks.

Michael.


Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From garry at GLENDOWN.DE  Sun Aug 15 08:11:55 2004
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.777.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> I've read the list archives on this and it was
> mentioned in there that enabling this in MailScanner
> means that clients could receive unscanned virus and
> spam emails, bypassing MailScanner altogether.
>
> Is this true?

Most likely yes - as Mailscanner uses different mqueue directories (one
incoming, one outgoing), and the daemon receiving the email is using the
incoming directory, asking it to deliver available mail will cause it to
scan the incoming queue will deliver ONLY unscanned mail, as it doesn't
have access to the scanned mails ... if you need ETRN delivery, you will
most likely need to set up a second mailserver w/o scanner ...

-gg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Sun Aug 15 09:37:59 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.778.1137101194.24926.mailscanner@lists.mailscanner.info>

----- Original Message -----
From: "Michael Mansour" <micoots@YAHOO.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Sunday, August 15, 2004 7:58 AM
Subject: ETRN support in MailScanner required


> Hi,
>
> I'm using Fedora Core 1 and 2, sendmail and
> mailscanner.
>
> My primary mailserver is on Fedora Core 1.
> My backup mailserver is on Fedora Core 2.
> Both run sendmail and MailScanner.
>
> For my backup mailserver, I use mailertable and dsmtp
> configured in that with the primary server making ETRN
> connections to the backup every hour (I'm using the
> sendmail etrn.pl script from the contrib directory to
> perform this step).

using ETRN is bad, because it forces sendmail to process the messages in
mqueue.in which hold unscanned messages.

Do you need ETRN?
Why doesn't your backup mailserver send the messages without it,
i.e. why use the dsmtp mailer, why not just the standard esmtp?
Then the backup mailserver tries regularly to deliver.

You can use cron to every hour do sendmail -qRyour.dom

If you MUST use some ETRN-alike functionality, you can use this method:
I have one client left on ISDN which need ETRN, I simulate it by having a
script called from inetd

In inetd.conf:
at-rtmp         stream  tcp     nowait root  /usr/local/sbin/etrnjohn
etrnjohn
(at-rtmp is just some random service from /etc/services I don't use)

/usr/local/sbin/etrnjohn:
#!/bin/sh
echo Hello
/usr/sbin/sendmail -qRjohns.dom
sleep 5

Then the client just does a telnet my.mailserver.dom at-rtmp when it wants
its mail.


> I've read the list archives on this and it was
> mentioned in there that enabling ETRN in MailScanner
> means that clients could receive unscanned virus and
> spam emails, bypassing MailScanner altogether.
>
> Is this true?
>
> Does this matter in my situation anyway since the
> primary mailserver also runs MailScanner and would
> scan the messages when it picks them up anyway?
>
I have a setup where my email clients connects to the main mailserver which
also runs mailscanner.

But my incoming MX is on another server, which runs mailscanner too,
and also sends scanned mail to clients which have their own mailserver,
sends mail to the main mailserver on another port, which is not scanned on
the mailserver.
I'm running an extra sendmail on the main mailserver which listens to that
port and delivers directly to mqueue, not mqueue.in.

That takes the load of the main mailserver, so email clients can get/send
more quickly.


> I've commented out the above "noetrn" line so I can
> continue to have my backup mail server facility
> working. Is this the best way to go about it?

NO!

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 15 10:58:55 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:34 2006
Subject: MailScanner Cause server load high
Message-ID: <mailman.779.1137101194.24926.mailscanner@lists.mailscanner.info>

> If hes gotten hit by a dictionary attack, by a zilion IP's
> then its normal, we have seen situations like that more then
> once...

Agreed, however we monitor all our servers closely. If we see a situation
like this arising we take preventative action and start shutting down extra
services, blocking IP blocks etc.,

We used to see higher loads, but we have implemented as many tweaks to our
setup as possible in order to speed up scanning and reduce load.





Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 15 12:40:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.780.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:58 15/08/2004, you wrote:
>My primary mailserver is on Fedora Core 1.
>My backup mailserver is on Fedora Core 2.
>Both run sendmail and MailScanner.
>
>For my backup mailserver, I use mailertable and dsmtp
>configured in that with the primary server making ETRN
>connections to the backup every hour (I'm using the
>sendmail etrn.pl script from the contrib directory to
>perform this step).

Do not bypass the noetrn setting. It is there for a very good reason, and
without it your systems can easily be exploited to bypass all your scanning.

To make mail move from a backup mailserver (high MX value) to your primary
mailserver (low MX value), you don't need to do anything except tell your
backup mailserver that it can relay mail for your domains. In sendmail this
just requires
your.domain.com RELAY
in your "access" db.

One of the primary jobs of a backup MX is to attempt delivery of mail to a
better (i.e. your primary) MX. Your MTA (sendmail) will do this
automatically. You don't need anything special/manual to do this at all.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Aug 15 14:07:29 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:34 2006
Subject: double message
Message-ID: <mailman.781.1137101194.24926.mailscanner@lists.mailscanner.info>

os: Fedora Core 1
sendmail: 8.12.10
mailscanner: 4.32.5-1
spamassassin 2.64

I seem to have the same problem described by a user before but has not been
replied with an solution. (http://tinyurl.com/65pw4) at some point incoming
messages are doubled this is pretty annoying for my users. Doing a "service
MailScanner restart" solves the problem for a little while but this is not
a permanent sulution as after a while messages double up again. Today I
completely removed sendmail, mailscanner, spamassassin and re-installed and
configured it again from clean configuration files but without result.

----------------------------------
virtusertable
----------------------------------
email01@address.com  localuser
email02@address.com  localuser
email03@address.com  localuser

----------------------------------
MailScanner.conf some bits.
----------------------------------
Max Children = 5
Restart Every = 14400
MTA = sendmail
Max Unscanned Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Lockfile Dir = /tmp
#Lock Type = flock

I had set lock to flock for a while which did not resolve the problem. This
server is under some heavy load at some points since some retard spammer is
doing a ongoing carpet-bombing on one of my domains. Where could the
problem be?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From slwatts at WINCKWORTHS.CO.UK  Sun Aug 15 14:14:17 2004
From: slwatts at WINCKWORTHS.CO.UK (Sam Luxford-Watts)
Date: Thu Jan 12 21:26:34 2006
Subject: Samuel Luxford-Watts is out of the office.
Message-ID: <mailman.782.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html><body>
<p>I will be out of the office starting  15/08/2004 and will not return until 23/08/2004.<br>
<br>
I am currently away from the office, returning on the 23rd August. If you require urgent assistance then please contact another member of the IT department.</body><font COLOR="#0000ff"><b>
<p>Winckworth Sherwood</b></font> <font FACE="Verdana" SIZE="2">Solicitors and
Parliamentary Agents
<br />DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR
Telephone 020 7593 5000 Fax 020 7593 5099
</font></p>
<p><b>Confidentiality</b>
<br />This email message and any attachments are confidential; they may be subject
to legal professional privilege and are intended for the named recipient only.
If you are not the named recipient, please return the message and enclosures
immediately and delete them from your system.</p>
<b>
<p>Caution</b>
<br />Before advice received only by email (whether by attachment or otherwise) may
be relied on, the authenticity of the communication must be verified by means
independent of email.
<b>
<p>Regulation</b>
<br />The firm is regulated by the Law Society. </p>
<p><b>Partners</b>
<br />A list of partners is available for inspection at each office of the firm and
on the firm's website at</font>
<a HREF="http://www.winckworths.co.uk">www.winckworths.co.uk</a></p>
</font>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Sun Aug 15 15:37:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:34 2006
Subject: double message
Message-ID: <mailman.783.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You *may* need
Lock Type = posix

Search the list archive for "posix" and you will find plenty of discussion
around this subject.

At 14:07 15/08/2004, you wrote:
>os: Fedora Core 1
>sendmail: 8.12.10
>mailscanner: 4.32.5-1
>spamassassin 2.64
>
>I seem to have the same problem described by a user before but has not been
>replied with an solution. (http://tinyurl.com/65pw4) at some point incoming
>messages are doubled this is pretty annoying for my users. Doing a "service
>MailScanner restart" solves the problem for a little while but this is not
>a permanent sulution as after a while messages double up again. Today I
>completely removed sendmail, mailscanner, spamassassin and re-installed and
>configured it again from clean configuration files but without result.
>
>----------------------------------
>virtusertable
>----------------------------------
>email01@address.com  localuser
>email02@address.com  localuser
>email03@address.com  localuser
>
>----------------------------------
>MailScanner.conf some bits.
>----------------------------------
>Max Children = 5
>Restart Every = 14400
>MTA = sendmail
>Max Unscanned Bytes Per Scan = 100000000
>Max Unsafe Bytes Per Scan = 50000000
>Max Unscanned Messages Per Scan = 30
>Max Unsafe Messages Per Scan = 30
>Max Normal Queue Size = 800
>Lockfile Dir = /tmp
>#Lock Type = flock
>
>I had set lock to flock for a while which did not resolve the problem. This
>server is under some heavy load at some points since some retard spammer is
>doing a ongoing carpet-bombing on one of my domains. Where could the
>problem be?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From micoots at YAHOO.COM  Sun Aug 15 16:29:53 2004
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.784.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

 --- Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:

> At 06:58 15/08/2004, you wrote:
> >My primary mailserver is on Fedora Core 1.
> >My backup mailserver is on Fedora Core 2.
> >Both run sendmail and MailScanner.
> >
> >For my backup mailserver, I use mailertable and
> dsmtp
> >configured in that with the primary server making
> ETRN
> >connections to the backup every hour (I'm using the
> >sendmail etrn.pl script from the contrib directory
> to
> >perform this step).
>
> Do not bypass the noetrn setting. It is there for a
> very good reason, and
> without it your systems can easily be exploited to
> bypass all your scanning.

Ok, I've re-added the noetrn back into the MailScanner
script.

> To make mail move from a backup mailserver (high MX
> value) to your primary
> mailserver (low MX value), you don't need to do
> anything except tell your
> backup mailserver that it can relay mail for your
> domains. In sendmail this
> just requires
> your.domain.com RELAY
> in your "access" db.

Hmm.. I didn't think that was the way to do it. What I
did was add:

domain1.com   esmtp: primary-mx.domain.com
domain2.com   esmtp: primary-mx.domain.com
etc

in the /etc/mail/mailertable file and then in
/etc/mail/relay-domains added:

domain1.com
domain2.com
etc

If I'm understanding you correctly, what you're saying
is that all I need to do is remove the above setup
within those files, and just add:

domain1.com   RELAY
domain2.com   RELAY

to my backup-mx?

I did give the backup MX a high MX number within DNS,
and the primary MX a low MX number.

Remember, what I want to do is store the mail in the
backup MX for the domains I host when the primary MX
is down. I thought my "esmtp" setup within the
mailertable and the "relay-domains" file mods were the
right way to do this?

> One of the primary jobs of a backup MX is to attempt
> delivery of mail to a
> better (i.e. your primary) MX. Your MTA (sendmail)
> will do this
> automatically. You don't need anything
> special/manual to do this at all.

Thanks for your comments Julian.

Michael.

> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their
> support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6
> 5947 1415 B654
>
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From micoots at YAHOO.COM  Sun Aug 15 16:36:06 2004
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.785.1137101194.24926.mailscanner@lists.mailscanner.info>

Hi Leif,

> > Hi,
> >
> > I'm using Fedora Core 1 and 2, sendmail and
> > mailscanner.
> >
> > My primary mailserver is on Fedora Core 1.
> > My backup mailserver is on Fedora Core 2.
> > Both run sendmail and MailScanner.
> >
> > For my backup mailserver, I use mailertable and
> dsmtp
> > configured in that with the primary server making
> ETRN
> > connections to the backup every hour (I'm using
> the
> > sendmail etrn.pl script from the contrib directory
> to
> > perform this step).
>
> using ETRN is bad, because it forces sendmail to
> process the messages in
> mqueue.in which hold unscanned messages.
>
> Do you need ETRN?
> Why doesn't your backup mailserver send the messages
> without it,
> i.e. why use the dsmtp mailer, why not just the
> standard esmtp?
> Then the backup mailserver tries regularly to
> deliver.

What I wanted to avoid was the "WARNING: Message
undeliverable after 4 hours" etc messages which esmtp
would do. With dsmtp, the mail sits there forever
until the primary mx server comes up, where it can
then run the etrn.pl script to retrieve the mail from
the backup mx.

> You can use cron to every hour do sendmail
> -qRyour.dom
>
> If you MUST use some ETRN-alike functionality, you
> can use this method:
> I have one client left on ISDN which need ETRN, I
> simulate it by having a
> script called from inetd
>
> In inetd.conf:
> at-rtmp         stream  tcp     nowait root
> /usr/local/sbin/etrnjohn
> etrnjohn
> (at-rtmp is just some random service from
> /etc/services I don't use)
>
> /usr/local/sbin/etrnjohn:
> #!/bin/sh
> echo Hello
> /usr/sbin/sendmail -qRjohns.dom
> sleep 5
>
> Then the client just does a telnet my.mailserver.dom
> at-rtmp when it wants
> its mail.

Based on yours and a couple of other ppl, I decided
against the dsmtp/etrn approach and went through to
esmtp setup. I added esmtp into mailertable,
re-hashed, and added the domains in mailertable into
my "relay-domains" file so the backup mx server will
keep trying to deliver to primary mx.

> > I've read the list archives on this and it was
> > mentioned in there that enabling ETRN in
> MailScanner
> > means that clients could receive unscanned virus
> and
> > spam emails, bypassing MailScanner altogether.
> >
> > Is this true?
> >
> > Does this matter in my situation anyway since the
> > primary mailserver also runs MailScanner and would
> > scan the messages when it picks them up anyway?
> >
> I have a setup where my email clients connects to
> the main mailserver which
> also runs mailscanner.
>
> But my incoming MX is on another server, which runs
> mailscanner too,
> and also sends scanned mail to clients which have
> their own mailserver,
> sends mail to the main mailserver on another port,
> which is not scanned on
> the mailserver.
> I'm running an extra sendmail on the main mailserver
> which listens to that
> port and delivers directly to mqueue, not mqueue.in.
>
> That takes the load of the main mailserver, so email
> clients can get/send
> more quickly.

That's an interesting setup :)

> > I've commented out the above "noetrn" line so I
> can
> > continue to have my backup mail server facility
> > working. Is this the best way to go about it?
>
> NO!

Advice taken, thanks for your comments Leif.

Michael.

> Leif
>
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ryanb at AACRAO.ORG  Sun Aug 15 16:53:43 2004
From: ryanb at AACRAO.ORG (Ryan Bingham)
Date: Thu Jan 12 21:26:34 2006
Subject: OT: "Someone is trying to find experiences about" messages
Message-ID: <mailman.786.1137101194.24926.mailscanner@lists.mailscanner.info>

Just curious if anyone else is getting these messages and if they have a
clue what they are all about.  They seem to be spam but I haven't really
figured out what the point is.

Thanks,

Ryan



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/PLAIN (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "message.txt")  55 lines. ]
    [ Unable to print this part. ]


From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 15 17:01:40 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:34 2006
Subject: OT: "Someone is trying to find experiences about" messages
Message-ID: <mailman.787.1137101194.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-15 at 16:53, Ryan Bingham wrote:
> Just curious if anyone else is getting these messages and if they have a
> clue what they are all about.  They seem to be spam but I haven't really
> figured out what the point is.

They are listed in SURBL and I would consider them to be spam.
If you do some digging on the hostnames in the headers and the bodies
you'll find them listed in a few places although there isn't a lot of
information

M
--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Sun Aug 15 17:10:39 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:34 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.788.1137101194.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
If you REALLY need ETRN on your secondary MX, then here's what I would
do:

0) compile your sendmail with libwrap, if you haven't already

1) there are two sendmail's that you run under mailscanner, the one
that normally as the "-bd" option (that should also have the noetrn
directive), and then one that has the "-q15m" (or some number besides
15).  Take the _SECOND_ one (that normally doesn't run with daemon
mode), and run it with daemon mode on a port other than 25.  Pick a
really obscure port, not one of the standard alternate ports.  This is
going to require that you do a bit of extra work (two different .cf
files, for starters, probably separate access_db's, etc.).

2) set up your libwrap (and/or access_db for the 2nd sendmail) so that
the other port is only accessible from your primary MX.  This way you
wont get random people submitting messages on this other port (which
would bypass mailscanner).

3) when you want to start the ETRN process, you'll need to do it by
connecting to that obscure port.  You probably want to do this via a
specific process, and not set up your primary to generally use that
obscure port (so that it is only connecting to that port for ETRN, and
not for general mail delivery to the secondary).


Hope that all makes sense.  If you don't fully understand all of the
work involved (like what needs to go into that second .cf file), then
you shouldn't even think about trying to do this.  It's not something
that should be done by someone who doesn't REALLY understand what's
going on at the different interacting levels (which is why I haven't
given specific directives about how to set up that second cf file, and
wont: if you can't figure it out on your own, don't do it at all).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Aug 15 18:34:16 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:35 2006
Subject: double message
Message-ID: <mailman.789.1137101194.24926.mailscanner@lists.mailscanner.info>

I had searched the list for double messages but only found suggestions to
switch to posix locking however after reading the comments in the
mailscanner.conf I was not sure it would apply to me since I'm using
sendmail. However I have set "Lock Type = posix" the first couple of
message come in fine but after a few "service MailScanner restart" commands
the problem comes back. Are there any bits of my configuration you would
like to see?

-------------------------------------------------
sendmail[3252]: starting daemon (8.12.10): SMTP
sm-msp-queue[3259]: starting daemon (8.12.10): queueing@00:15:00
sendmail[3267]: starting daemon (8.12.10): queueing@00:15:00
MailScanner[3286]: MailScanner E-Mail Virus Scanner version 4.32.5
starting...
MailScanner[3286]: Using locktype = posix
MailScanner[3286]: Creating hardcoded struct_flock subroutine for linux
(Linux-type)
MailScanner[3293]: MailScanner E-Mail Virus Scanner version 4.32.5
starting...
MailScanner[3293]: Using locktype = posix
MailScanner[3293]: Creating hardcoded struct_flock subroutine for linux
(Linux-type)
bromberg MailScanner[3294]: MailScanner E-Mail Virus Scanner version 4.32.5
starting...
bromberg MailScanner[3294]: Using locktype = posix
bromberg MailScanner[3294]: Creating hardcoded struct_flock subroutine for
linux (Linux-type)
bromberg MailScanner[3295]: MailScanner E-Mail Virus Scanner version 4.32.5
starting...
bromberg MailScanner[3295]: Using locktype = posix
bromberg MailScanner[3295]: Creating hardcoded struct_flock subroutine for
linux (Linux-type)
-------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sun Aug 15 22:01:42 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:35 2006
Subject: double message
Message-ID: <mailman.790.1137101195.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-15 at 18:34, Matthijs Althoff wrote:
> I had searched the list for double messages but only found suggestions to
> switch to posix locking however after reading the comments in the
> mailscanner.conf I was not sure it would apply to me since I'm using
> sendmail. However I have set "Lock Type = posix" the first couple of
> message come in fine but after a few "service MailScanner restart" commands
> the problem comes back. Are there any bits of my configuration you would
> like to see?
>
What does the follo9wing command produce?

postconf -l





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sun Aug 15 22:05:12 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:35 2006
Subject: double message
Message-ID: <mailman.791.1137101195.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-15 at 18:34, Matthijs Althoff wrote:
> I had searched the list for double messages but only found suggestions to
> switch to posix locking however after reading the comments in the
> mailscanner.conf I was not sure it would apply to me since I'm using
> sendmail. However I have set "Lock Type = posix" the first couple of
> message come in fine but after a few "service MailScanner restart" commands
> the problem comes back. Are there any bits of my configuration you would
> like to see?
>
ignore my previous message about postconf, you're using sendmail (I got
confused between your message and the other thread you referenced)
instead what does this produce...
sendmail -bt -d0.10 < /dev/null | head -n 10




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sun Aug 15 22:12:03 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:35 2006
Subject: double message
Message-ID: <mailman.792.1137101195.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-15 at 22:05, Kevin Spicer wrote:
> On Sun, 2004-08-15 at 18:34, Matthijs Althoff wrote:
> > I had searched the list for double messages but only found suggestions to
> > switch to posix locking however after reading the comments in the
> > mailscanner.conf I was not sure it would apply to me since I'm using
> > sendmail. However I have set "Lock Type = posix" the first couple of
> > message come in fine but after a few "service MailScanner restart" commands
> > the problem comes back. Are there any bits of my configuration you would
> > like to see?
> >
> ignore my previous message about postconf, you're using sendmail (I got
> confused between your message and the other thread you referenced)
> instead what does this produce...
> sendmail -bt -d0.10 < /dev/null | head -n 10

Also... have you compared the headers from the 'double' messages to make
sure that both messages have identical headers, especially the message
ID assigned by your sendmail.  Also grep your logs for that message ID
(or if different both message ID's), se if that turns anything
interesting up.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner-user at NELAND.DK  Sun Aug 15 22:34:26 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:35 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.793.1137101195.24926.mailscanner@lists.mailscanner.info>

>
> What I wanted to avoid was the "WARNING: Message
> undeliverable after 4 hours" etc messages which esmtp
> would do. With dsmtp, the mail sits there forever
> until the primary mx server comes up, where it can
> then run the etrn.pl script to retrieve the mail from
> the backup mx.
>
If you really want to avoid this message (and why, it is the truth), you can
tweak the sendmail.mc to only return it after say 1 month...

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From daniel_wolpert at WEB.DE  Sun Aug 15 23:55:25 2004
From: daniel_wolpert at WEB.DE (Daniel Wolpert)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.794.1137101195.24926.mailscanner@lists.mailscanner.info>

Hello,

after update to version 4.32.5-1 all report mails come in a wrong language
(english). I defined in the "%report-dir%" variable the report-dir
"/etc/MailScanner/reports/de".

Is this a bug in the current version? How do i fix this problem?

Thanks for your answers

Daniel Wolpert

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Mon Aug 16 06:33:20 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:35 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.795.1137101195.24926.mailscanner@lists.mailscanner.info>

> What I wanted to avoid was the "WARNING: Message
> undeliverable after 4 hours" etc messages which esmtp would
> do. With dsmtp, the mail sits there forever until the primary

But why? This message is there for a good reason. If one of your MTAs is
taking the message, the sender must think the message has reached you.
If it is urgent a few hours can make a difference. But as Leif has
pointed out: Would it not be simpler to change the intervals in which
your secondary MX writes those mails?

Regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shrek-m at GMX.DE  Mon Aug 16 08:35:38 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.796.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Daniel Wolpert wrote:

>after update to version 4.32.5-1 all report mails come in a wrong language
>(english).
>

surely not all!

# vi /etc/MailScanner/reports/de/*
24 Dateien zur Bearbeitung

it seems that not all reports are in german.

> I defined in the "%report-dir%" variable the report-dir
>"/etc/MailScanner/reports/de".
>
>

# vi /etc/MailScanner/MailScanner.conf
#%report-dir% = /etc/MailScanner/reports/en
%report-dir% = /etc/MailScanner/reports/de


# service MailScanner restart


eg.

+-+-+-+-+-+-+
Warnung: Diese Nachricht enthielt einen oder mehrere Dateianhaenge, die
entfernt wurden
Warnung: (the_message.scr)
Warnung: Bitte lesen Sie den oder die "yoursite-Attachment-Warning.txt"
Dateianhaenge fuer genauere Informationen.

Dies ist eine Nachricht vom MailScanner (E-Mail Virus Protection Service)
-------------------------------------------------------------------------
Der Dateianhang "the_message.scr"
ist von einem Virus verseucht und wurde durch diese Nachricht ersetzt.

Wenn Sie eine Kopie der Original Nachricht wuenschen, wenden Sie sich bitte
per Mail oder Telefon an Ihren Systemadministrator. Bitte halten Sie diese
Meldung bereit.

Am Mon Aug 16 09:09:00 2004 meldete der Virenscanner folgendes:
   Sophos: >>> Virus 'W32/Bagle-AA' found in file the_message.scr
   ClamAV: the_message.scr contains Worm.Bagle.Z
   MailScanner: Windows Screensavers are often used to hide viruses (the_message.scr)


Hinweis an den Administrator:
Datei ist auf Rechner: the yoursite MailScanner im Verzeichnis /var/spool/MailScanner/quarantine/20040816 (NachrichtenID i7G78qup004672) abgespeichert.

+-+-+-+-+-+-+

+-+-+-+-+-+-+
The following e-mails were found to have:Bad Filename Detected : Virus
Detected
Sender: shrek-m@gmx.de
IP Address: 127.0.0.1
Recipient: admin@localhost
Subject: Re: Yahoo!
MessageID: i7G77dYT004554
Report:
Sophos: >>> Virus 'W32/Bagle-AA' found in file
./i7G77dYT004554/the_message.scr
ClamAV: the_message.scr contains Worm.Bagle.Z
MailScanner: Windows Screensavers are often used to hide viruses
(the_message.scr)
+-+-+-+-+-+-+


--
shrek-m

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From p.g.m.peters at utwente.nl  Mon Aug 16 08:40:22 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:35 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.797.1137101195.24926.mailscanner@lists.mailscanner.info>

On Sun, 15 Aug 2004 15:58:53 +1000, you wrote:

>For my backup mailserver, I use mailertable and dsmtp
>configured in that with the primary server making ETRN
>connections to the backup every hour (I'm using the
>sendmail etrn.pl script from the contrib directory to
>perform this step).

I know a system is using ETRN and MailScanner without problems. I
checked the configuration and this is what happens:

On that system the "normal" sendmail(s) don't do ETRN. There is a host
etrn.provider (different name, different IP but same server) with a
seperate sendmail configuration which allows ETRN and which reads from a
different queue directory. I haven't yet found how messages are put in
that queue but I know it happens after MailScanner has scanned incoming
messages.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 09:02:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.798.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:35 16/08/2004, you wrote:
>it seems that not all reports are in german.

Feel free to translate the ones that aren't in German...

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 11:02:34 2004
From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk)
Date: Thu Jan 12 21:26:35 2006
Subject: hello
Message-ID: <mailman.799.1137101195.24926.mailscanner@lists.mailscanner.info>

here, the serials

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-ZIP-COMPRESSED  0 bytes. ]
    [ Unable to print this part. ]


From gregk at infosecsolutions.com.au  Mon Aug 16 11:35:46 2004
From: gregk at infosecsolutions.com.au (Greg Krzeszkowski)
Date: Thu Jan 12 21:26:35 2006
Subject: hello
Message-ID: <mailman.800.1137101195.24926.mailscanner@lists.mailscanner.info>

Another compromised system?

_____________________________________
Greg Krzeszkowski
0411 154 261

This e-mail and files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error, please notify the
addressee by
return mail. This e-mail transmission is the property of InfoSec
Solutions
and any information contained within is legally protected.



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of mailscanner@ECS.SOTON.AC.UK
Sent: Monday, 16 August 2004 8:03 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: hello


here, the serials

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shrek-m at GMX.DE  Mon Aug 16 11:38:06 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:26:35 2006
Subject: hello
Message-ID: <mailman.801.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
mailscanner@ECS.SOTON.AC.UK wrote:

>here, the serials
>
>

$ du -b hello.eml location.zip
2549    hello.eml
0       location.zip

--
shrek-m

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcel at IRC-ADDICTS.DE  Mon Aug 16 12:05:13 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:35 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.802.1137101195.24926.mailscanner@lists.mailscanner.info>

Hi there,



On Fri, 13 Aug 2004, Julian Field wrote:

> It is often very difficult (as it is in this case) to attempt to extract
> the virus name, sorry.
>
i see..
but what i am wondering, is the following:

The same file as virus as ordinary file was tagged as this
eicar-test-file.
The exact same file, within a zip got tagged as eicar-test-file.
But only within the rar-file, the exact same file, did not state as
eicar-test-file.

There is no difference within the file or the contained test-file.
The only difference is the way it got through..
once directly..then within a zip and then within a rar..
and directly and as zip the file got scanned and the real virus-name was
mentioned..

only as rar-file this does not work

i hope you will be able to understand me :) as it is hot here.. ;)

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shrek-m at GMX.DE  Mon Aug 16 12:09:24 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.803.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 08:35 16/08/2004, you wrote:
>
>> it seems that not all reports are in german.
>
> Feel free to translate the ones that aren't in German...


ooh, my english is not so good ;-)
this are the english-files in the german-reports.
who is able to translate these few files ?


# ls ../de/
deleted.content.message.txt  recipient.mcp.report.txt
sender.content.report.txt
inline.spam.warning.txt      recipient.spam.report.txt
sender.mcp.report.txt




# cat /etc/MailScanner/reports/de/README.1ST
Dies sind die uebersetzten Reportvorlagen fuer MailScanner Version 4.ALPHA
==========================================================================

Installation:
1. Sicherheitskopie der Original Reportvorlagen in /etc/reports anfertigen!
2. Mit den uebersetzten Vorlagen die Original Repotvorlagen ueberschreiben.
3. Das war's!

ich uebernehme keinerlei Verantwortung in Zusammenhang mit MailScanner oder
diesen von mir fuer meine persoenlichen Zwecke uebersetzten Reportvorlagen.

Ueber Hinweise und Kritiken zu den Uebersetzungen freue ich mich!

Kontakt: thomas@trueten.de


--
shrek-m

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 12:15:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.804.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
And did you have the permissions etc setup so that the clamav user could
read the files when running the unrar program. And have you told it where
to find the unrar program?
What did your logs say when you scanned the eicar.rar--->eicar.com file?

At 12:05 16/08/2004, you wrote:
>Hi there,
>
>
>
>On Fri, 13 Aug 2004, Julian Field wrote:
>
> > It is often very difficult (as it is in this case) to attempt to extract
> > the virus name, sorry.
> >
>i see..
>but what i am wondering, is the following:
>
>The same file as virus as ordinary file was tagged as this
>eicar-test-file.
>The exact same file, within a zip got tagged as eicar-test-file.
>But only within the rar-file, the exact same file, did not state as
>eicar-test-file.
>
>There is no difference within the file or the contained test-file.
>The only difference is the way it got through..
>once directly..then within a zip and then within a rar..
>and directly and as zip the file got scanned and the real virus-name was
>mentioned..
>
>only as rar-file this does not work
>
>i hope you will be able to understand me :) as it is hot here.. ;)
>
>Greetings
>
>Marcel
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcel at IRC-ADDICTS.DE  Mon Aug 16 12:29:14 2004
From: marcel at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:35 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.805.1137101195.24926.mailscanner@lists.mailscanner.info>

Hi there,

this is my logfile :)

as you can see, it is able to start unrar (v3.0) and it does find the
eicar-test-file ;)


ok...the virus was not delivered :) but it was able to be found..

greetings

Marcel

Aug 16 13:24:53 marcel sendmail-in[5760]: i7GBOrV9005760:
from=<emailcheck-robot@ct.heise.de>, size=1927, class=0, nrcpts=1,
msgid=<E1Bwfbe-0001vF-00.octo13@www.heise.de>, proto=ESMTP, daemon=MTA,
relay=www.heise.de [193.99.144.71]
Aug 16 13:24:58 marcel MailScanner[4290]: New Batch: Scanning 1 messages,
2405 bytes
Aug 16 13:25:03 marcel MailScanner[4290]: Virus and Content Scanning:
Starting
Aug 16 13:25:05 marcel MailScanner[4290]: UNRAR 3.00 freeware
Copyright (c) 1993-2002 Eugene Roshal
Aug 16 13:25:05 marcel MailScanner[4290]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
Roshal". Please contact the authors!
Aug 16 13:25:05 marcel MailScanner[4290]:
/tmp/clamav.5769/clamav-0b4a8acd6ce7803c/eicar.com: Eicar-Test-Signature
FOUND
Aug 16 13:25:05 marcel MailScanner[4290]:
/tmp/clamav.5769/clamav-97b9ca7490022e33/eicar.rar: Infected Archive FOUND
Aug 16 13:25:05 marcel MailScanner[4290]: (Real infected archive:
/var/spool/MailScanner/incoming/4290/./i7GBOrV9005760/eicar.rar)
Aug 16 13:25:05 marcel MailScanner[4290]: Virus Scanning: ClamAV found 3
infections
Aug 16 13:25:05 marcel MailScanner[4290]: Infected message i7GBOrV9005760
came from 193.99.144.71
Aug 16 13:25:05 marcel MailScanner[4290]: Saved infected "eicar.rar" to
/var/spool/MailScanner/quarantine/20040816/i7GBOrV9005760
Aug 16 13:25:06 marcel MailScanner[4290]: Silent: Delivered 1 messages
containing silent viruses
Aug 16 13:25:06 marcel sendmail[5791]: i7GBP6lc005791: from=postmaster,
size=1164, class=0, nrcpts=1,
msgid=<200408161125.i7GBP6lc005791@marcel.netfinish.de>,
relay=root@localhost
Aug 16 13:25:06 marcel sendmail-in[5795]: i7GBP6V9005795:
from=<postmaster@marcel.netfinish.de>, size=1435, class=0, nrcpts=1,
msgid=<200408161125.i7GBP6lc005791@marcel.netfinish.de>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Aug 16 13:25:07 marcel sendmail[5791]: i7GBP6lc005791: to=postmaster,
delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30073,
relay=localhost.netfinish.de. [127.0.0.1], dsn=2.0.0, stat=Sent
(i7GBP6V9005795 Message accepted for delivery)
Aug 16 13:25:07 marcel MailScanner[4290]: Notices: Warned about 1 messages
Aug 16 13:25:07 marcel MailScanner[4290]: New Batch: Scanning 1 messages,
1908 bytes
Aug 16 13:25:13 marcel MailScanner[4290]: Virus and Content Scanning:
Starting
Aug 16 13:25:15 marcel MailScanner[4290]: Uninfected: Delivered 1 messages
Aug 16 13:25:17 marcel sendmail[5790]: i7GBOrV9005760:
to=<marcel@irc-addicts.de>, delay=00:00:24, xdelay=00:00:11, mailer=local,
pri=120515, dsn=2.0.0, stat=Sent
Aug 16 13:25:19 marcel sendmail[5822]: i7GBP6V9005795: to=root,
delay=00:00:13, xdelay=00:00:04, mailer=local, pri=120344, dsn=2.0.0,
stat=Sent



On Mon, 16 Aug 2004, Julian Field wrote:

> And did you have the permissions etc setup so that the clamav user could
> read the files when running the unrar program. And have you told it where
> to find the unrar program?
> What did your logs say when you scanned the eicar.rar--->eicar.com file?
>
> At 12:05 16/08/2004, you wrote:

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From daniel_wolpert at WEB.DE  Mon Aug 16 12:59:22 2004
From: daniel_wolpert at WEB.DE (Daniel Wolpert)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.806.1137101195.24926.mailscanner@lists.mailscanner.info>

Hello,

>Feel free to translate the ones that aren't in German...

thats not the problem. The problem is follow:

reports in versions smaller than 4.32.5-1 are in german language (and some
in english who not translate). But in version 4.32.5-1 the reports who are
in german comes in english - THAT IS THE PROBLEM.

Show this report mail:

========================================================
.........
.........
From: "MailScanner" <xxxxx>
To: xxxxx
Subject: noticevirusinfected
.......
.......

noticeprefix:noticevirusinfected

    Sender: xxxxx
IP Address: xxxxx
 Recipient: xxxxx
   Subject: xxxxx
 MessageID: xxxxx
   Achtung: your_details.pif contains Worm.SomeFool.Gen-1

Die vollständigen Kopfzeilen sind:

.......
.......
.......

--
MailScanner
Email Virus Scanner
www.mailscanner.info
====================================================

As you can see, the body of the mail is german, the subject is not in german
(i think its a canocical word for MailScanner).

In the MailScanner.conf is nothing change, i only update the MailScanner to
Version 4.32.5-1.

Thanks for help,

Daniel Wolpert

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Mon Aug 16 14:10:59 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.807.1137101195.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Daniel Wolpert
> Sent: Monday, August 16, 2004 6:59 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Wrong language in report mails
>
>
> Hello,
> >Feel free to translate the ones that aren't in German...
> thats not the problem. The problem is follow:
> reports in versions smaller than 4.32.5-1 are in german language
> (and some in english who not translate). But in version 4.32.5-1
> the reports who are in german comes in english - THAT IS THE PROBLEM.
> Show this report mail:

Ok, I just looked at the German languages.conf
(etc/reports/de/languages.conf) and the report variables are not translated
by default. If you go to the bottom of the languages.conf file you will see

# Used in Postmaster notices
NoticeVirusInfected = Virus Detected
NoticeFilenameInfected = Bad Filename Detected
NoticeOtherInfected = Other Bad Content Detected
NoticePasswordProtected = Password-protected Archive Detected
NoticePrefix = The following e-mails were found to have

If you do not translate these, the subjects will be in English regardless of
the body's language. If they are not in the languages.conf file you are
using (which appears to be the case) then add them, translate them and you
should be happy. I say they do not appear to be in the languages.conf that
you are using because the Subject: line should read
Subject: Virus Detected, instead of containing the variable name.


> ========================================================
> ......... ......... From: "MailScanner" <xxxxx> To: xxxxx
> Subject: noticevirusinfected ....... .......
> noticeprefix:noticevirusinfected
>     Sender: xxxxx IP Address: xxxxx  Recipient: xxxxx    Subject:
> xxxxx  MessageID: xxxxx    Achtung: your_details.pif contains
> Worm.SomeFool.Gen-1
> Die vollständigen Kopfzeilen sind:
> ....... ....... .......
> -- MailScanner Email Virus Scanner www.mailscanner.info
> ====================================================
>
> As you can see, the body of the mail is german, the subject is
> not in german
> (i think its a canocical word for MailScanner).
> In the MailScanner.conf is nothing change, i only update the
> MailScanner to Version 4.32.5-1.
> Thanks for help,
> Daniel Wolpert
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in
> the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 14:46:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Antivir and Clam patches
Message-ID: <mailman.808.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:29 16/08/2004, you wrote:
>Hi there,
>
>this is my logfile :)
>
>as you can see, it is able to start unrar (v3.0) and it does find the
>eicar-test-file ;)
>
>
>ok...the virus was not delivered :) but it was able to be found..

So there isn't actually a problem at all. It detected the virus and stopped
it from being delivered. Yes, there is some extra output from the unrar
program, which I can't do much about. The important bit is that it
successfully found the virus inside the rar archive.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rdvieira at IMPACTOOLS.COM  Mon Aug 16 14:55:55 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:26:35 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.809.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2>Hi!</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>Does anyone know if 
it is possible to configure MailScanner to allow .exe files compressed in .zip 
files?</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>By default, 
MailScanner denies .exe attachments, but some people here need to send and 
receive this type of attachment and then, they would like to send/receive .exe 
files compressing them in .zip files.</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>I have already tried 
to configure this option changing the following line in the 
filetype.rules.conf:</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>&nbsp;&nbsp;&nbsp; 
allow&nbsp;&nbsp; executable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; No 
executables&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; No programs 
allowed<BR></FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>Instead of using 
"deny", I changed to "allow".</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial size=2>Thanks for any 
help.</FONT></SPAN></DIV>
<DIV><SPAN class=447434713-16082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=447434713-16082004></SPAN><FONT face=Arial 
size=2></FONT>&nbsp;</DIV>
<DIV style="WIDTH: 893px; HEIGHT: 190px" align=left>
<P class=MsoNormal style="MARGIN: 0px"><B><I><FONT color=navy size=2><SPAN 
lang=EN-US 
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-STYLE: italic; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">Renata 
D. Vieira</SPAN></FONT></I></B></P>
<P class=MsoNormal style="MARGIN: 0px"><B><I><FONT color=navy size=2><SPAN 
lang=EN-US 
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-STYLE: italic; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">Support 
Analyst<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" 
/><o:p></o:p></SPAN></FONT></I></B></P>
<P class=MsoNormal style="MARGIN: 0px"><B><I><FONT color=navy size=2><SPAN 
lang=EN-US 
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-STYLE: italic; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">Impactools 
- The wise solution that fits.</SPAN></FONT></I></B></P>
<P class=MsoNormal style="MARGIN: 0px"><B><I><SPAN lang=EN-US 
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-STYLE: italic; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US"><o:p><SPAN 
class=447434713-16082004><A 
href="http://www.impactools.com">www.impactools.com</A></SPAN></o:p></SPAN></I></B></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US"></SPAN></FONT>&nbsp;</P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
This message may contain confidential and/or 
privileged<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
information. If you are not the addressee or authorized to 
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
receive this for the addressee, you must not use, 
copy,<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
disclose or take any action based on this message or any 
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
information herein. If you have received this message in 
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
error, please advise the sender immediately by reply e-mail 
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0px"><FONT face=Arial color=#999999 
size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; COLOR: #999999; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">| 
and delete this message. Thank you for your 
cooperation<o:p></o:p></SPAN></FONT></P></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ugob at CAMO-ROUTE.COM  Mon Aug 16 15:06:42 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:35 2006
Subject: MailScanner SpamAssassin issue
Message-ID: <mailman.810.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
augustin siaens wrote:

> Dear all,
>
> I face the following problem: SpamAssassin works fairly well in command
> mode (when I do debug with -t -D and a spam.txt) but that it fails to
> scan something when using in the system with MailScanner. I've tested my
> MailScanner config and I didn't find anything weird.
>
> here's a report I get when using the command line and the debug mode.
>
> The same e-mail pass trough without any problem if I use the e-mail
> system. No header modification.
>
> Do you have any idea of the origin of the problem?

You have Use Spamassassin = yes?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Mon Aug 16 15:11:59 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:35 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.811.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Renata D. Vieira wrote:

> Hi!
>
> Does anyone know if it is possible to configure MailScanner to allow
> .exe files compressed in .zip files?
> By default, MailScanner denies .exe attachments, but some people here
> need to send and receive this type of attachment and then, they would
> like to send/receive .exe files compressing them in .zip files.


I don't think it is currently possible to do exactly what you want.  You
can tell them to nest the .exe deep enough see "Max Archive Depth" setting.

> I have already tried to configure this option changing the following
> line in the filetype.rules.conf:
>
>     allow   executable      No executables          No programs allowed
> Instead of using "deny", I changed to "allow".
>
>

Bad idea, this will allow all .exe, including those non-zipped.


> Thanks for any help.

>
>
>
> */Renata D. Vieira/*
>
> */Support Analyst/*
>
> */Impactools - The wise solution that fits./*
>
> */www.impactools.com <http://www.impactools.com>/*
>
>
>
> | This message may contain confidential and/or privileged
>
> | information. If you are not the addressee or authorized to
>
> | receive this for the addressee, you must not use, copy,
>
> | disclose or take any action based on this message or any
>
> | information herein. If you have received this message in
>
> | error, please advise the sender immediately by reply e-mail
>
> | and delete this message. Thank you for your cooperation
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From daniel_wolpert at WEB.DE  Mon Aug 16 15:24:10 2004
From: daniel_wolpert at WEB.DE (Daniel Wolpert)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.812.1137101195.24926.mailscanner@lists.mailscanner.info>

Hello,

>Ok, I just looked at the German languages.conf
>(etc/reports/de/languages.conf) and the report variables are not translated
>by default. If you go to the bottom of the languages.conf file you will see
>
># Used in Postmaster notices
>NoticeVirusInfected = Virus Detected
>NoticeFilenameInfected = Bad Filename Detected
>NoticeOtherInfected = Other Bad Content Detected
>NoticePasswordProtected = Password-protected Archive Detected
>NoticePrefix = The following e-mails were found to have

many many thanks Rick - that was the problem. This five variables above
failed in the ../de/languages.conf - are the variables new ex version 4.32.5-1?

And a combination of the two variables

noticeprefix:noticevirusinfected

are also new? Where can i change this?

Greets and thanks to the list,

Daniel Wolpert

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 15:29:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Upgrading languages.conf to new releases
Message-ID: <mailman.813.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Did anyone see this?
Any comments?

I was thinking of just putting a link between upgrade_MailScanner_conf and
upgrade_languages_conf and changing the help text for the languages.conf
version.

At 16:06 14/08/2004, you wrote:
>It just occurred to me that upgrade_MailScanner_conf should be able to do
>exactly the same job on languages.conf files.
>
>I just tried it and it worked very nicely. Instead of the usual command,
>try this on a Linux system:
>   cd /etc/MailScanner/reports/en
>   upgrade_MailScanner_conf languages.conf languages.conf.rpmnew >
>languages.new
>
>Then take a look at languages.new and see if it has all the new strings added.
>
>I'm sure the non-Linux users among you know enough of what you're doing to
>be able to work out the corresponding commands on your own systems. Just
>replace "MailScanner.conf" with "languages.conf" and make sure you are in
>the right directory.
>
>Does this work?
>If so, I've just solved the problem of upgrading languages.conf files :-)
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Mon Aug 16 15:45:15 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.814.1137101195.24926.mailscanner@lists.mailscanner.info>

I'm getting the following in mail logs (through logwatch) and it used to be
rare, then a few weeks ago it started happening a few times a week; now it
happens several times every day: someone's "jiggling the doorknob" on my
server. Anybody else seen something like this? Is it some kind of rootkit,
or trojan?

I think I'm going to have to add a rule to drop port 22 packets from
anywhere but a few locations if this continues.


Failed logins from these:
   admin/password from 203.195.183.10: 2 Time(s)
   admin/password from 210.15.112.41: 2 Time(s)
   admin/password from 64.114.43.77: 2 Time(s)
   guest/password from 203.195.183.10: 1 Time(s)
   guest/password from 210.15.112.41: 1 Time(s)
   guest/password from 220.117.203.9: 1 Time(s)
   guest/password from 61.221.196.181: 1 Time(s)
   guest/password from 64.114.43.77: 1 Time(s)
   root/password from 203.195.183.10: 3 Time(s)
   root/password from 210.15.112.41: 3 Time(s)
   root/password from 64.114.43.77: 3 Time(s)
   test/password from 203.195.183.10: 2 Time(s)
   test/password from 210.15.112.41: 2 Time(s)
   test/password from 220.117.203.9: 1 Time(s)
   test/password from 61.221.196.181: 1 Time(s)
   test/password from 64.114.43.77: 2 Time(s)
   user/password from 203.195.183.10: 1 Time(s)
   user/password from 210.15.112.41: 1 Time(s)
   user/password from 64.114.43.77: 1 Time(s)

Illegal users from these:
   guest/none from 203.195.183.10: 1 Time(s)
   guest/none from 210.15.112.41: 1 Time(s)
   guest/none from 220.117.203.9: 1 Time(s)
   guest/none from 61.221.196.181: 1 Time(s)
   guest/none from 64.114.43.77: 1 Time(s)
   guest/password from 203.195.183.10: 1 Time(s)
   guest/password from 210.15.112.41: 1 Time(s)
   guest/password from 220.117.203.9: 1 Time(s)
   guest/password from 61.221.196.181: 1 Time(s)
   guest/password from 64.114.43.77: 1 Time(s)
   test/none from 203.195.183.10: 2 Time(s)
   test/none from 210.15.112.41: 2 Time(s)
   test/none from 220.117.203.9: 1 Time(s)
   test/none from 61.221.196.181: 1 Time(s)
   test/none from 64.114.43.77: 2 Time(s)
   test/password from 203.195.183.10: 2 Time(s)
   test/password from 210.15.112.41: 2 Time(s)
   test/password from 220.117.203.9: 1 Time(s)
   test/password from 61.221.196.181: 1 Time(s)
   test/password from 64.114.43.77: 2 Time(s)
   user/none from 203.195.183.10: 1 Time(s)
   user/none from 210.15.112.41: 1 Time(s)
   user/none from 64.114.43.77: 1 Time(s)
   user/password from 203.195.183.10: 1 Time(s)
   user/password from 210.15.112.41: 1 Time(s)
   user/password from 64.114.43.77: 1 Time(s)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From t.d.lee at DURHAM.AC.UK  Mon Aug 16 15:46:38 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:35 2006
Subject: Older Archive Zip
Message-ID: <mailman.815.1137101195.24926.mailscanner@lists.mailscanner.info>

On Tue, 10 Aug 2004, Robin, Rob wrote:

> Hello all,
>
>         BSDi 4.2 (planned to migrate to linux soon), Perl 5.005_03.
>         For the Archive-Zip1.12, my compilation always failed at
>
> ----
> t/testUpdate........Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> ok
> t/testex............Can't call method "print" on unblessed reference at blib/lib/Archive/Zip.pm line 1862.
> FAILED test 14
>         Failed 1/15 tests, 93.33% okay
> ----

Sorry for the delay in replying (holiday; just back today).

This was an issue I also spotted about a month ago (in my case, Solaris 8
with a similar version of perl).

I raised the issue with the maintainer of Archive::Zip and with Julian,
off-list.  To cut a long story short, the problem is recognised, and the
fix is known and included in a test version (1.12_03) of A::Z.

However, with various holidays, with Julian having been away, and with
this problem being relatively rare, etc., it was agreed to distribute the
new MS version with A::Z 1.12 (and its known, low frequency problem)
rather than risk a largely untested 1.12_03 .

(We have been running the fractionally earlier 1.12_02 in production for
over two weeks on systems totalling around 1million emails/week.)

Now that I'm back, I'll try to chase it up, and report back.

>         I searched online for a while, etc. I couldn't find any work
> arounds that work. Archive Zip 1.12 is pretty new. I know it's 93.33%
> okay, but that just bugged me a bit. Since 1.12 is pretty new (July
> 2004), and their test listing is not as complete as it can be.

Testing requires real folk, such as you and me!  Would you be able to test
a version?

--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jwguderjohn at IEEE.ORG  Mon Aug 16 15:47:52 2004
From: jwguderjohn at IEEE.ORG (Joe Guderjohn)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.816.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,

I've seen this mentioned in previous posts, but I'm not sure if a
"universal" fix
is available.

Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11

Problem: MyDoom-O (and maybe other) viruses occasionally pass through
MailScanner/Sophos undetected.

Analysis: The infected messages that get past MailScanner/Sophos are
"multi-bounces",
i.e., our mail gateway (sendmail) rejects the message because of a
forged "From"
address. The "From" address is a valid mail address within our domain,
but the message
is being sent from outside our domain, which we don't accept.  Then
sending MTA then
sends a "delivery failure notification" to the forged, but valid, "From"
address, which is a
legal "To" address, hence the message is accepted and queued for
inspection. The
"delivery failure"  message is identified as:

Content-Type: multipart/report; report-type=delivery-status;
    boundary="i7AJOF0e032463.1092165855/hp01.vak12ed.edu"

When MailScanner examines the message, it doesn't seem to recognize the
attachment(s)
and therefore does not separate them for virus scanning. If  I manually
separate the
attachments using MIME::Base64 and then scan them using Sophos, the
virus is correctly
identified.

For the most part MailScanner/Sophos correctly detects messages with
infected
attachments - even compressed attachments, but these "multi-bounces"
seem to
create some type of malformed MIME encoding that gets past MailScanner.

Although this isn't a major problem at the moment, I would like to solve
this.

Does anyone know if there is a fix?

Thanks.

Joe
--
Joe Guderjohn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rdvieira at IMPACTOOLS.COM  Mon Aug 16 15:47:53 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:26:35 2006
Subject: RES: Allowing .exe files in .zip files
Message-ID: <mailman.817.1137101195.24926.mailscanner@lists.mailscanner.info>

Thanks Ugo. Your tip was very helpful.


Renata D. Vieira
Support Analyst
Impactools - The wise solution that fits.
www.impactools.com


-----Mensagem original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome de
Ugo Bellavance
Enviada em: segunda-feira, 16 de agosto de 2004 11:12
Para: MAILSCANNER@JISCMAIL.AC.UK
Assunto: Re: Allowing .exe files in .zip files

Renata D. Vieira wrote:

> Hi!
>
> Does anyone know if it is possible to configure MailScanner to allow
> .exe files compressed in .zip files?
> By default, MailScanner denies .exe attachments, but some people here
> need to send and receive this type of attachment and then, they would
> like to send/receive .exe files compressing them in .zip files.


I don't think it is currently possible to do exactly what you want.  You can
tell them to nest the .exe deep enough see "Max Archive Depth" setting.

> I have already tried to configure this option changing the following
> line in the filetype.rules.conf:
>
>     allow   executable      No executables          No programs allowed
> Instead of using "deny", I changed to "allow".
>
>

Bad idea, this will allow all .exe, including those non-zipped.


> Thanks for any help.

>
>
>
> */Renata D. Vieira/*
>
> */Support Analyst/*
>
> */Impactools - The wise solution that fits./*
>
> */www.impactools.com <http://www.impactools.com>/*
>
>
>
> | This message may contain confidential and/or privileged
>
> | information. If you are not the addressee or authorized to
>
> | receive this for the addressee, you must not use, copy,
>
> | disclose or take any action based on this message or any
>
> | information herein. If you have received this message in
>
> | error, please advise the sender immediately by reply e-mail
>
> | and delete this message. Thank you for your cooperation
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From joey at JOESMITH.NET  Mon Aug 16 15:51:36 2004
From: joey at JOESMITH.NET (Joe Smith)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.818.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004, Alex Neuman wrote:

> I'm getting the following in mail logs (through logwatch) and it used to be
> rare, then a few weeks ago it started happening a few times a week; now it
> happens several times every day: someone's "jiggling the doorknob" on my
> server. Anybody else seen something like this? Is it some kind of rootkit,
> or trojan?
>
> I think I'm going to have to add a rule to drop port 22 packets from
> anywhere but a few locations if this continues.

Try moving your SSHd to a higher port, above 2000 or so.  It slows down
and/or eliminates the script kiddies and the "port knockers".  I've been
doing if for years with no problems.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Mon Aug 16 16:02:55 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:35 2006
Subject: Wrong language in report mails
Message-ID: <mailman.819.1137101195.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Daniel Wolpert
> Sent: Monday, August 16, 2004 9:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Wrong language in report mails
>
>
> Hello,
>
> >Ok, I just looked at the German languages.conf
> >(etc/reports/de/languages.conf) and the report variables are not
> translated
> >by default. If you go to the bottom of the languages.conf file
> you will see
> >
> ># Used in Postmaster notices
> >NoticeVirusInfected = Virus Detected
> >NoticeFilenameInfected = Bad Filename Detected
> >NoticeOtherInfected = Other Bad Content Detected
> >NoticePasswordProtected = Password-protected Archive Detected
> >NoticePrefix = The following e-mails were found to have
>
> many many thanks Rick - that was the problem. This five variables above
> failed in the ../de/languages.conf - are the variables new ex
> version 4.32.5-1?
>
> And a combination of the two variables
>
> noticeprefix:noticevirusinfected
>
> are also new? Where can i change this?
>


I believe they are all new as far as a general release goes. The combination
doesn't need fixing if you translate the above strings and place them in
your languages.conf file. The reason for the change is the old behavior
always sent a message to the postmaster stating a virus had been detected,
regardless of the actual problem. Now the notice will state the actual
problem, or problems (if multiple, such as bad content and virus). If you
add the strings listed above you will see how it works. For example once the
strings are properly installed the noticeprefix:noticevirusinfected line
above will read (using English defaults)

        The following e-mails were found to have: Virus Detected

And if there were a virus detection and an unacceptable file name detected
in the same message it would read:

        The following e-mails were found to have: Virus Detected, Bad Filename
Detected

Hopefully I explained that clear enough to answer your question?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Mon Aug 16 16:03:36 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.820.1137101195.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Hello,
>
> I've seen this mentioned in previous posts, but I'm not sure
> if a "universal" fix is available.
>
> Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>
> Problem: MyDoom-O (and maybe other) viruses occasionally pass
> through MailScanner/Sophos undetected.
>
> Analysis: The infected messages that get past
> MailScanner/Sophos are "multi-bounces", i.e., our mail
> gateway (sendmail) rejects the message because of a forged "From"
> address. The "From" address is a valid mail address within
> our domain, but the message is being sent from outside our
> domain, which we don't accept.  Then sending MTA then sends a
> "delivery failure notification" to the forged, but valid, "From"
> address, which is a legal "To" address, hence the message is accepted
> and queued
> for inspection. The "delivery failure"  message is identified as:
>
> Content-Type: multipart/report; report-type=delivery-status;
>     boundary="i7AJOF0e032463.1092165855/hp01.vak12ed.edu"
>
> When MailScanner examines the message, it doesn't seem to recognize
> the attachment(s)
> and therefore does not separate them for virus scanning. If
> I manually separate the attachments using MIME::Base64 and
> then scan them using Sophos, the virus is correctly identified.
>
> For the most part MailScanner/Sophos correctly detects
> messages with infected attachments - even compressed
> attachments, but these "multi-bounces"
> seem to
> create some type of malformed MIME encoding that gets past
> MailScanner.
>
> Although this isn't a major problem at the moment, I would
> like to solve this.
>
> Does anyone know if there is a fix?
>
> Thanks.
>
> Joe

Does the problem still happen with the current version (4.32)?

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From t.d.lee at DURHAM.AC.UK  Mon Aug 16 16:04:28 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:35 2006
Subject: SPF
Message-ID: <mailman.821.1137101195.24926.mailscanner@lists.mailscanner.info>

On Tue, 10 Aug 2004, Alex Neuman wrote:

> Ok... So would a conservative-yet-effective approach be:
>
> 1. Sendmail gets message, checks SPF. If SPF records say mail came from
> unauthorized server, drop the connection. If no SPF available, receive
> e-mail anyways (for now).
> 2. MailScanner gets message from Sendmail, passes message to SpamAssassin
> for processing. SpamAssassin checks SPF records, assign arbitrary negative
> number (say, -2.0) if SPF records check out ok, otherwise process as usual.
>
> Less conservative efforts would range from harsh (assign positive score to
> non-SPF messages when checked by SA) to brutal (drop non-SPF messages at MTA
> level).

There's another subtlety.  SPF is not a pass/fail thing.  There is also
a "softfail" result:

   the message does not meet a domain's strict definition of legitimacy,
   but the domain cannot confidently state that the message is a forgery.
   MTA's SHOULD accept the message but MAY subject it to a higher
   transaction cost, deeper scrutiny, or an unfavourable score.

(The complete SPF result set is: None, Neutral, Pass, Fail, Softfail.)

It goes on (section "Phased Rollout") to say:

   A domain might move through these phases by changing its default
   response type from "neutral" to "softfail" to "fail".
   [...]
   When a sufficient majority of its users are SPF-conformant, a domain
   SHOULD change its default to "fail".   [...]


Hope that helps.


--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Mon Aug 16 16:11:08 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.822.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex Neuman wrote:

> I'm getting the following in mail logs (through logwatch) and it used to be
> rare, then a few weeks ago it started happening a few times a week; now it
> happens several times every day: someone's "jiggling the doorknob" on my
> server. Anybody else seen something like this? Is it some kind of rootkit,
> or trojan?
>
> I think I'm going to have to add a rule to drop port 22 packets from
> anywhere but a few locations if this continues.

Similar scenario on my home server.  I don't have ssh open at the office.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 16:21:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.823.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:47 16/08/2004, you wrote:
>Hello,
>
>I've seen this mentioned in previous posts, but I'm not sure if a
>"universal" fix
>is available.
>
>Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>
>Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>MailScanner/Sophos undetected.
>
>Analysis: The infected messages that get past MailScanner/Sophos are
>"multi-bounces",

Can you send me the URL of a copy of one of these messages please.
The last one I saw had corrupted headers, which stopped MailScanner finding
the message buried in the body text. It does try to find all these
"included" messages, but is apparently missing this one for some reason.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From augustin.siaens at AQUADEV.ORG  Mon Aug 16 16:21:54 2004
From: augustin.siaens at AQUADEV.ORG (augustin siaens)
Date: Thu Jan 12 21:26:35 2006
Subject: MailScanner SpamAssassin issue
Message-ID: <mailman.824.1137101195.24926.mailscanner@lists.mailscanner.info>

Le lun 16/08/2004 à 16:06, Ugo Bellavance a écrit :
> augustin siaens wrote:
> 
> > Dear all,
> >
> > I face the following problem: SpamAssassin works fairly well in command
> > mode (when I do debug with -t -D and a spam.txt) but that it fails to
> > scan something when using in the system with MailScanner. I've tested my
> > MailScanner config and I didn't find anything weird.
> >
> > here's a report I get when using the command line and the debug mode.
> >
> > The same e-mail pass trough without any problem if I use the e-mail
> > system. No header modification.
> >
> > Do you have any idea of the origin of the problem?
> 
> You have Use Spamassassin = yes?
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Yes, it is ok on that point. Apparently SpamAssassin may be working after all but the scores are too low (even with a 5.0 treshold)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at nkpanama.com  Mon Aug 16 16:23:41 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.825.1137101195.24926.mailscanner@lists.mailscanner.info>

Good point - I'll try it on an obscure port...

Thanks,

Alex

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Joe Smith
Sent: Monday, August 16, 2004 9:52 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Way OT: SSH worries

On Mon, 16 Aug 2004, Alex Neuman wrote:

> I'm getting the following in mail logs (through logwatch) and it used to
be
> rare, then a few weeks ago it started happening a few times a week; now it
> happens several times every day: someone's "jiggling the doorknob" on my
> server. Anybody else seen something like this? Is it some kind of rootkit,
> or trojan?
>
> I think I'm going to have to add a rule to drop port 22 packets from
> anywhere but a few locations if this continues.

Try moving your SSHd to a higher port, above 2000 or so.  It slows down
and/or eliminates the script kiddies and the "port knockers".  I've been
doing if for years with no problems.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Mon Aug 16 16:28:19 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.826.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Seems to be a common occurrance at the moment..


http://seclists.org/lists/incidents/2004/Jul/0065.html

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ugo Bellavance wrote:
> Alex Neuman wrote:
>
>> I'm getting the following in mail logs (through logwatch) and it used
>> to be
>> rare, then a few weeks ago it started happening a few times a week;
>> now it
>> happens several times every day: someone's "jiggling the doorknob" on my
>> server. Anybody else seen something like this? Is it some kind of
>> rootkit,
>> or trojan?
>>
>> I think I'm going to have to add a rule to drop port 22 packets from
>> anywhere but a few locations if this continues.
>
>
> Similar scenario on my home server.  I don't have ssh open at the office.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Mon Aug 16 16:29:15 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:35 2006
Subject: Upgrading languages.conf to new releases
Message-ID: <mailman.827.1137101195.24926.mailscanner@lists.mailscanner.info>

Hi!

> Did anyone see this?
> Any comments?
>
> I was thinking of just putting a link between upgrade_MailScanner_conf and
> upgrade_languages_conf and changing the help text for the languages.conf
> version.

The only problem is that you have to do this for all language dirs, even
for custom ones a client may add (like we have for some customers)

Besides that it seems to work :)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 16:31:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: MailScanner SpamAssassin issue
Message-ID: <mailman.828.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:21 16/08/2004, you wrote:
>Yes, it is ok on that point. Apparently SpamAssassin may be working after
>all but the scores are too low (even with a 5.0 treshold)

Note that if MailScanner does not think it is spam, it won't add a spam
report header at all. If you want to always get a SpamAssassin report, set
Always Include SpamAssassin Report = yes
in your MailScanner.conf.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chrisk at OS-IT.NET  Mon Aug 16 16:36:32 2004
From: chrisk at OS-IT.NET (Chris Kissinger)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.829.1137101195.24926.mailscanner@lists.mailscanner.info>

> I'm getting the following in mail logs (through logwatch) and
> it used to be
> rare, then a few weeks ago it started happening a few times a
> week; now it
> happens several times every day: someone's "jiggling the
> doorknob" on my
> server. Anybody else seen something like this? Is it some
> kind of rootkit,
> or trojan?

This discussion seems to be going around on a number of lists. Apparently
it's getting more and more widespread. Here's some info:

http://isc.sans.org/diary.php?date=2004-07-28
http://isc.sans.org/diary.php?date=2004-07-23


Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 16:50:41 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Upgrading languages.conf to new releases
Message-ID: <mailman.830.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:29 16/08/2004, you wrote:
>Hi!
>
> > Did anyone see this?
> > Any comments?
> >
> > I was thinking of just putting a link between upgrade_MailScanner_conf and
> > upgrade_languages_conf and changing the help text for the languages.conf
> > version.
>
>The only problem is that you have to do this for all language dirs, even
>for custom ones a client may add (like we have for some customers)

Most people only use 1 (or occasionally 2) languages.

>Besides that it seems to work :)

Cool.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Mon Aug 16 16:54:51 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:35 2006
Subject: reject msg based on rbl list.
Message-ID: <mailman.831.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
SatyaDev Sharma wrote:

> I m using mailscanner+spamassassin+postfix. How I can reject mails like
> below message so sender can know where he is listed in rbl-lists.
> Currently my mail server except all mails and then fitter by MS+SA and
> add high score,  and then perform action (deliver or delete).
>
> so how I can configure mail server which reject mails with message based
> on rbl-lists ?

I think it is a setting in your MTA.  Maybe see the doc for postfix.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Mon Aug 16 16:58:44 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:35 2006
Subject: MailScanner SpamAssassin issue
Message-ID: <mailman.832.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
augustin siaens wrote:

> Le lun 16/08/2004 à 16:06, Ugo Bellavance a écrit :
> 
>>augustin siaens wrote:
>>
>>
>>>Dear all,
>>>
>>>I face the following problem: SpamAssassin works fairly well in command
>>>mode (when I do debug with -t -D and a spam.txt) but that it fails to
>>>scan something when using in the system with MailScanner. I've tested my
>>>MailScanner config and I didn't find anything weird.
>>>
>>>here's a report I get when using the command line and the debug mode.
>>>
>>>The same e-mail pass trough without any problem if I use the e-mail
>>>system. No header modification.
>>>
>>>Do you have any idea of the origin of the problem?
>>
>>You have Use Spamassassin = yes?
> 
> Yes, it is ok on that point. Apparently SpamAssassin may be working after all but the scores are too low (even with a 5.0 treshold)

This probably mainly because bayes is not used whey you run SA from 
Mailscanner.  Once it will have seen 200 hams and 200 spams it will 
start working and you'll see good scores.

You can try the bayes starters DB at www.fsl.com/support.

And maybe see the optimization section of the Most Asked Questions page.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From jwguderjohn at IEEE.ORG  Mon Aug 16 17:00:45 2004
From: jwguderjohn at IEEE.ORG (Joe Guderjohn)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.833.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 15:47 16/08/2004, you wrote:
>
>> Hello,
>>
>> I've seen this mentioned in previous posts, but I'm not sure if a
>> "universal" fix
>> is available.
>>
>> Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>>
>> Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>> MailScanner/Sophos undetected.
>>
>> Analysis: The infected messages that get past MailScanner/Sophos are
>> "multi-bounces",
>
>
> Can you send me the URL of a copy of one of these messages please.
> The last one I saw had corrupted headers, which stopped MailScanner
> finding
> the message buried in the body text. It does try to find all these
> "included" messages, but is apparently missing this one for some reason.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Julian,

Thanks for the prompt (as usual) response.

Can I email you the message instead of supplying a URL?

I can't (don't know how) to produce a password protected zip file
on the Linux box where I have the message file, and I can't move
it to my Windows desktop because NAV immediately quarantines
it.

I can gzip it and uuencode it - I think that will pass through most
virus scanners, or I can send you the message with the virus
'snipped' out. Will either of these work for you.

Thanks.

Joe
--
Joe Guderjohn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 16 17:08:05 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.834.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:00 16/08/2004, you wrote:
>Julian Field wrote:
>
>>At 15:47 16/08/2004, you wrote:
>>
>>>Hello,
>>>
>>>I've seen this mentioned in previous posts, but I'm not sure if a
>>>"universal" fix
>>>is available.
>>>
>>>Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>>>
>>>Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>>>MailScanner/Sophos undetected.
>>>
>>>Analysis: The infected messages that get past MailScanner/Sophos are
>>>"multi-bounces",
>>
>>
>>Can you send me the URL of a copy of one of these messages please.
>>The last one I saw had corrupted headers, which stopped MailScanner
>>finding
>>the message buried in the body text. It does try to find all these
>>"included" messages, but is apparently missing this one for some reason.
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Julian,
>
>Thanks for the prompt (as usual) response.
>
>Can I email you the message instead of supplying a URL?

Well, yes, but what happens if my MailScanner catches it? I automatically
bin virus warnings, so it could be a bit hard to track down your message.

>I can't (don't know how) to produce a password protected zip file
>on the Linux box where I have the message file, and I can't move
>it to my Windows desktop because NAV immediately quarantines
>it.

And I reject password-protected zip files anyway.

>I can gzip it and uuencode it - I think that will pass through most
>virus scanners, or I can send you the message with the virus
>'snipped' out. Will either of these work for you.

uuencoding won't help, and gzip will get undone by Clam at least. Try
replacing the actual virus data with some other harmless text.
And as soon as you have sent it to me, send me another message telling me
you just sent it, so I know to go and hunt for it :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mark at TIPPINGMAR.COM  Mon Aug 16 18:10:35 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:35 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.835.1137101195.24926.mailscanner@lists.mailscanner.info>

On 16 Aug 2004 at 10:55, Renata D. Vieira wrote:


> Does anyone know if it is possible to configure MailScanner to allow .exe files compressed in .zip
> files?

You can configure MailScanner so it does not enforce filename checks on files that
are compresed in zipfiles.

# The maximum depth to which zip archives will be unpacked, to allow for
# checking filenames and filetypes within zip archives.
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
Maximum Archive Depth = 0

--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jwguderjohn at IEEE.ORG  Mon Aug 16 19:02:17 2004
From: jwguderjohn at IEEE.ORG (Joe Guderjohn)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.836.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 17:00 16/08/2004, you wrote:
>
>> Julian Field wrote:
>>
>>> At 15:47 16/08/2004, you wrote:
>>>
>>>> Hello,
>>>>
>>>> I've seen this mentioned in previous posts, but I'm not sure if a
>>>> "universal" fix
>>>> is available.
>>>>
>>>> Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>>>>
>>>> Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>>>> MailScanner/Sophos undetected.
>>>>
>>>> Analysis: The infected messages that get past MailScanner/Sophos are
>>>> "multi-bounces",
>>>
>>>
>>>
>>> Can you send me the URL of a copy of one of these messages please.
>>> The last one I saw had corrupted headers, which stopped MailScanner
>>> finding
>>> the message buried in the body text. It does try to find all these
>>> "included" messages, but is apparently missing this one for some
>>> reason.
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>> Julian,
>>
>> Thanks for the prompt (as usual) response.
>>
>> Can I email you the message instead of supplying a URL?
>
>
> Well, yes, but what happens if my MailScanner catches it? I automatically
> bin virus warnings, so it could be a bit hard to track down your message.
>
>> I can't (don't know how) to produce a password protected zip file
>> on the Linux box where I have the message file, and I can't move
>> it to my Windows desktop because NAV immediately quarantines
>> it.
>
>
> And I reject password-protected zip files anyway.
>
>> I can gzip it and uuencode it - I think that will pass through most
>> virus scanners, or I can send you the message with the virus
>> 'snipped' out. Will either of these work for you.
>
>
> uuencoding won't help, and gzip will get undone by Clam at least. Try
> replacing the actual virus data with some other harmless text.
> And as soon as you have sent it to me, send me another message telling me
> you just sent it, so I know to go and hunt for it :-)
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Julian,

Below is an example of the messages that "get through".

###########################################################################

Return-path: <>
Received: from hp01.vak12ed.edu [141.104.150.251]
    by mail.vak12ed.edu; Thu, 12 Aug 2004 08:53:26 -0400
Received: from pen3.pen.k12.va.us (pen3.pen.k12.va.us [141.104.22.206])
    by hp01.vak12ed.edu (8.12.11/8.11.6) with ESMTP id i7CCrIoG002081
    for <postmaster@mail.vak12ed.edu>; Thu, 12 Aug 2004 08:53:26 -0400
Received: from forward1.ss.herndon.psi.net (forward1.ss.herndon.psi.net
[38.200.3.125])
    by pen3.pen.k12.va.us (8.12.11/8.12.11) with ESMTP id i7CCpSCG008758
    for <postmaster@mail.vak12ed.edu>; Thu, 12 Aug 2004 08:51:28 -0400
Received: by forward1.ss.herndon.psi.net (Postfix)
    id D5CB8C924; Thu, 12 Aug 2004 08:49:23 -0400 (EDT)
Date: Thu, 12 Aug 2004 08:49:23 -0400 (EDT)
From: MAILER-DAEMON@forward1.ss.herndon.psi.net (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: postmaster@mail.vak12ed.edu
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="955BBCACB.1092314963/forward1.ss.herndon.psi.net"
Message-Id: <20040812124923.D5CB8C924@forward1.ss.herndon.psi.net>
X-VDOE-MailScanner-Information: Please contact VDOE for details
X-VDOE-MailScanner: Found to be clean

This is a MIME-encapsulated message.

--955BBCACB.1092314963/forward1.ss.herndon.psi.net
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host forward1.ss.herndon.psi.net.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

            The Postfix program

<aprince@mail.vak12ed.edu>: host pen3.pen.k12.va.us[141.104.22.206]
said: 571
    5.0.0 Forged address 08-11-2004,,,wce (in reply to MAIL FROM command)

--955BBCACB.1092314963/forward1.ss.herndon.psi.net
Content-Description: Delivery error report
Content-Type: message/delivery-status

Reporting-MTA: dns; forward1.ss.herndon.psi.net
Arrival-Date: Thu, 12 Aug 2004 08:48:15 -0400 (EDT)

Final-Recipient: rfc822; aprince@mail.vak12ed.edu
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host pen3.pen.k12.va.us[141.104.22.206]
said: 571
    5.0.0 Forged address 08-11-2004,,,wce (in reply to MAIL FROM command)

--955BBCACB.1092314963/forward1.ss.herndon.psi.net
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: from spool1.ss.herndon.psi.net
(spool1-eth1.backend.ss.herndon.psi.net [10.100.1.100])
    by forward1.ss.herndon.psi.net (Postfix) with ESMTP id 955BBCACB
    for <aprince@mail.vak12ed.edu>; Thu, 12 Aug 2004 08:48:15 -0400 (EDT)
Received: from dpvc-68-163-71-216.res.east.verizon.net ([68.163.71.216]
helo=mail.vak12ed.edu)
    by spool1.ss.herndon.psi.net with esmtp (Exim 3.36 #1)
    id 1BvFAW-00067o-00
    for aprince@mail.vak12ed.edu; Thu, 12 Aug 2004 08:58:56 -0400
From: "Returned mail" <postmaster@mail.vak12ed.edu>
To: aprince@mail.vak12ed.edu
Subject: Aprince@mail.vak12ed.edu
Date: Thu, 12 Aug 2004 08:49:59 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0003_2463007D.E4BA8970"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <E1BvFAW-00067o-00@spool1.ss.herndon.psi.net>

This is a multi-part message in MIME format.

------=_NextPart_000_0003_2463007D.E4BA8970
Content-Type: text/plain;
    charset=us-ascii
Content-Transfer-Encoding: 7bit

<<< Some endcoded info >>>

------=_NextPart_000_0003_2463007D.E4BA8970
Content-Type: application/octet-stream;
    name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
    filename="message.zip"

<<< Zipped Virus >>>


------=_NextPart_000_0003_2463007D.E4BA8970--



--955BBCACB.1092314963/forward1.ss.herndon.psi.net--

############################################################################

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jwguderjohn at IEEE.ORG  Mon Aug 16 19:03:29 2004
From: jwguderjohn at IEEE.ORG (Joe Guderjohn)
Date: Thu Jan 12 21:26:35 2006
Subject: Viruses Passing Through MailScanner/Sophos
Message-ID: <mailman.837.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 17:00 16/08/2004, you wrote:
>
>> Julian Field wrote:
>>
>>> At 15:47 16/08/2004, you wrote:
>>>
>>>> Hello,
>>>>
>>>> I've seen this mentioned in previous posts, but I'm not sure if a
>>>> "universal" fix
>>>> is available.
>>>>
>>>> Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>>>>
>>>> Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>>>> MailScanner/Sophos undetected.
>>>>
>>>> Analysis: The infected messages that get past MailScanner/Sophos are
>>>> "multi-bounces",
>>>
>>>
>>>
>>> Can you send me the URL of a copy of one of these messages please.
>>> The last one I saw had corrupted headers, which stopped MailScanner
>>> finding
>>> the message buried in the body text. It does try to find all these
>>> "included" messages, but is apparently missing this one for some
>>> reason.
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>> Julian,
>>
>> Thanks for the prompt (as usual) response.
>>
>> Can I email you the message instead of supplying a URL?
>
>
> Well, yes, but what happens if my MailScanner catches it? I automatically
> bin virus warnings, so it could be a bit hard to track down your message.
>
>> I can't (don't know how) to produce a password protected zip file
>> on the Linux box where I have the message file, and I can't move
>> it to my Windows desktop because NAV immediately quarantines
>> it.
>
>
> And I reject password-protected zip files anyway.
>
>> I can gzip it and uuencode it - I think that will pass through most
>> virus scanners, or I can send you the message with the virus
>> 'snipped' out. Will either of these work for you.
>
>
> uuencoding won't help, and gzip will get undone by Clam at least. Try
> replacing the actual virus data with some other harmless text.
> And as soon as you have sent it to me, send me another message telling me
> you just sent it, so I know to go and hunt for it :-)
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


Julian,

I just sent you an example of a message that passed through MailScanner.

Thanks for your time and attention.

Regards,

Joe
--
Joe Guderjohn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Mon Aug 16 20:23:53 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.838.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-16 at 15:51, Joe Smith wrote:
> Try moving your SSHd to a higher port, above 2000 or so.  It slows down
> and/or eliminates the script kiddies and the "port knockers".  I've been
> doing if for years with no problems.
>
Or even better (if only a few people have an ssh account) enforce key
based authentication only, (carry your key on a usb keydrive or
similar...).




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From spamtrap71892316634 at ANIME.NET  Mon Aug 16 20:31:15 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.839.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004, Chris Kissinger wrote:
> This discussion seems to be going around on a number of lists. Apparently
> it's getting more and more widespread. Here's some info:
> http://isc.sans.org/diary.php?date=2004-07-28
> http://isc.sans.org/diary.php?date=2004-07-23

I am seeing literally tens of millions of bruteforce ssh attacks. Spammers
must be getting desperate.

Time to move ssh to another port and firewall the hell out of it.

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From spamtrap71892316634 at ANIME.NET  Mon Aug 16 20:42:26 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.840.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004, Kevin Spicer wrote:
> Or even better (if only a few people have an ssh account) enforce key
> based authentication only, (carry your key on a usb keydrive or
> similar...).

wont save you from the next 0day root exploit though.

moving to obscure ports and/or firewalling the hell out of ssh would be a
better answer.

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Mon Aug 16 20:50:39 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:35 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.841.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter:

This is an interesting solution...
You're running another copy of sendmail that looks at the outbound
queue, and has the ETRN feature enabled.

The "sendmail-out" instance of sendmail could be configured to do this too.
It could listen for SMTP connections, either just on a non-standard
port, or on a different IP like you're doing now. (assuming that another
IP is available/configurable on that box)

This solves everyones ETRN problems, no?

Note:
Lately, when I reply to messages on this list, I get inconsistent "to:"
information... Sometime I get the address of the list, sometimes I get
the address of the sender. Weird...

-Bill

Peter Peters wrote:

>On Sun, 15 Aug 2004 15:58:53 +1000, you wrote:
>
>
>
>>For my backup mailserver, I use mailertable and dsmtp
>>configured in that with the primary server making ETRN
>>connections to the backup every hour (I'm using the
>>sendmail etrn.pl script from the contrib directory to
>>perform this step).
>>
>>
>
>I know a system is using ETRN and MailScanner without problems. I
>checked the configuration and this is what happens:
>
>On that system the "normal" sendmail(s) don't do ETRN. There is a host
>etrn.provider (different name, different IP but same server) with a
>seperate sendmail configuration which allows ETRN and which reads from a
>different queue directory. I haven't yet found how messages are put in
>that queue but I know it happens after MailScanner has scanned incoming
>messages.
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Mon Aug 16 21:26:06 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.842.1137101195.24926.mailscanner@lists.mailscanner.info>

Reminds me of those "less filling vs. tastes great" deals. Why not both?
I'm seriously considering:

1. Only having one account authorized to log in using SSH,
2. On an obscure port
3. Using keys only (no passwords)
4. From a specific number of locations with the same exact requirements.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dan Hollis
Sent: Monday, August 16, 2004 2:42 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Way OT: SSH worries

On Mon, 16 Aug 2004, Kevin Spicer wrote:
> Or even better (if only a few people have an ssh account) enforce key
> based authentication only, (carry your key on a usb keydrive or
> similar...).

wont save you from the next 0day root exploit though.

moving to obscure ports and/or firewalling the hell out of ssh would be a
better answer.

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mhw at WITTSEND.COM  Mon Aug 16 22:04:16 2004
From: mhw at WITTSEND.COM (Michael H. Warfield)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.843.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, Aug 16, 2004 at 03:26:06PM -0500, Alex Neuman wrote:
> Reminds me of those "less filling vs. tastes great" deals. Why not both?
> I'm seriously considering:

> 1. Only having one account authorized to log in using SSH,

        Marginal.  Definitely prohibit root, though.

> 2. On an obscure port

        Worthless....  Being scanned for because the script kiddies
routinely do this for backdoors.  Nothing that is one chance in 65,536
qualifies as "obscure".

> 3. Using keys only (no passwords)

        AGREED!  Also, if you are RRREEEAAALLLYYY paranoid and a BOFH,
S/Key / OPIE.  A pain but worth it under the right circumstances.

> 4. From a specific number of locations with the same exact requirements.

        5) Restrict ssh to IPv6.

        Each IPv4 address has an entire IPv6 network assigned to it (6to4).
IPv6 is unscanable and (in the case of 6to4 - which is 6over4 with
autorouting IPv4 transport addresses) may be restricted on both the IPv4
and IPv6 layer.

        Why have ssh on IPv4 at all when you can armour it behind
a network with 65536 subnets of 16 billion billion host addresses each
and reach it from anywhere IPv4 is available (and from some places where
IPv4 isn't available or has failed - been there done that) and you
have to know that exact address or you get nothing!

        I even have servers that change their ssh access address every
15 minutes.  They update DNS through keyed DNS updates (TSIG) and the
deprecated addresses expired after two hours (TTL in DNS of only 1 hour)
if they are no longer in use.  To scan a single IPv6 subnet requires
(literally - I'm not joking) 16 billion billion probes and trivial EUI
addresses (::1) can be blocked by ip6tables for ICMP so it can't be
"error probed" either.

        You need protocol 41 (ipv6) [6over4 - IPv6 over IPv4] routable
or set up your own tunnels but I've found this to be trivial to do and
impossible to prevent.  First thing I do, where ever I go, even driving
down the road with 3G cellular, is to fire up my IPv 6 connectivity and
it just doesn't go down...  Even when the technotards running some of
these service providers thing their cute by resetting persistent connections
(Spring and PPP through their 3G cellular service) it doesn't even phase
any of the IPv6 traffic (since they're stone cold dumb as a rock when
it comes to IPv6).

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Dan Hollis
> Sent: Monday, August 16, 2004 2:42 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Way OT: SSH worries
> 
> On Mon, 16 Aug 2004, Kevin Spicer wrote:
> > Or even better (if only a few people have an ssh account) enforce key
> > based authentication only, (carry your key on a usb keydrive or
> > similar...).

> wont save you from the next 0day root exploit though.

> moving to obscure ports and/or firewalling the hell out of ssh would be a
> better answer.

        Moving to IPv6 is even better.

        Obscure ports only improves the situation by * 65,536.  Moving
to IPv6 improves the situation by * 65,536 * 4 billion * 4 billion.
Much better odds.

> -Dan

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  316bytes. ]
    [ Unable to print this part. ]


From cparker at SWATGEAR.COM  Mon Aug 16 23:46:36 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.844.1137101195.24926.mailscanner@lists.mailscanner.info>

Michael H. Warfield <mailto:mhw@WITTSEND.COM>
    on Monday, August 16, 2004 2:04 PM said:

>         5) Restrict ssh to IPv6.

[snip]

that's a good read and all, but what about the rest of us? :P



chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Tue Aug 17 01:15:58 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.845.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I wrote a script to turn sshd on+off that gets called by inetd.
I telnet to a specific port, type in a "pass-phrase", and my sshd starts
(on a non-standard port, only allowing connections from specific subnets)
Then I run ssh.
After I exit the ssh session, I telnet to that same "specific port", and
type in the turn-off-ssh "pass-phrase", and sshd shuts down again.

Since sshd is only needed to initiate an ssh session, I could even turn
on the sshd for the brief moment that it takes for me to start my ssh shell.
This was pretty easy to set up.
Now, unless someone finds a TELNET vulnerability, I'm pretty safe.

I've always been paranoid about ssh, because I assumed it inherited
"worst-practices" from rsh, and I never found a how-to on configuring
sshd to ignore all the per-user config files that rsh supported.

-Bill

Alex Neuman wrote:

>Reminds me of those "less filling vs. tastes great" deals. Why not both?
>I'm seriously considering:
>
>1. Only having one account authorized to log in using SSH,
>2. On an obscure port
>3. Using keys only (no passwords)
>4. From a specific number of locations with the same exact requirements.
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Tue Aug 17 03:48:50 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:35 2006
Subject: spam: Re: Way OT: SSH worries
Message-ID: <mailman.846.1137101195.24926.mailscanner@lists.mailscanner.info>

Heh heh ;-)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Chris W. Parker
Sent: Monday, August 16, 2004 6:47 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: spam: Re: Way OT: SSH worries

Michael H. Warfield <mailto:mhw@WITTSEND.COM>
    on Monday, August 16, 2004 2:04 PM said:

>         5) Restrict ssh to IPv6.

[snip]

that's a good read and all, but what about the rest of us? :P



chris.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Tue Aug 17 05:25:41 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.847.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Aug 16, 2004, at 5:15 PM, William Burns wrote:

> I wrote a script to turn sshd on+off that gets called by inetd.
> I telnet to a specific port, type in a "pass-phrase", and my sshd
> starts
>
> Now, unless someone finds a TELNET vulnerability, I'm pretty safe.
>

You mean like breaking into your ISP's routers and sniffing your
traffic, so that I see your pass-phrase going across the 'net in the
clear?

Probably better to use stunnel on the server side, and open-ssl's
"sclient" feature (or ssl-telnet) on the client side, so that your
pass-phrase for starting/stopping SSL is at least protected a little.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Tue Aug 17 06:15:12 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.848.1137101195.24926.mailscanner@lists.mailscanner.info>

I have to admit I'm stone cold dumb as to IPv6 as well. Can you recommend a
good place to start reading up?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Michael H. Warfield
Sent: Monday, August 16, 2004 4:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Way OT: SSH worries

On Mon, Aug 16, 2004 at 03:26:06PM -0500, Alex Neuman wrote:
> Reminds me of those "less filling vs. tastes great" deals. Why not both?
> I'm seriously considering:

> 1. Only having one account authorized to log in using SSH,

        Marginal.  Definitely prohibit root, though.

> 2. On an obscure port

        Worthless....  Being scanned for because the script kiddies
routinely do this for backdoors.  Nothing that is one chance in 65,536
qualifies as "obscure".

> 3. Using keys only (no passwords)

        AGREED!  Also, if you are RRREEEAAALLLYYY paranoid and a BOFH,
S/Key / OPIE.  A pain but worth it under the right circumstances.

> 4. From a specific number of locations with the same exact requirements.

        5) Restrict ssh to IPv6.

        Each IPv4 address has an entire IPv6 network assigned to it (6to4).
IPv6 is unscanable and (in the case of 6to4 - which is 6over4 with
autorouting IPv4 transport addresses) may be restricted on both the IPv4
and IPv6 layer.

        Why have ssh on IPv4 at all when you can armour it behind
a network with 65536 subnets of 16 billion billion host addresses each
and reach it from anywhere IPv4 is available (and from some places where
IPv4 isn't available or has failed - been there done that) and you
have to know that exact address or you get nothing!

        I even have servers that change their ssh access address every
15 minutes.  They update DNS through keyed DNS updates (TSIG) and the
deprecated addresses expired after two hours (TTL in DNS of only 1 hour)
if they are no longer in use.  To scan a single IPv6 subnet requires
(literally - I'm not joking) 16 billion billion probes and trivial EUI
addresses (::1) can be blocked by ip6tables for ICMP so it can't be
"error probed" either.

        You need protocol 41 (ipv6) [6over4 - IPv6 over IPv4] routable
or set up your own tunnels but I've found this to be trivial to do and
impossible to prevent.  First thing I do, where ever I go, even driving
down the road with 3G cellular, is to fire up my IPv 6 connectivity and
it just doesn't go down...  Even when the technotards running some of
these service providers thing their cute by resetting persistent connections
(Spring and PPP through their 3G cellular service) it doesn't even phase
any of the IPv6 traffic (since they're stone cold dumb as a rock when
it comes to IPv6).

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf
> Of Dan Hollis
> Sent: Monday, August 16, 2004 2:42 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Way OT: SSH worries
>
> On Mon, 16 Aug 2004, Kevin Spicer wrote:
> > Or even better (if only a few people have an ssh account) enforce key
> > based authentication only, (carry your key on a usb keydrive or
> > similar...).

> wont save you from the next 0day root exploit though.

> moving to obscure ports and/or firewalling the hell out of ssh would be a
> better answer.

        Moving to IPv6 is even better.

        Obscure ports only improves the situation by * 65,536.  Moving
to IPv6 improves the situation by * 65,536 * 4 billion * 4 billion.
Much better odds.

> -Dan

        Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Tue Aug 17 07:17:55 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.849.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John:

How common is it to have a router compromised in such a way that traffic
can be sniffed?
I'm not saying that depending on clear-text anything is good for
security, but I haven't heard of this router "exploit" method being a
concern.

Besides, I'm only using these "pass-phrases" as an additional layer of
defense.
After sshd gets turned on, an attacker would still have to break
in/through the non-stndard ssh port.

Re: using stunnel, there are ssl related exploits, no?
It seems to me that using stunnel to protect sshd from a *real* exploit
is kind of defeating the intended purpose.
Wouldn't stunnel be just as vulnerable?

-Bill

John Rudd wrote:

> On Aug 16, 2004, at 5:15 PM, William Burns wrote:
>
>> I wrote a script to turn sshd on+off that gets called by inetd.
>> I telnet to a specific port, type in a "pass-phrase", and my sshd
>> starts
>>
>> Now, unless someone finds a TELNET vulnerability, I'm pretty safe.
>>
>
> You mean like breaking into your ISP's routers and sniffing your
> traffic, so that I see your pass-phrase going across the 'net in the
> clear?
>
> Probably better to use stunnel on the server side, and open-ssl's
> "sclient" feature (or ssl-telnet) on the client side, so that your
> pass-phrase for starting/stopping SSL is at least protected a little.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Tue Aug 17 08:20:34 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.850.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Aug 16, 2004, at 11:17 PM, William Burns wrote:

> Re: using stunnel, there are ssl related exploits, no?
> It seems to me that using stunnel to protect sshd from a *real* exploit
> is kind of defeating the intended purpose.
> Wouldn't stunnel be just as vulnerable?

Stunnel would be in the same degree of vulnerability as sshd, yes (and,
to be clear, it's all "degrees of security", nothing is perfect).  But
stunnel would be a better level of security than telnet, which is the
right comparison to make.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From p.g.m.peters at utwente.nl  Tue Aug 17 08:37:14 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:35 2006
Subject: ETRN support in MailScanner required
Message-ID: <mailman.851.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004 15:50:39 -0400, you wrote:

>Lately, when I reply to messages on this list, I get inconsistent "to:"
>information... Sometime I get the address of the list, sometimes I get
>the address of the sender. Weird...

This happens it the original sender has his own reply-to: header. The
mailinglist software doesn't do anything with it. So it will stay in the
final message to the members.

I have been thinking about removing mine, but because of some strange
internal (Exchange) mailrouting I had to do this to get all of my
messages to the right place. I'll have a look whether I can change this.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Tue Aug 17 08:43:18 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:35 2006
Subject: SPF
Message-ID: <mailman.852.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004 16:04:28 +0100, you wrote:

>It goes on (section "Phased Rollout") to say:
>
>   A domain might move through these phases by changing its default
>   response type from "neutral" to "softfail" to "fail".
>   [...]
>   When a sufficient majority of its users are SPF-conformant, a domain
>   SHOULD change its default to "fail".   [...]
>
>Hope that helps.

Helps me to don't use SPF. What is a "sufficient majority" of my users.
People will argue that 90% of our students is a sufficient majority. For
staff people argue that 95% is sufficient. But I have to be sure that
within those 95% all master teachers are included. When I happen to
"discredit" one of those by claiming the IP address from which he sends
e-mail isn't allowed to send e-mail containing our domain I will be in
trouble.

I have had such a problem after blocking dynamic addresses in Brazil.
Everything was perfect untill one person happened to be there for a
while and needed to just send e-mail. And because his IP addresses where
dynamic I had to unblock the whole range.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 17 11:23:49 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:35 2006
Subject: Why??? Help Me
Message-ID: <mailman.853.1137101195.24926.mailscanner@lists.mailscanner.info>

This was discussed yesterday. You probably have set scanning of archives to
a value > 0


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Tue Aug 17 11:32:29 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:35 2006
Subject: Stop autolearning of bayes
Message-ID: <mailman.854.1137101195.24926.mailscanner@lists.mailscanner.info>

Hi
I know Ive seen how to do this and done it before but Im stuck, just cant
find it. Searched the archives and locked everyplace I can think of but I
cant find it. Might have something to do that either mailscanner4.32-5
changed or spamassassin 3.0 rc1 always use it.

I need to take autolearning of untill I get the ham/spam config finished in
exchange

Kind regards

/Anders

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at WEBGUSTO.COM  Tue Aug 17 11:44:06 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:35 2006
Subject: Ruleset for required score
Message-ID: <mailman.855.1137101195.24926.mailscanner@lists.mailscanner.info>

I may have missed it, but didn't see syntax for a ruleset for Required
Spamassassin Score (and high scoring spam).

I'm assuming it is something like:

To:     spam_hater@domain.com   3.0
To:     spam_lover@domain.com   12.0
To:     *otherdomain.com                2.5
To:     default                 5.0

Can anyone confirm or correct this?

Thanks - Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 17 12:00:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:35 2006
Subject: Ruleset for required score
Message-ID: <mailman.856.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
That should work fine. The ruleset syntax is very simple and there are some
examples in /etc/MailScanner/rules/EXAMPLES and README.

At 11:44 17/08/2004, you wrote:
>I may have missed it, but didn't see syntax for a ruleset for Required
>Spamassassin Score (and high scoring spam).
>
>I'm assuming it is something like:
>
>To:     spam_hater@domain.com   3.0
>To:     spam_lover@domain.com   12.0
>To:     *otherdomain.com                2.5
>To:     default                 5.0
>
>Can anyone confirm or correct this?
>
>Thanks - Bill
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From admin at WEBGUSTO.COM  Tue Aug 17 12:06:58 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:35 2006
Subject: Stop autolearning of bayes
Message-ID: <mailman.857.1137101195.24926.mailscanner@lists.mailscanner.info>

Spam.assassin.prefs.conf -- look for "use_bayes 1" and change to use_bayes
0.
Bill

-----Original Message-----
I know Ive seen how to do this and done it before but Im stuck, just cant
find it. Searched the archives and locked everyplace I can think of but I
cant find it. Might have something to do that either mailscanner4.32-5
changed or spamassassin 3.0 rc1 always use it.

I need to take autolearning of untill I get the ham/spam config finished in
exchange

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Tue Aug 17 12:33:04 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:35 2006
Subject: SV: Stop autolearning of bayes
Message-ID: <mailman.858.1137101195.24926.mailscanner@lists.mailscanner.info>

Hmm, I thought that would disable the use of bayes totally. What I wanted
was to use a database but turn of the autolearn thingy. I really feel stupid
today  :( 

-----Ursprungligt meddelande-----
Från: Bill Sholar - WebGusto [mailto:admin@WEBGUSTO.COM] 
Skickat: den 17 augusti 2004 13:07
Till: MAILSCANNER@JISCMAIL.AC.UK
Ämne: Re: Stop autolearning of bayes

Spam.assassin.prefs.conf -- look for "use_bayes 1" and change to use_bayes
0.
Bill

-----Original Message-----
I know Ive seen how to do this and done it before but Im stuck, just cant
find it. Searched the archives and locked everyplace I can think of but I
cant find it. Might have something to do that either mailscanner4.32-5
changed or spamassassin 3.0 rc1 always use it.

I need to take autolearning of untill I get the ham/spam config finished in
exchange

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ryanw at FALSEHOPE.COM  Tue Aug 17 12:48:29 2004
From: ryanw at FALSEHOPE.COM (Ryan Weaver)
Date: Thu Jan 12 21:26:35 2006
Subject: Stop autolearning of bayes
Message-ID: <mailman.859.1137101195.24926.mailscanner@lists.mailscanner.info>

        The man page says....

bayes_auto_learn ( 0 | 1 )      (default: 1)

     Whether SpamAssassin should automatically feed high-scoring 
     mails (or low-scoring mails, for non-spam) into its learning 
     systems.  The only learning system supported currently is a 
     naive-Bayesian-style classifier.

     Note that certain tests are ignored when determining whether
     a message should be trained upon:
      - auto-whitelist (AWL)
      - rules with tflags set to 'learn' (the Bayesian rules)
      - rules with tflags set to 'userconf' (user white/blacklisting rules,
etc)

     Also note that auto-training occurs using scores from either 
     scoreset 0 or 1, depending on what scoreset is used during 
     message check.  It is likely that the message check and 
     autotrain scores will be different. 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT
> Sent: Tuesday, August 17, 2004 6:33 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SV: Stop autolearning of bayes
> 
> Hmm, I thought that would disable the use of bayes totally. 
> What I wanted
> was to use a database but turn of the autolearn thingy. I 
> really feel stupid
> today  :( 
> 
> -----Ursprungligt meddelande-----
> Från: Bill Sholar - WebGusto [mailto:admin@WEBGUSTO.COM] 
> Skickat: den 17 augusti 2004 13:07
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: Re: Stop autolearning of bayes
> 
> Spam.assassin.prefs.conf -- look for "use_bayes 1" and change 
> to use_bayes
> 0.
> Bill
> 
> -----Original Message-----
> I know Ive seen how to do this and done it before but Im 
> stuck, just cant
> find it. Searched the archives and locked everyplace I can 
> think of but I
> cant find it. Might have something to do that either mailscanner4.32-5
> changed or spamassassin 3.0 rc1 always use it.
> 
> I need to take autolearning of untill I get the ham/spam 
> config finished in
> exchange
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From t.d.lee at DURHAM.AC.UK  Tue Aug 17 12:55:43 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:35 2006
Subject: Older Archive Zip: request for testing
Message-ID: <mailman.860.1137101195.24926.mailscanner@lists.mailscanner.info>

On Mon, 16 Aug 2004, David Lee wrote:

> On Tue, 10 Aug 2004, Robin, Rob wrote:
>
> > Hello all,
> >
> >         BSDi 4.2 (planned to migrate to linux soon), Perl 5.005_03.
> >         For the Archive-Zip1.12, my compilation always failed at
> >
> > ----
> > t/testUpdate........Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> > Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> > Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> > Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
> > ok
> > t/testex............Can't call method "print" on unblessed reference at blib/lib/Archive/Zip.pm line 1862.
> > FAILED test 14
> >         Failed 1/15 tests, 93.33% okay
> > ----
>
> Sorry for the delay in replying (holiday; just back today).
>
> [...]
> Now that I'm back, I'll try to chase it up, and report back.

This is a known bug in version 1.12 of Archive::Zip, which crept in since
earlier versions and which we think only affects relatively old versions
of perl, around 5.00503 .  About three weeks ago, I worked with A::Z's
author, Ned Konz, to fix it.  He prepared a test version (1.12_03) which
seems OK and he would like to release it as 1.13 (or similar).

But now we are left with the usual chicken-and-egg problem of testing.
This includes, of course, bugs in the "has the fix for one bug introduced
new bugs for others?" category.

Any volunteers here, please?

We're looking for a cross-section of OSes and of perl versions.  You
needn't be expert (I'm not!) but you ought to be self-supporting to the
extent that (as shouldn't happen) something goes wrong, you could dig
yourself out of the hole (e.g. reinstate your previous A::Z).

1.12 is on CPAN (also www.dur.ac.uk/t.d.lee/Archive-Zip-1.12.tar.gz).
It should work on everything, EXCEPT perl 5.00503 (or thereabouts) where
it should fail one of the t/testex tests (as in Rob Robin's email above).

1.12_03 is at www.dur.ac.uk/t.d.lee/Archive-Zip-1.12_03.tar.gz .  That
really should work on everything.  (I've been running a fractionally
earlier version for nearly three weeks handing 1million emails/week.)


Please report back your findings to me, mentioning OS and perl version.
I'll collate them for Ned Konz.

Thanks.


--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rabellino at DI.UNITO.IT  Tue Aug 17 13:30:13 2004
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:26:35 2006
Subject: Older Archive Zip: request for testing
Message-ID: <mailman.861.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Lee wrote:
> On Mon, 16 Aug 2004, David Lee wrote:
>
>
>>On Tue, 10 Aug 2004, Robin, Rob wrote:
>>
>>
>>>Hello all,
>>>
>>>        BSDi 4.2 (planned to migrate to linux soon), Perl 5.005_03.
>>>        For the Archive-Zip1.12, my compilation always failed at
>>>
>>>----
>>>t/testUpdate........Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
>>>Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
>>>Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
>>>Use of uninitialized value at /usr/libdata/perl5/5.00503/Test.pm line 68.
>>>ok
>>>t/testex............Can't call method "print" on unblessed reference at blib/lib/Archive/Zip.pm line 1862.
>>>FAILED test 14
>>>        Failed 1/15 tests, 93.33% okay
>>>----
>>
>>Sorry for the delay in replying (holiday; just back today).
>>
>>[...]
>>Now that I'm back, I'll try to chase it up, and report back.
>
>
> This is a known bug in version 1.12 of Archive::Zip, which crept in since
> earlier versions and which we think only affects relatively old versions
> of perl, around 5.00503 .  About three weeks ago, I worked with A::Z's
> author, Ned Konz, to fix it.  He prepared a test version (1.12_03) which
> seems OK and he would like to release it as 1.13 (or similar).
>
> But now we are left with the usual chicken-and-egg problem of testing.
> This includes, of course, bugs in the "has the fix for one bug introduced
> new bugs for others?" category.
>
> Any volunteers here, please?
>
> We're looking for a cross-section of OSes and of perl versions.  You
> needn't be expert (I'm not!) but you ought to be self-supporting to the
> extent that (as shouldn't happen) something goes wrong, you could dig
> yourself out of the hole (e.g. reinstate your previous A::Z).
>
> 1.12 is on CPAN (also www.dur.ac.uk/t.d.lee/Archive-Zip-1.12.tar.gz).
> It should work on everything, EXCEPT perl 5.00503 (or thereabouts) where
> it should fail one of the t/testex tests (as in Rob Robin's email above).
>
.... TESTED ok
This is perl, v5.8.0 built for sun4-solaris

Copyright 1987-2002, Larry Wall

PERL_DL_NONLAZY=1 /opt/perl/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/test..............ok
t/testex............ok
t/testMemberRead....ok
t/testTree..........ok
t/testUpdate........ok
All tests successful.
Files=5, Tests=163,  5 wallclock secs ( 4.21 cusr +  1.08 csys =  5.29 CPU)

> 1.12_03 is at www.dur.ac.uk/t.d.lee/Archive-Zip-1.12_03.tar.gz .  That
> really should work on everything.  (I've been running a fractionally
> earlier version for nearly three weeks handing 1million emails/week.)
>
This download is 0 bytes, could you check the tar.gz ?
>
> Please report back your findings to me, mentioning OS and perl version.
> I'll collate them for Ned Konz.
>
> Thanks.
>
>
> --
>
> :  David Lee                                I.T. Service          :
> :  Systems Programmer                       Computer Centre       :
> :                                           University of Durham  :
> :  http://www.dur.ac.uk/t.d.lee/            South Road            :
> :                                           Durham                :
> :  Phone: +44 191 334 2752                  U.K.                  :
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--
Dott. Sergio Rabellino

  Technical Staff
  Department of Computer Science
  University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From t.d.lee at DURHAM.AC.UK  Tue Aug 17 14:26:53 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:35 2006
Subject: Older Archive Zip: request for testing
Message-ID: <mailman.862.1137101195.24926.mailscanner@lists.mailscanner.info>

On Tue, 17 Aug 2004, Rabellino Sergio wrote:

> > [...]
> > 1.12_03 is at www.dur.ac.uk/t.d.lee/Archive-Zip-1.12_03.tar.gz .  That
> > really should work on everything.  (I've been running a fractionally
> > earlier version for nearly three weeks handing 1million emails/week.)
> >
> This download is 0 bytes, could you check the tar.gz ?

Ouch!  Thanks.  Sorry.  Fixed.

No idea how that happened!  I'd actually tried a download as part of
preparing that email.

If you are comfortable trying it in service, please do.  We're looking not
only for negatives, but for affirmations (of the "works for me" variety).


--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Tue Aug 17 15:41:48 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:35 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.863.1137101195.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John:

I disagree, but before I go into the reasons for that, possibly we could
agree that this method is better?
http://portknocking.org/view/details

Back to stunnel:

Following the "do no harm" philosophy, I use telnet to access a program
that puts an *additional* level of  security in front of sshd. While
this additional layer is very weak, it provides no additional
opportunities for buffer-overflow style exploits. stunnel (by
comparison) *might* allow an attacker to break into my system without
even having to contact sshd.
While an attacker who could sniff my traffic could easily find out how I
was turning on my ssh daemon, the attacker would not be able to use that
same technique to exploit sshd.

If you're already using https, and /or pop3s on your system, you might
not view the use of stunnel as an *additional* vulnerability, because
you're *already* exposed to it, in which case, go for it.

My site was one of the first to be affected by the linux slapper worm.
This worm made use of an SSL exploit. I assume (possibly incorrectly)
that there are more vulnerabilities to be discovered in ssl, and that
these vulnerabilities may be exploitable regardless of the protocol
being tunneled inside of it.
Telnet is the "lowest common denominator". Telnet is a very simple
protocol, not supporting much beyond TCP itself. Since virtually every
other protocol uses TCP, telnet (as a transport) is as "at least as
safe" as all those other protocols in regard to exploits.

Of course, if I were to ever terminate that telnet session directly to a
login prompt, that would be horribly insecure, because the login prompt
itself can be brute-forced, and telnet does not provide any encryption
to prevent legitimate traffic from being monitored by hostile users, but
that's not my application.
My application is "safe".

-Bill

/"Ah," said Arthur, "this is obviously some strange usage of the word
safe that I wasn't previously aware of."
(Hitchhiker's Guide to the Galaxy)
/
John Rudd wrote:

> On Aug 16, 2004, at 11:17 PM, William Burns wrote:
>
>> Re: using stunnel, there are ssl related exploits, no?
>> It seems to me that using stunnel to protect sshd from a *real* exploit
>> is kind of defeating the intended purpose.
>> Wouldn't stunnel be just as vulnerable?
>
>
> Stunnel would be in the same degree of vulnerability as sshd, yes (and,
> to be clear, it's all "degrees of security", nothing is perfect).  But
> stunnel would be a better level of security than telnet, which is the
> right comparison to make.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rpoe at PLATTESHERIFF.ORG  Tue Aug 17 15:45:00 2004
From: rpoe at PLATTESHERIFF.ORG (Rob Poe)
Date: Thu Jan 12 21:26:35 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.864.1137101195.24926.mailscanner@lists.mailscanner.info>

But I found that setting wasn't double uncompressing .zip files (new
viruses seem to be coming as double compressed .zip files)...



>>> mark@TIPPINGMAR.COM 8/16/2004 12:10:35 PM >>>
On 16 Aug 2004 at 10:55, Renata D. Vieira wrote:


> Does anyone know if it is possible to configure MailScanner to allow
.exe files compressed in .zip
> files?

You can configure MailScanner so it does not enforce filename checks on
files that
are compresed in zipfiles.

# The maximum depth to which zip archives will be unpacked, to allow
for
# checking filenames and filetypes within zip archives.
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow
Password-Protected
# Archives = no. That block password-protected archives but does not
do
# any filename/filetype checks on the files within the archive.
Maximum Archive Depth = 0

--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From steve.swaney at FSL.COM  Tue Aug 17 16:32:20 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:36 2006
Subject: Postfix release from Quarantine
Message-ID: <mailman.865.1137101195.24926.mailscanner@lists.mailscanner.info>

Perhaps one of the postfix gurus can help with this one:

Postfix single instance setup:
MailScanner 4.31.6
Red Hat Linux release 9 (Shrike)

In MailScanner.conf:

Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes

The problem: messages are not being released for quarantine;

[root B710F4D00F4]# postdrop -rv < B710F4D00F4
postdrop: chdir /var/spool/postfix
postdrop: open maildrop/3BFEA4F420C
postdrop: send attr queue_id = 3BFEA4F420C
queue_id 3BFEA4F420C  postdrop: fatal: uid=0: unexpected record type: 67
postdrop: remove maildrop/3BFEA4F420C

Goggling on the error is not much help:

>> postdrop -v < /var/spool/MailScanner/quarantine/queuefile gives off:
>>
>> unexpected record type 67 or unexpected record type 40 errors.
>>
>> The queue files that aren't human readable give off the 67 error and
>> the human readable queue files give off the 40 errors.
>>

> What do you expect "postdrop" to do? Mailscanner voids your warranty :-)
> Do not use Mailscanner with Postfix.

Any ideas appreciated.

Thanks,

Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com





--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From s.j.steele at RL.AC.UK  Tue Aug 17 16:33:25 2004
From: s.j.steele at RL.AC.UK (JISCmail Support)
Date: Thu Jan 12 21:26:36 2006
Subject: Test posting
Message-ID: <mailman.866.1137101196.24926.mailscanner@lists.mailscanner.info>

Attempting to replicate duplicate posting problem

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From joshua.hirsh at PARTNERSOLUTIONS.CA  Tue Aug 17 16:43:17 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:36 2006
Subject: Postfix release from Quarantine
Message-ID: <mailman.867.1137101196.24926.mailscanner@lists.mailscanner.info>

Stephen:

 This probably won't help you directly, since I use a dual instance Postfix
(still using the hold method, mind you). When I release a file into
quarantine, I copy it directly into the incoming folder for the sending
process of Postfix (make sure it's executable).

 So for example:

 [root B710F4D00F4]# chmod +x B710F4D00F4
 [root B710F4D00F4]# cp -p B710F4D00F4 /var/spool/postfix/incoming/B/

 I'm not entirely sure how this would work with a single instance setup of
Postfix, but you should be able to just copy it into the directory you have
configured as your 'Outgoing Queue Dir'.


 Cheers,
-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Tue Aug 17 17:04:00 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:36 2006
Subject: Why??? Help Me
Message-ID: <mailman.868.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:24 AM 8/19/2004, Luu Trung Duong wrote:
>But when i use an Webase Email (IMP), it work well. I have checked the
>filename.rules.conf in mailscanner it ok (i mean that everything in default)

by default MailScanner will attempt to block .zip files containing .exe
files. Why your IMP email works is beyond me.


If you don't want MailScanner to look inside of zip files for filename
rules modify your MailScanner.conf:

         # The maximum depth to which zip archives will be unpacked, to
allow for
         # checking filenames and filetypes within zip archives.
         # To disable this feature set this to 0.
         # A common useful setting is this option = 0, and Allow
Password-Protected
         # Archives = no. That block password-protected archives but does
not do
         # any filename/filetype checks on the files within the archive.
         Maximum Archive Depth = 0

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Tue Aug 17 17:07:36 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:36 2006
Subject: Stop autolearning of bayes
Message-ID: <mailman.869.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:32 AM 8/17/2004, Anders Andersson, IT wrote:
>I know Ive seen how to do this and done it before but Im stuck, just cant
>find it. Searched the archives and locked everyplace I can think of but I
>cant find it. Might have something to do that either mailscanner4.32-5
>changed or spamassassin 3.0 rc1 always use it.
>
>I need to take autolearning of untill I get the ham/spam config finished in
>exchange

Add to spamassassin's local.cf or spam.assassin.prefs.conf

         bayes_auto_learn 0

(note: if it doesn't work in spam.assassin.prefs.conf, try it in local.cf.
Some settings will not be honored in spam.assassin.prefs.conf.)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Tue Aug 17 17:12:08 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:36 2006
Subject: Postfix release from Quarantine
Message-ID: <mailman.870.1137101196.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Hirsh, Joshua
> Sent: Tuesday, August 17, 2004 11:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Postfix release from Quarantine
>
> Stephen:
>
>  This probably won't help you directly, since I use a dual instance
> Postfix
> (still using the hold method, mind you). When I release a file into
> quarantine, I copy it directly into the incoming folder for the sending
> process of Postfix (make sure it's executable).
>
>  So for example:
>
>  [root B710F4D00F4]# chmod +x B710F4D00F4
>  [root B710F4D00F4]# cp -p B710F4D00F4 /var/spool/postfix/incoming/B/
>
>  I'm not entirely sure how this would work with a single instance setup of
> Postfix, but you should be able to just copy it into the directory you
> have
> configured as your 'Outgoing Queue Dir'.
>
Joshua,

I'm happy to report that this appeared to work perfectly for the single
instance version of postfix. The logs show message was delivered and removed

Thanks for the help,

Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

>
>  Cheers,
> -Joshua
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Tue Aug 17 17:59:27 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:36 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.871.1137101196.24926.mailscanner@lists.mailscanner.info>

On 17 Aug 2004 at 9:45, Rob Poe wrote:
> But I found that setting wasn't double uncompressing .zip files (new
> viruses seem to be coming as double compressed .zip files)...

> >>> mark@TIPPINGMAR.COM 8/16/2004 12:10:35 PM >>>
> On 16 Aug 2004 at 10:55, Renata D. Vieira wrote:
>
> > Does anyone know if it is possible to configure MailScanner to allow
> .exe files compressed in .zip
> > files?
>
> You can configure MailScanner so it does not enforce filename checks on
> files that are compresed in zipfiles.
>
> # The maximum depth to which zip archives will be unpacked, to allow for
> # checking filenames and filetypes within zip archives.
> # To disable this feature set this to 0.
> # A common useful setting is this option = 0, and Allow Password-Protected
> # Archives = no. That block password-protected archives but does not do
> # any filename/filetype checks on the files within the archive.
> Maximum Archive Depth = 0

I know Julian fixed something related to this in the current release.  Perhaps it was
the problem you mention.  In our case, even using an older version (I have since
upgraded) we caught double zipped viruses, but perhaps that is because we use
Sophos and it looks inside zip files even without help from MailScanner.
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Tue Aug 17 18:05:27 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.872.1137101196.24926.mailscanner@lists.mailscanner.info>

On 17 Aug 2004 at 9:43, Peter Peters wrote:

> Helps me to don't use SPF. What is a "sufficient majority" of my users.
> People will argue that 90% of our students is a sufficient majority. For
> staff people argue that 95% is sufficient. But I have to be sure that
> within those 95% all master teachers are included. When I happen to
> "discredit" one of those by claiming the IP address from which he sends
> e-mail isn't allowed to send e-mail containing our domain I will be in
> trouble.
>
> I have had such a problem after blocking dynamic addresses in Brazil.
> Everything was perfect untill one person happened to be there for a
> while and needed to just send e-mail. And because his IP addresses where
> dynamic I had to unblock the whole range.

According to the SPF proponents the solution to this problem is to configure your
roaming users to send e-mail through your own servers using SMTP AUTH with
STARTTLS.  The only problem, if you have lots of roaming users, is to educate them
that this is necessary.  It's easy enough for me to say, because I only have 25 users!
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 17 18:19:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.873.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:59 17/08/2004, you wrote:
>On 17 Aug 2004 at 9:45, Rob Poe wrote:
> > But I found that setting wasn't double uncompressing .zip files (new
> > viruses seem to be coming as double compressed .zip files)...
>
> > >>> mark@TIPPINGMAR.COM 8/16/2004 12:10:35 PM >>>
> > On 16 Aug 2004 at 10:55, Renata D. Vieira wrote:
> >
> > > Does anyone know if it is possible to configure MailScanner to allow
> > .exe files compressed in .zip
> > > files?
> >
> > You can configure MailScanner so it does not enforce filename checks on
> > files that are compresed in zipfiles.
> >
> > Maximum Archive Depth = 0
>
>I know Julian fixed something related to this in the current
>release.  Perhaps it was
>the problem you mention.

The problem was with analysing files buried in nested zip files which all
have the same filename. This problem was highlighted by MyDoom-O.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Tue Aug 17 18:23:08 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.874.1137101196.24926.mailscanner@lists.mailscanner.info>

One ISP here in my country required all of its more than 10,000 users to
enable AUTH. They did it over the course of one month. You can safely reject
any e-mail with "from:@theirdomain" if it's not authenticated.

It's just a matter of how good you are at educating users about something
that's a necessity, not a luxury.

I'm in the process of switching over all my clients' users to using POP3S +
SMTPS + AUTH + SPF + MS/SA/DCC/Razor2/Pyzor. Most are happy with the
additional level of security.

The only thing I've had to implement where too much traffic/high load was
concerned was RBL's at the MTA layer + clamav-milter.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Mark Nienberg
Sent: Tuesday, August 17, 2004 12:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SPF

On 17 Aug 2004 at 9:43, Peter Peters wrote:

> Helps me to don't use SPF. What is a "sufficient majority" of my users.
> People will argue that 90% of our students is a sufficient majority. For
> staff people argue that 95% is sufficient. But I have to be sure that
> within those 95% all master teachers are included. When I happen to
> "discredit" one of those by claiming the IP address from which he sends
> e-mail isn't allowed to send e-mail containing our domain I will be in
> trouble.
>
> I have had such a problem after blocking dynamic addresses in Brazil.
> Everything was perfect untill one person happened to be there for a
> while and needed to just send e-mail. And because his IP addresses where
> dynamic I had to unblock the whole range.

According to the SPF proponents the solution to this problem is to configure
your
roaming users to send e-mail through your own servers using SMTP AUTH with
STARTTLS.  The only problem, if you have lots of roaming users, is to
educate them
that this is necessary.  It's easy enough for me to say, because I only have
25 users!
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dh at UPTIME.AT  Tue Aug 17 18:27:33 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:36 2006
Subject: [OT] Re: SPF
Message-ID: <mailman.875.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Alex Neuman wrote:

<snip>
| It's just a matter of how good you are at educating users about something
| that's a necessity, not a luxury.
|

While I am using STARTTLS + SMTP-AUTH, while I support innovative
thinking and new techniques I think you are mixing something up here.
~From the users point of view SMTP-AUTH and STARTTLS aren't a luxury nor
are the necessity, they are an annoyance. You have to think about one
more password, you have to setup your MUA to support this and you have
to ensure that you are using the right settings.

- -d


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBIkAEPMoaMn4kKR4RA3a1AJ4mlr+4Sj8ln6umTcvzLcbdZ8YSMwCglxZP
KWD58+2j3nlS9Ty5y8HtpYk=
=vvwb
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mark at TIPPINGMAR.COM  Tue Aug 17 18:31:58 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:36 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.876.1137101196.24926.mailscanner@lists.mailscanner.info>

On 17 Aug 2004 at 18:19, Julian Field wrote:

> At 17:59 17/08/2004, you wrote:
> >On 17 Aug 2004 at 9:45, Rob Poe wrote:
> > > But I found that setting wasn't double uncompressing .zip files (new
> > > viruses seem to be coming as double compressed .zip files)...
> >
> > > >>> mark@TIPPINGMAR.COM 8/16/2004 12:10:35 PM >>>
> > > On 16 Aug 2004 at 10:55, Renata D. Vieira wrote:
> > >
> > > > Does anyone know if it is possible to configure MailScanner to allow
> > > .exe files compressed in .zip
> > > > files?
> > >
> > > You can configure MailScanner so it does not enforce filename checks on
> > > files that are compresed in zipfiles.
> > >
> > > Maximum Archive Depth = 0
> >
> >I know Julian fixed something related to this in the current
> >release.  Perhaps it was
> >the problem you mention.
>
> The problem was with analysing files buried in nested zip files which all
> have the same filename. This problem was highlighted by MyDoom-O.

I assume that
Maximum Archive Depth = 0
only tells MailScanner not to consider filename rules in the zip file.  It still unzips as
many layers are needed to scan for viruses, correct?
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 17 18:36:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Allowing .exe files in .zip files
Message-ID: <mailman.877.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:31 17/08/2004, you wrote:
>I assume that
>Maximum Archive Depth = 0
>only tells MailScanner not to consider filename rules in the zip file.  It
>still unzips as
>many layers are needed to scan for viruses, correct?

Correct. The unzipping for virus scanning is actually done by the virus
scanners themselves.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ldg at TLS.NET  Tue Aug 17 20:28:27 2004
From: ldg at TLS.NET (Dave Goodrich)
Date: Thu Jan 12 21:26:36 2006
Subject: rules for Spam Actions
Message-ID: <mailman.878.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I need to setup email scrubbing for a client were we just take the
message, scan and filter, pass on to their mail server.

I setup my mailertable, access, everything is ready. I want to have a
ruleset for Spam Actions in MailScanner.conf.

I changed this in MailScanner.conf.
Spam Actions = %rules-dir%/user.delivery.rules

And created a file "user.delivery.rules" in my rules directory with the
following.
To:     totallogic.com       deliver attachment
# default delivery
To:     default         deliver

Seems simple enough, before I hit the switch does anyone see a problem here?

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Aug 17 20:57:25 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:36 2006
Subject: rules for Spam Actions
Message-ID: <mailman.879.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave Goodrich wrote:

> I need to setup email scrubbing for a client were we just take the
> message, scan and filter, pass on to their mail server.
>
> I setup my mailertable, access, everything is ready. I want to have a
> ruleset for Spam Actions in MailScanner.conf.
>
> I changed this in MailScanner.conf.
> Spam Actions = %rules-dir%/user.delivery.rules
>
> And created a file "user.delivery.rules" in my rules directory with the
> following.
> To:     totallogic.com       deliver attachment
> # default delivery
> To:     default         deliver
>
> Seems simple enough, before I hit the switch does anyone see a problem
> here?

I'm not sure, but I'd put deliver after attachment.

>
> DAve
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Tue Aug 17 21:01:00 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:36 2006
Subject: Upgrading languages.conf to new releases
Message-ID: <mailman.880.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Great idea, but may I suggest a small enhancement?

Have the upgrade mailscanner script read MailScanner.conf during the
initial run and automagically update the languages.conf file. After all,
the place and location of that file is defined in MailScanner.conf

:)

On Sat, 14 Aug 2004, Julian Field wrote:

> It just occurred to me that upgrade_MailScanner_conf should be able to do
> exactly the same job on languages.conf files.
>
> I just tried it and it worked very nicely. Instead of the usual command,
> try this on a Linux system:
> cd /etc/MailScanner/reports/en
> upgrade_MailScanner_conf languages.conf languages.conf.rpmnew >
> languages.new
>
> Then take a look at languages.new and see if it has all the new strings
> added.
>
> I'm sure the non-Linux users among you know enough of what you're doing to
> be able to work out the corresponding commands on your own systems. Just
> replace "MailScanner.conf" with "languages.conf" and make sure you are in
> the right directory.
>
> Does this work?
> If so, I've just solved the problem of upgrading languages.conf files :-)
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Tue Aug 17 22:02:21 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:36 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.881.1137101196.24926.mailscanner@lists.mailscanner.info>

William Burns wrote:
>
> Back to stunnel:
>
> Following the "do no harm" philosophy, I use telnet to access a program
> that puts an *additional* level of  security in front of sshd. While
> this additional layer is very weak, it provides no additional
> opportunities for buffer-overflow style exploits. stunnel (by
> comparison) *might* allow an attacker to break into my system without
> even having to contact sshd.
> While an attacker who could sniff my traffic could easily find out how I
> was turning on my ssh daemon, the attacker would not be able to use that
> same technique to exploit sshd.
>
> If you're already using https, and /or pop3s on your system,

or OpenSSH, which uses OpenSSL code.  Which was my point: Stunnel is in
the same risk category as OpenSSH (assuming you're using openssh, which
may have been an inappropraite assumption on my part).  Using Stunnel is
no more risky than using OpenSSH, AFAICT.

> you might
> not view the use of stunnel as an *additional* vulnerability, because
> you're *already* exposed to it, in which case, go for it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Tue Aug 17 22:17:00 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:36 2006
Subject: [OT] Re: SPF
Message-ID: <mailman.882.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David:

Configuring STARTTLS + SMTP-AUTH is an annoyance compared to what?
These roaming users have to continually reconfigure their mail clients
to work w/ each mail relay on each subnet that they ever visit.
(Why this isn't configured automatically through DHCP, I'll never know)

With STARTTLS + SMTP-AUTH, they'll finally be able to set it, and forget it.

-Bill

David H. wrote:

> Alex Neuman wrote:
>
> <snip>
> | It's just a matter of how good you are at educating users about
> something
> | that's a necessity, not a luxury.
> |
>
> While I am using STARTTLS + SMTP-AUTH, while I support innovative
> thinking and new techniques I think you are mixing something up here.
> ~From the users point of view SMTP-AUTH and STARTTLS aren't a luxury nor
> are the necessity, they are an annoyance. You have to think about one
> more password, you have to setup your MUA to support this and you have
> to ensure that you are using the right settings.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 17 22:36:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: rules for Spam Actions
Message-ID: <mailman.883.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:57 17/08/2004, you wrote:
>Dave Goodrich wrote:
>
>>I need to setup email scrubbing for a client were we just take the
>>message, scan and filter, pass on to their mail server.
>>
>>I setup my mailertable, access, everything is ready. I want to have a
>>ruleset for Spam Actions in MailScanner.conf.
>>
>>I changed this in MailScanner.conf.
>>Spam Actions = %rules-dir%/user.delivery.rules
>>
>>And created a file "user.delivery.rules" in my rules directory with the
>>following.
>>To:     totallogic.com       deliver attachment
>># default delivery
>>To:     default         deliver
>>
>>Seems simple enough, before I hit the switch does anyone see a problem
>>here?
>
>I'm not sure, but I'd put deliver after attachment.

Makes no difference.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From William.Burns at AEROFLEX.COM  Tue Aug 17 23:52:39 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:36 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.884.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John:

Maybe I'm confused?
Do we have the same point?

John Rudd wrote:

>William Burns wrote:
>
>
>>Back to stunnel:
>>
>>Following the "do no harm" philosophy, I use telnet to access a program
>>that puts an *additional* level of  security in front of sshd.
>>
>>
>or OpenSSH, which uses OpenSSL code.  Which was my point: Stunnel is in
>the same risk category as OpenSSH (assuming you're using openssh, which
>may have been an inappropraite assumption on my part).  Using Stunnel is
>no more risky than using OpenSSH, AFAICT.
>
>

I *dont* want to use stunnel to shield OpenSSH(d) from a worm, exactly
because they're in the same risk category.
That'd be like protecting my door w/ two masterlock (tm) padlocks. If
someone knows how to break that brand of lock, they're in.
If there's a worm that can exploit sshd, how do I know it can't exploit
stunnel as well?

I want to avoid having ssl protected sessions terminated on some of my
boxes 'cause the ssl sessions themselves (the transport) can be attacked.
I'd prefer an SSL attacking worm to meet-up w/ a dumb-as-rocks telnet
session instead.
Odds are that the worm won't be able to guess my pass-phrase.

Back to the padlock analogy, I've got a decent padlock, but before you
get to that, you have to go through one of those lame simplex
push-button locks.
Anyone w/ a few hours to kill can get past a simplex lock, but probably
not the padlock.
If someone knows how to beat the padlock, they'll probably apply that
skill elsewhere, instead of wasting the hours necessary to guess the
simplex combo.

Plus, add to that the fact that you can only access my padlock from
certain IP addresses and I'm feeling pretty safe.

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Wed Aug 18 00:16:38 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:36 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.885.1137101196.24926.mailscanner@lists.mailscanner.info>

William Burns wrote:
>
> John:
>
> Maybe I'm confused?
> Do we have the same point?

Not the same point, but I think we were talking at cross purposes.


> John Rudd wrote:
>
> >William Burns wrote:
> >>
> >>Following the "do no harm" philosophy, I use telnet to access a program
> >>that puts an *additional* level of  security in front of sshd.
> >>
> >or OpenSSH, which uses OpenSSL code.
> >
>
> I *dont* want to use stunnel to shield OpenSSH(d) from a worm, exactly
> because they're in the same risk category.

Ah, I see what you're saying.  I thought you were using the telnet
solution as a general protection, which is why I was saying "you should
protect that stream with some form of encryption" (thus stunnel).  If
you're just using that method as a means of keeping random worms and
port scanners from finding sshd, then that makes a lot more sense (and
it also makes sense as to why you wouldn't want to use stunnel on it).
Sorry if I missed something that explained that aspect of the process up
front.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ldg at TLS.NET  Wed Aug 18 03:55:03 2004
From: ldg at TLS.NET (Dave Goodrich)
Date: Thu Jan 12 21:26:36 2006
Subject: rules for Spam Actions
Message-ID: <mailman.886.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yep, deliver then attachment was what I had been using with no problems.
Seems to be working just fine.

DAve

Julian Field wrote:
> At 20:57 17/08/2004, you wrote:
>
>> Dave Goodrich wrote:
>>
>>> I need to setup email scrubbing for a client were we just take the
>>> message, scan and filter, pass on to their mail server.
>>>
>>> I setup my mailertable, access, everything is ready. I want to have a
>>> ruleset for Spam Actions in MailScanner.conf.
>>>
>>> I changed this in MailScanner.conf.
>>> Spam Actions = %rules-dir%/user.delivery.rules
>>>
>>> And created a file "user.delivery.rules" in my rules directory with the
>>> following.
>>> To:     totallogic.com       deliver attachment
>>> # default delivery
>>> To:     default         deliver
>>>
>>> Seems simple enough, before I hit the switch does anyone see a problem
>>> here?
>>
>>
>> I'm not sure, but I'd put deliver after attachment.
>
>
> Makes no difference.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From p.g.m.peters at utwente.nl  Wed Aug 18 09:54:28 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.887.1137101196.24926.mailscanner@lists.mailscanner.info>

On Tue, 17 Aug 2004 10:05:27 -0700, you wrote:

>> I have had such a problem after blocking dynamic addresses in Brazil.
>> Everything was perfect untill one person happened to be there for a
>> while and needed to just send e-mail. And because his IP addresses where
>> dynamic I had to unblock the whole range.
>
>According to the SPF proponents the solution to this problem is to configure your
>roaming users to send e-mail through your own servers using SMTP AUTH with
>STARTTLS.  The only problem, if you have lots of roaming users, is to educate them
>that this is necessary.  It's easy enough for me to say, because I only have 25 users!

There is another problem with users roaming onto a network where there
is no outbound SMTP allowed. Webmail could be a solution but people just
wanting to sent e-mail don't want to spend the sime to go through all
the pages of a webmail server. And when they use cellphones they will
get a big bill because of the time and/or amount of data.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Wed Aug 18 10:26:19 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.888.1137101196.24926.mailscanner@lists.mailscanner.info>

On Wednesday, August 18, 2004 10:54 AM MailScanner mailing list wrote:

> server. And when they use cellphones they will get a big bill
> because of the time and/or amount of data.

Then sell the company Extended Systems OneBridge. It is the best
cellphone, PocketPC, Palm, Symbian etc. Sync software I know. Works like
a charm over low bandwith connections, does not cost too much (not too
cheap either), compresses the data stream etc.

Kind regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Wed Aug 18 10:41:50 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.889.1137101196.24926.mailscanner@lists.mailscanner.info>

On Wed, 18 Aug 2004 11:26:19 +0200, you wrote:

>> server. And when they use cellphones they will get a big bill
>> because of the time and/or amount of data.
>
>Then sell the company Extended Systems OneBridge. It is the best
>cellphone, PocketPC, Palm, Symbian etc. Sync software I know. Works like
>a charm over low bandwith connections, does not cost too much (not too
>cheap either), compresses the data stream etc.

Looks good. Thanks.

I'll drop it in our organization. Probably as part of the upgrade of the
messaging system for our students.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From miguelk at KONSULTEX.COM.BR  Wed Aug 18 13:02:08 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:26:36 2006
Subject: [OT] Sendmail open relay problem - SOLVED
Message-ID: <mailman.890.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I just thought I would let anyone that was interested in this problem
know what had happened. It may help others avoid the same problem.

A few weeks before this episode we had to make a change in the
httpd.conf file to allow external access to a web site running on an
internal server. The easiest way at the moment was to enable the
ProxyPass directive, which had to have access from "All". However this
also let the spammer use the web server to access sendmail by using
connection to port 25. I found this by searching through the httpd log
files. Once I rolled back that change, all open relay tests were ok
again. Summarizing I would say that the less services run on the mail
machine, the better.

Miguel

Miguel Koren wrote:

>I have been running along with Mail Scanner just fine for a long, long
>time and thought I had all my defenses in place. Over the weekend however
>one of my servers seems to have been 'discovered' by a spamming operation
>or a virus infected machine and I ended up with 75,000 files in the mqueue
>directory this morning.
>
>I use Sednmail 8.12.8 on Red Hat 9 in this case.
>
>What I did is shut down Mail Scanner and Sendmail and deleted all those
>files. It's possible that some were geunine emails but if so, very, very
>few.
>
>My understanding of Sendmail is that a relay is closed if the
>/etc/mail/access file is ok. Here is what I have:
>
>localhost.localdomain   RELAY
>localhost               RELAY
>127.0.0.1               RELAY
>
># internal
>10.10.10.0              RELAY
>
>
>I also have this in /etc/mail/relay-domains:
>
># internal
>10.10.10.
>
># localhost
>127.0.0.1
>localhost
>localhost.localdomain
>
>I also run pop-before-smtp for our roaming users and I can't stop
>using it short term. Perhaps some of the IPs I see in the pop-before-smtp
>log are that particular spammer IP.
>
>I don't think Red Hat 9 has any default users that can log in to email
>with
>default passwords. If anybody is intereseted, this
>http://popbsmtp.sourceforge.net/ is a good system assuming it did not
>cause
>the problems. This system requires a change in
>/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
>before sending emails. This is the change that I made a long time ago:
>
>Kpopauth hash -a<OK> /etc/mail/popauth
>
>SLocal_check_rcpt
>R$*            $: $(popauth $&{client_addr} $: <?> $)
>R<?>           $@ NoPopAuth
>R$*<OK>                $# OK
>......
>
>then I have all the rest of the normal file.
>
>My theory is that there may be an infected machine logging in to pop and
>then sending emails or a deliberate attempt to use pop with default users
>gets the same result.
>
>Summarizing:
>a) are there any errors in access and relay-domains?
>b) are there any known default users in Red Hat 9 that can access pop?
>c) Would this sendmail.cf somehow mess up the relay checking (apart from
>checking the database first)?
>
>Miguel
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rabellino at DI.UNITO.IT  Wed Aug 18 13:03:35 2004
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:26:36 2006
Subject: Perl MailTools version required
Message-ID: <mailman.891.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dear list,
  the mailtools distributed with the latest MailScanner is the release 1.50.
I go into trouble with MS if I install the latest release 1.62 available from CPAN, as requested by another perl
application (1.50 too old....) ?

Thanks.
--
Dott. Sergio Rabellino

  Technical Staff
  Department of Computer Science
  University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Wed Aug 18 14:55:34 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:36 2006
Subject: [OT] Sendmail open relay problem - SOLVED
Message-ID: <mailman.892.1137101196.24926.mailscanner@lists.mailscanner.info>

Have you tried using Squid for that purpose? Or maybe an iptables rule on a
different port and an HTTP_REDIRECT html directive?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Miguel Koren O'Brien de Lacy
Sent: Wednesday, August 18, 2004 7:02 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [OT] Sendmail open relay problem - SOLVED

I just thought I would let anyone that was interested in this problem
know what had happened. It may help others avoid the same problem.

A few weeks before this episode we had to make a change in the
httpd.conf file to allow external access to a web site running on an
internal server. The easiest way at the moment was to enable the
ProxyPass directive, which had to have access from "All". However this
also let the spammer use the web server to access sendmail by using
connection to port 25. I found this by searching through the httpd log
files. Once I rolled back that change, all open relay tests were ok
again. Summarizing I would say that the less services run on the mail
machine, the better.

Miguel

Miguel Koren wrote:

>I have been running along with Mail Scanner just fine for a long, long
>time and thought I had all my defenses in place. Over the weekend however
>one of my servers seems to have been 'discovered' by a spamming operation
>or a virus infected machine and I ended up with 75,000 files in the mqueue
>directory this morning.
>
>I use Sednmail 8.12.8 on Red Hat 9 in this case.
>
>What I did is shut down Mail Scanner and Sendmail and deleted all those
>files. It's possible that some were geunine emails but if so, very, very
>few.
>
>My understanding of Sendmail is that a relay is closed if the
>/etc/mail/access file is ok. Here is what I have:
>
>localhost.localdomain   RELAY
>localhost               RELAY
>127.0.0.1               RELAY
>
># internal
>10.10.10.0              RELAY
>
>
>I also have this in /etc/mail/relay-domains:
>
># internal
>10.10.10.
>
># localhost
>127.0.0.1
>localhost
>localhost.localdomain
>
>I also run pop-before-smtp for our roaming users and I can't stop
>using it short term. Perhaps some of the IPs I see in the pop-before-smtp
>log are that particular spammer IP.
>
>I don't think Red Hat 9 has any default users that can log in to email
>with
>default passwords. If anybody is intereseted, this
>http://popbsmtp.sourceforge.net/ is a good system assuming it did not
>cause
>the problems. This system requires a change in
>/etc/mail/sendmail.cf to make Sendmail check the pop-before-smtp database
>before sending emails. This is the change that I made a long time ago:
>
>Kpopauth hash -a<OK> /etc/mail/popauth
>
>SLocal_check_rcpt
>R$*            $: $(popauth $&{client_addr} $: <?> $)
>R<?>           $@ NoPopAuth
>R$*<OK>                $# OK
>......
>
>then I have all the rest of the normal file.
>
>My theory is that there may be an infected machine logging in to pop and
>then sending emails or a deliberate attempt to use pop with default users
>gets the same result.
>
>Summarizing:
>a) are there any errors in access and relay-domains?
>b) are there any known default users in Red Hat 9 that can access pop?
>c) Would this sendmail.cf somehow mess up the relay checking (apart from
>checking the database first)?
>
>Miguel
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From res at AUSICS.NET  Wed Aug 18 15:33:23 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:36 2006
Subject: install.sh
Message-ID: <mailman.893.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I know this was covered recently but can someone kindly give me a
refresher as to how to get around the non rpm install.sh that insists we
have rpm :)

Have a slackware box that is existing on a network as a secondary mx I
need to put this on.


--
Regards,
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkipness at GENIANT.COM  Wed Aug 18 17:42:45 2004
From: mkipness at GENIANT.COM (Max Kipness)
Date: Thu Jan 12 21:26:36 2006
Subject: Parsing MailScanner
Message-ID: <mailman.894.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial size=2>I'm just starting to 
build my own PHP based app that lists all quarantined messages, presents the 
score, etc and then allows individual users to resend/whitelist certain 
messages.</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial size=2>I started looking at 
parsing the /var/spool/MailScanner/quarantine/date/spam folder, but realized 
that neither the qf or df files list any info about the spamassassin score. Is 
there any way to have this listed, or would the appopriate way to build this app 
be to parse the maillog instead?</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial size=2>Just looking for 
suggestions.</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial size=2>I know about 
MailScanner, but want to do some a little different.</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=953032516-18082004><FONT face=Arial 
size=2>Max</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mark at TIPPINGMAR.COM  Wed Aug 18 18:05:50 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:36 2006
Subject: SPF
Message-ID: <mailman.895.1137101196.24926.mailscanner@lists.mailscanner.info>

On 18 Aug 2004 at 10:54, Peter Peters wrote:

> There is another problem with users roaming onto a network where there
> is no outbound SMTP allowed.

Most networks do this by blocking port 25.  The preferred method for setting up
SASL SMTP is to accept connections on ports 25 and 587, which is rarely blocked.

http://spf.pobox.com/forsysadmins.html

--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Aug 18 18:37:12 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Parsing MailScanner
Message-ID: <mailman.896.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:42 18/08/2004, you wrote:
>Hi,
>
>I'm just starting to build my own PHP based app that lists all quarantined
>messages, presents the score, etc and then allows individual users to
>resend/whitelist certain messages.
>
>I started looking at parsing the
>/var/spool/MailScanner/quarantine/date/spam folder, but realized that
>neither the qf or df files list any info about the spamassassin score. Is
>there any way to have this listed, or would the appopriate way to build
>this app be to parse the maillog instead?
>
>Just looking for suggestions.
>
>I know about MailScanner, but want to do some a little different.

Great idea, I thoroughly approve of things like this (unlike the authors of
Postfix, grrr....).

 From the df/qf files in the spam folder, you can get the queue id which
you should be able to locate in the maillog. I want to keep all the
archives as untouched versions of the original messages.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Wed Aug 18 18:52:40 2004
From: alex at NKPANAMA.COM (Alex Neuman)
Date: Thu Jan 12 21:26:36 2006
Subject: Parsing MailScanner
Message-ID: <mailman.897.1137101196.24926.mailscanner@lists.mailscanner.info>

Sorry to "hijack" the thread, but regarding untouched versions I'd like to
know if there has been any interest/progress in being able to archive only
that which actually gets to the end users' mailbox.

That way I can have a "clean" archive - the only workaround so far I've
been able to come up with is using clamd+clamavmilter (which reduces
server load a little) before MailScanner, and procmail recipes afterwards.

Regards,

Alex

> At 17:42 18/08/2004, you wrote:
>>Hi,
>>
>>I'm just starting to build my own PHP based app that lists all
>> quarantined
>>messages, presents the score, etc and then allows individual users to
>>resend/whitelist certain messages.
>>
>>I started looking at parsing the
>>/var/spool/MailScanner/quarantine/date/spam folder, but realized that
>>neither the qf or df files list any info about the spamassassin score. Is
>>there any way to have this listed, or would the appopriate way to build
>>this app be to parse the maillog instead?
>>
>>Just looking for suggestions.
>>
>>I know about MailScanner, but want to do some a little different.
>
> Great idea, I thoroughly approve of things like this (unlike the authors
> of
> Postfix, grrr....).
>
>  From the df/qf files in the spam folder, you can get the queue id which
> you should be able to locate in the maillog. I want to keep all the
> archives as untouched versions of the original messages.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Aug 18 19:07:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Parsing MailScanner
Message-ID: <mailman.898.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:52 18/08/2004, you wrote:
>Sorry to "hijack" the thread, but regarding untouched versions I'd like to
>know if there has been any interest/progress in being able to archive only
>that which actually gets to the end users' mailbox.

That's a bit awkward, as the archiving happens really early on, long before
the message is rebuilt.

>That way I can have a "clean" archive - the only workaround so far I've
>been able to come up with is using clamd+clamavmilter (which reduces
>server load a little) before MailScanner, and procmail recipes afterwards.

I'll have another look, but no promises.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kwang at UCALGARY.CA  Wed Aug 18 19:19:09 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.899.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

We are running MailScanner-4.31.6-1. I noticed that in the
mcafee-wrapper, MailScanner uses the dat files in the /usr/local/uvscan
directory. But mcafee-autoupdate only updates
/usr/local/uvscan/datfiles/current/. The maillog shows McAfee is
upgraded to 4287 but we are actually using a lower version. Is this a bug?

[root]# ls -l /usr/local/uvscan/datfiles/current/
total 4456
-rw-rw-rw-    1 root     root       414161 Aug 17 22:32 clean.dat
-rw-rw-rw-    1 root     root        12124 Oct 14  1998 internet.dat
-rw-rw-rw-    1 root     root       496036 Aug 17 22:32 names.dat
-rw-rw-rw-    1 root     root      3617893 Aug 17 22:32 scan.dat
[root]# ls -l /usr/local/uvscan/*.dat
-rw-rw-rw-    1 root     root       413328 Aug 15 22:32
/usr/local/uvscan/clean.dat
-rw-rw-rw-    1 root     root        12124 Oct 14  1998
/usr/local/uvscan/internet.dat
-r--r--r--    1 root     root         1056 Feb 18 14:23
/usr/local/uvscan/license.dat
-r--r--r--    1 root     root        38154 Feb 18 14:23
/usr/local/uvscan/messages.dat
-rw-rw-rw-    1 root     root       494959 Aug 15 22:32
/usr/local/uvscan/names.dat
-rw-rw-rw-    1 root     root      3607450 Aug 15 22:32
/usr/local/uvscan/scan.dat
[root]# grep 'McAfee-autoupdat' /var/log/maillog
Aug 18 11:11:06 XXXX logger: McAfee-autoupdate[]: McAfee updated to
version 4387


Kai Wang

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Wed Aug 18 19:25:26 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.900.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I don't know if this is a bug but this not what I have here in 
/usr/local/uvscan :
lrwxrwxrwx    1 root     root           26 jui 16 08:47 clean.dat -> 
datfiles/current/clean.dat
lrwxrwxrwx    1 root     root           29 jui 16 08:47 internet.dat -> 
datfiles/current/internet.dat
-r--r--r--    1 root     root         1056 jui 16 08:41 license.dat
-r--r--r--    1 root     root        38154 jui 16 08:41 messages.dat
lrwxrwxrwx    1 root     root           26 jui 16 08:47 names.dat -> 
datfiles/current/names.dat
lrwxrwxrwx    1 root     root           25 jui 16 08:47 scan.dat -> 
datfiles/current/scan.dat

Just replace the dat files in /usr/local/uvcsan with symlinks and you'll 
be all set.

Denis

Kai Wang wrote:

> Hi,
>
> We are running MailScanner-4.31.6-1. I noticed that in the
> mcafee-wrapper, MailScanner uses the dat files in the /usr/local/uvscan
> directory. But mcafee-autoupdate only updates
> /usr/local/uvscan/datfiles/current/. The maillog shows McAfee is
> upgraded to 4287 but we are actually using a lower version. Is this a 
> bug?
>
> [root]# ls -l /usr/local/uvscan/datfiles/current/
> total 4456
> -rw-rw-rw-    1 root     root       414161 Aug 17 22:32 clean.dat
> -rw-rw-rw-    1 root     root        12124 Oct 14  1998 internet.dat
> -rw-rw-rw-    1 root     root       496036 Aug 17 22:32 names.dat
> -rw-rw-rw-    1 root     root      3617893 Aug 17 22:32 scan.dat
> [root]# ls -l /usr/local/uvscan/*.dat
> -rw-rw-rw-    1 root     root       413328 Aug 15 22:32
> /usr/local/uvscan/clean.dat
> -rw-rw-rw-    1 root     root        12124 Oct 14  1998
> /usr/local/uvscan/internet.dat
> -r--r--r--    1 root     root         1056 Feb 18 14:23
> /usr/local/uvscan/license.dat
> -r--r--r--    1 root     root        38154 Feb 18 14:23
> /usr/local/uvscan/messages.dat
> -rw-rw-rw-    1 root     root       494959 Aug 15 22:32
> /usr/local/uvscan/names.dat
> -rw-rw-rw-    1 root     root      3607450 Aug 15 22:32
> /usr/local/uvscan/scan.dat
> [root]# grep 'McAfee-autoupdat' /var/log/maillog
> Aug 18 11:11:06 XXXX logger: McAfee-autoupdate[]: McAfee updated to
> version 4387
>
>
> Kai Wang
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 18 19:26:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.901.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Can some other McAfee users comment on this please?
Tony?

At 19:19 18/08/2004, you wrote:
>Hi,
>
>We are running MailScanner-4.31.6-1. I noticed that in the
>mcafee-wrapper, MailScanner uses the dat files in the /usr/local/uvscan
>directory. But mcafee-autoupdate only updates
>/usr/local/uvscan/datfiles/current/. The maillog shows McAfee is
>upgraded to 4287 but we are actually using a lower version. Is this a bug?
>
>[root]# ls -l /usr/local/uvscan/datfiles/current/
>total 4456
>-rw-rw-rw-    1 root     root       414161 Aug 17 22:32 clean.dat
>-rw-rw-rw-    1 root     root        12124 Oct 14  1998 internet.dat
>-rw-rw-rw-    1 root     root       496036 Aug 17 22:32 names.dat
>-rw-rw-rw-    1 root     root      3617893 Aug 17 22:32 scan.dat
>[root]# ls -l /usr/local/uvscan/*.dat
>-rw-rw-rw-    1 root     root       413328 Aug 15 22:32
>/usr/local/uvscan/clean.dat
>-rw-rw-rw-    1 root     root        12124 Oct 14  1998
>/usr/local/uvscan/internet.dat
>-r--r--r--    1 root     root         1056 Feb 18 14:23
>/usr/local/uvscan/license.dat
>-r--r--r--    1 root     root        38154 Feb 18 14:23
>/usr/local/uvscan/messages.dat
>-rw-rw-rw-    1 root     root       494959 Aug 15 22:32
>/usr/local/uvscan/names.dat
>-rw-rw-rw-    1 root     root      3607450 Aug 15 22:32
>/usr/local/uvscan/scan.dat
>[root]# grep 'McAfee-autoupdat' /var/log/maillog
>Aug 18 11:11:06 XXXX logger: McAfee-autoupdate[]: McAfee updated to
>version 4387
>
>
>Kai Wang
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Wed Aug 18 19:36:07 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:36 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.902.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

Does mailscanner use clamscan with options(clamscan -m) or does this need to
be put in the clamscan wrapper file ?

/usr/local/libexec/MailScanner/clamav-wrapper
ScanOptions="-m"

or even if I was to use vexira
ScanOptions="--scan-in-mbox"

FreeBSD 5.2.1
MailScanner-4.31.6

Thanks

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dot at dotat.at  Wed Aug 18 20:19:39 2004
From: dot at dotat.at (Tony Finch)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.903.1137101196.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
>Can some other McAfee users comment on this please?

It's the result of upgrading McAfee in place without removing the old
version first, so mcafee-autoupdate thinks it is already initialized.
The version below should re-initialize itself in this situation.

Tony.
--
f.a.n.finch  <dot@dotat.at>  http://dotat.at/
MULL OF KINTYRE TO ARDNAMURCHAN POINT: VARIABLE BECOMING NORTH OR NORTHEAST, 3
OR 4. SHOWERS. GOOD. SLIGHT.



#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/conf/build/bin/uvscan-update,v 1.52 2004/08/18 19:12:02 fanf2 Exp $

# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.

# defaults
OPTS=""
PREFIX=/opt/uvscan
FTPDIR=http://download.nai.com/products/datfiles/4.x/nai
RETRIES=1
INTERVAL=300

# handle the command line
usage () {
        echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix]"
        echo "  -d      delete old files"
        echo "  -e      get extra.dat"
        echo "  -f      force update"
        echo "  -r      show README"
        echo "  -t      timestamp output"
        echo "  -v      verbose"
        echo "  -R      number of retries"
        echo "  -I      retry interval"
        echo "  proxy   URL of FTP/HTTP proxy server"
        echo "  prefix  uvscan installation directory"
        exit 1
}
case $# in
[012345])
        : ok
        ;;
*)      usage
        ;;
esac
for arg in "$@"
do
        case $arg in
        -I*)    INTERVAL=${arg#-I}
                ;;
        -R*)    RETRIES=${arg#-R}
                ;;
        -*)     OPTS=$arg
                ;;
        /*)     PREFIX=$arg
                ;;
        http:)  ftp_proxy=$arg
                http_proxy=$arg
                export ftp_proxy
                export http_proxy
                ;;
        *)      usage
                ;;
        esac
done
case $OPTS in
*[!-dfrtv]*)
        usage
esac
option () {
        case $OPTS in
        -*$1*)  eval $2=yes
                ;;
        *)      eval $2=no
                ;;
        esac
}
option d DELETE
option e EXTRA
option f FORCE
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes)    VERBOSE=yes
esac

# look for binaries and libraris in plausible places
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
# this is only necessary for broken setups
LD_LIBRARY_PATH=$PREFIX
export PATH LD_LIBRARY_PATH

# where this script finds things
DATDIR=$PREFIX/datfiles
DATFILES="clean.dat extra.dat internet.dat names.dat scan.dat"
LINKNAME=current
LINKREL=datfiles/$LINKNAME

# wrapper functions for echo etc.
timestamp () {
        case $TIME in
        yes)    date "+%Y-%m-%d %H:%M:%S "
        esac
}
say () {
        case $VERBOSE in
        yes)    echo "`timestamp`$*"
        esac
}
run () {
        say "> $*"
        "$@"
}
testeval () {
        # ugly workaround
        say "> $*"
        set +e
        eval "$*"
        ret=$?
        set -e
        return $ret
}
is () {
        test "$@" 2>/dev/null
}
say Starting $0
say DELETE=$DELETE
say FORCE=$FORCE
say README=$README
say TIME=$TIME
say VERBOSE=$VERBOSE
say RETRIES=$RETRIES
say INTERVAL=$INTERVAL
say PROXY=$ftp_proxy
say PREFIX=$PREFIX

# check directory setup is correct
for link in $LINKREL $DATFILES
do
        if ! is -h $PREFIX/$link
        then
                say $PREFIX/$link is not set up
                INIT=yes
        fi
done
if ! is -d $DATDIR
then
        say $DATDIR is not set up
        INIT=yes
fi
case $INIT in
yes)
        VERBOSE=yes
        say Doing initial setup of $0
        run mkdir -p $DATDIR
esac
run cd $DATDIR

getver () {
        match="[0-9][0-9][0-9][0-9]"
        err="version.err"
        cmd="$1" out="$2" txt="$3"
        if testeval "$cmd 2>$err 1>&2"
        then
                VER=`cat $out | sed "/^$txt\($match\).*$/!d;s//\1/;q"`
                case $VER in
                $match) run rm -f $out $err
                        return
                esac
        fi
        cat $err
        VER=UNKNOWN
        run rm -f $out $err
}

# work out latest dat version
try=$RETRIES
while :
do      getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion="
        VERSION=$VER
        case $VERSION in
        UNKNOWN)
                if ! try=`expr $try - 1`
                then break
                fi
                say Problem with McAfee datfile update from $FTPDIR
                say Sleeping for $INTERVAL seconds before retrying
                sleep $INTERVAL
                ;;
        *)      break
                ;;
        esac
done

# work out installed dat version
getver "uvscan --version" version.err "Virus data file v"
PREVIOUS=$VER

case $FORCE in
yes)    say Forced update from $PREVIOUS
        PREVIOUS=0000
        ;;
*)      if is $VERSION -eq $PREVIOUS
        then    say Already have $VERSION
                run exit 0
        fi
esac

VERBOSE=yes

say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION

if is $VERSION = UNKNOWN
then    say Problem with McAfee datfile update from $FTPDIR
        run exit 1
elif is $VERSION -lt $PREVIOUS
then    say Remote version $VERSION older than installed version $PREVIOUS
        run exit 1
elif is -d $VERSION
then    say Cleaning away $VERSION directory
        run rm -rf $VERSION
fi

retry () {
        echo "$OUT"
        say Fetch or test failed -- removing bad McAfee data files
        run cd $DATDIR
        run rm -rf $VERSION
        if ! try=`expr $try - 1`
        then    say Giving up
                run exit 1
        fi
        say Sleeping for $INTERVAL seconds before retrying
        sleep $INTERVAL
        continue
}

try=$RETRIES
while :
do
        # fetch and extract dat files
        TARFILE=dat-$VERSION.tar
        run mkdir $VERSION
        run cd $VERSION
        run chmod 700 .
        if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
        then retry
        fi
        run tar xvf $TARFILE
        run chmod 644 *
        run chmod 755 .

        # verify the contents
        CMD="uvscan --version --dat ."
        say "> $CMD"
        if ! OUT=`$CMD 2>&1`
        then    retry
        else    break
        fi
done

echo "$OUT"
say Update OK

# show information on this update?
case $README in
yes)    run sed 's/[[:cntrl:]]//g
                1,/^====================/d
                /^====================/,/^NEW VIRUSES DETECTED/d
                /^UNDERSTANDING VIRUS NAMES/,$d
                s/^/# /;/@MM/s/$/ <--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt

# do remaining part of initial setup
case $INIT in
yes)    for file in $DATFILES
        do
                run rm -f $PREFIX/$file
                run ln -s $LINKREL/$file $PREFIX/$file
        done
esac

# update the current version link
run cd $DATDIR
run ln -s $VERSION $VERSION/$LINKNAME
run mv $VERSION/$LINKNAME .

# maybe delete old dat files
case $DELETE in
yes)    run cd $DATDIR
        run rm -rf $PREVIOUS
esac

say Completed OK
run exit 0

# done

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kwang at UCALGARY.CA  Wed Aug 18 20:57:24 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.904.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<br>
Thanks, Tony. This version works.<br>
<br>
Kai<br>
<br>
Tony Finch wrote:<br>
<blockquote type="cite"
 cite="midE1BxVyF-00010y-00@chiark.greenend.org.uk">
  <pre wrap="">Julian Field <a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@ECS.SOTON.AC.UK">&lt;mailscanner@ECS.SOTON.AC.UK&gt;</a> wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Can some other McAfee users comment on this please?
    </pre>
  </blockquote>
  <pre wrap=""><!---->
It's the result of upgrading McAfee in place without removing the old
version first, so mcafee-autoupdate thinks it is already initialized.
The version below should re-initialize itself in this situation.

Tony.
--
f.a.n.finch  <a class="moz-txt-link-rfc2396E" href="mailto:dot@dotat.at">&lt;dot@dotat.at&gt;</a>  <a class="moz-txt-link-freetext" href="http://dotat.at/">http://dotat.at/</a>
MULL OF KINTYRE TO ARDNAMURCHAN POINT: VARIABLE BECOMING NORTH OR NORTHEAST, 3
OR 4. SHOWERS. GOOD. SLIGHT.



#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/conf/build/bin/uvscan-update,v 1.52 2004/08/18 19:12:02 fanf2 Exp $

# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.

# defaults
OPTS=""
PREFIX=/opt/uvscan
FTPDIR=<a class="moz-txt-link-freetext" href="http://download.nai.com/products/datfiles/4.x/nai">http://download.nai.com/products/datfiles/4.x/nai</a>
RETRIES=1
INTERVAL=300

# handle the command line
usage () {
        echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix]"
        echo "  -d      delete old files"
        echo "  -e      get extra.dat"
        echo "  -f      force update"
        echo "  -r      show README"
        echo "  -t      timestamp output"
        echo "  -v      verbose"
        echo "  -R      number of retries"
        echo "  -I      retry interval"
        echo "  proxy   URL of FTP/HTTP proxy server"
        echo "  prefix  uvscan installation directory"
        exit 1
}
case $# in
[012345])
        : ok
        ;;
*)      usage
        ;;
esac
for arg in "$@"
do
        case $arg in
        -I*)    INTERVAL=${arg#-I}
                ;;
        -R*)    RETRIES=${arg#-R}
                ;;
        -*)     OPTS=$arg
                ;;
        /*)     PREFIX=$arg
                ;;
        http:)  ftp_proxy=$arg
                http_proxy=$arg
                export ftp_proxy
                export http_proxy
                ;;
        *)      usage
                ;;
        esac
done
case $OPTS in
*[!-dfrtv]*)
        usage
esac
option () {
        case $OPTS in
        -*$1*)  eval $2=yes
                ;;
        *)      eval $2=no
                ;;
        esac
}
option d DELETE
option e EXTRA
option f FORCE
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes)    VERBOSE=yes
esac

# look for binaries and libraris in plausible places
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
# this is only necessary for broken setups
LD_LIBRARY_PATH=$PREFIX
export PATH LD_LIBRARY_PATH

# where this script finds things
DATDIR=$PREFIX/datfiles
DATFILES="clean.dat extra.dat internet.dat names.dat scan.dat"
LINKNAME=current
LINKREL=datfiles/$LINKNAME

# wrapper functions for echo etc.
timestamp () {
        case $TIME in
        yes)    date "+%Y-%m-%d %H:%M:%S "
        esac
}
say () {
        case $VERBOSE in
        yes)    echo "`timestamp`$*"
        esac
}
run () {
        say "&gt; $*"
        "$@"
}
testeval () {
        # ugly workaround
        say "&gt; $*"
        set +e
        eval "$*"
        ret=$?
        set -e
        return $ret
}
is () {
        test "$@" 2&gt;/dev/null
}
say Starting $0
say DELETE=$DELETE
say FORCE=$FORCE
say README=$README
say TIME=$TIME
say VERBOSE=$VERBOSE
say RETRIES=$RETRIES
say INTERVAL=$INTERVAL
say PROXY=$ftp_proxy
say PREFIX=$PREFIX

# check directory setup is correct
for link in $LINKREL $DATFILES
do
        if ! is -h $PREFIX/$link
        then
                say $PREFIX/$link is not set up
                INIT=yes
        fi
done
if ! is -d $DATDIR
then
        say $DATDIR is not set up
        INIT=yes
fi
case $INIT in
yes)
        VERBOSE=yes
        say Doing initial setup of $0
        run mkdir -p $DATDIR
esac
run cd $DATDIR

getver () {
        match="[0-9][0-9][0-9][0-9]"
        err="version.err"
        cmd="$1" out="$2" txt="$3"
        if testeval "$cmd 2&gt;$err 1&gt;&amp;2"
        then
                VER=`cat $out | sed "/^$txt\($match\).*$/!d;s//\1/;q"`
                case $VER in
                $match) run rm -f $out $err
                        return
                esac
        fi
        cat $err
        VER=UNKNOWN
        run rm -f $out $err
}

# work out latest dat version
try=$RETRIES
while :
do      getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion="
        VERSION=$VER
        case $VERSION in
        UNKNOWN)
                if ! try=`expr $try - 1`
                then break
                fi
                say Problem with McAfee datfile update from $FTPDIR
                say Sleeping for $INTERVAL seconds before retrying
                sleep $INTERVAL
                ;;
        *)      break
                ;;
        esac
done

# work out installed dat version
getver "uvscan --version" version.err "Virus data file v"
PREVIOUS=$VER

case $FORCE in
yes)    say Forced update from $PREVIOUS
        PREVIOUS=0000
        ;;
*)      if is $VERSION -eq $PREVIOUS
        then    say Already have $VERSION
                run exit 0
        fi
esac

VERBOSE=yes

say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION

if is $VERSION = UNKNOWN
then    say Problem with McAfee datfile update from $FTPDIR
        run exit 1
elif is $VERSION -lt $PREVIOUS
then    say Remote version $VERSION older than installed version $PREVIOUS
        run exit 1
elif is -d $VERSION
then    say Cleaning away $VERSION directory
        run rm -rf $VERSION
fi

retry () {
        echo "$OUT"
        say Fetch or test failed -- removing bad McAfee data files
        run cd $DATDIR
        run rm -rf $VERSION
        if ! try=`expr $try - 1`
        then    say Giving up
                run exit 1
        fi
        say Sleeping for $INTERVAL seconds before retrying
        sleep $INTERVAL
        continue
}

try=$RETRIES
while :
do
        # fetch and extract dat files
        TARFILE=dat-$VERSION.tar
        run mkdir $VERSION
        run cd $VERSION
        run chmod 700 .
        if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
        then retry
        fi
        run tar xvf $TARFILE
        run chmod 644 *
        run chmod 755 .

        # verify the contents
        CMD="uvscan --version --dat ."
        say "&gt; $CMD"
        if ! OUT=`$CMD 2&gt;&amp;1`
        then    retry
        else    break
        fi
done

echo "$OUT"
say Update OK

# show information on this update?
case $README in
yes)    run sed 's/[[:cntrl:]]//g
                1,/^====================/d
                /^====================/,/^NEW VIRUSES DETECTED/d
                /^UNDERSTANDING VIRUS NAMES/,$d
                s/^/# /;/@MM/s/$/ &lt;--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt

# do remaining part of initial setup
case $INIT in
yes)    for file in $DATFILES
        do
                run rm -f $PREFIX/$file
                run ln -s $LINKREL/$file $PREFIX/$file
        done
esac

# update the current version link
run cd $DATDIR
run ln -s $VERSION $VERSION/$LINKNAME
run mv $VERSION/$LINKNAME .

# maybe delete old dat files
case $DELETE in
yes)    run cd $DATDIR
        run rm -rf $PREVIOUS
esac

say Completed OK
run exit 0

# done

------------------------ MailScanner list ------------------------
To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a> with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and
the archives (<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).

  </pre>
</blockquote>
</body>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From kwang at UCALGARY.CA  Wed Aug 18 22:28:46 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.905.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<br>
Tony,<br>
<br>
May I suggest that you add the 'run logger -p mail.info
"McAfee-autoupdate[]: McAfee updated to version $VERSION"
2&gt;/dev/null' to the new version?&nbsp; I feel it's important to know when
the new version is installed.<br>
<br>
Kai<br>
<br>
<br>
Tony Finch wrote:<br>
<blockquote type="cite"
 cite="midE1BxVyF-00010y-00@chiark.greenend.org.uk">
  <pre wrap="">Julian Field <a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@ECS.SOTON.AC.UK">&lt;mailscanner@ECS.SOTON.AC.UK&gt;</a> wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Can some other McAfee users comment on this please?
    </pre>
  </blockquote>
  <pre wrap=""><!---->
It's the result of upgrading McAfee in place without removing the old
version first, so mcafee-autoupdate thinks it is already initialized.
The version below should re-initialize itself in this situation.

Tony.
--
f.a.n.finch  <a class="moz-txt-link-rfc2396E" href="mailto:dot@dotat.at">&lt;dot@dotat.at&gt;</a>  <a class="moz-txt-link-freetext" href="http://dotat.at/">http://dotat.at/</a>
MULL OF KINTYRE TO ARDNAMURCHAN POINT: VARIABLE BECOMING NORTH OR NORTHEAST, 3
OR 4. SHOWERS. GOOD. SLIGHT.



#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/conf/build/bin/uvscan-update,v 1.52 2004/08/18 19:12:02 fanf2 Exp $

# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.

# defaults
OPTS=""
PREFIX=/opt/uvscan
FTPDIR=<a class="moz-txt-link-freetext" href="http://download.nai.com/products/datfiles/4.x/nai">http://download.nai.com/products/datfiles/4.x/nai</a>
RETRIES=1
INTERVAL=300

# handle the command line
usage () {
        echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix]"
        echo "  -d      delete old files"
        echo "  -e      get extra.dat"
        echo "  -f      force update"
        echo "  -r      show README"
        echo "  -t      timestamp output"
        echo "  -v      verbose"
        echo "  -R      number of retries"
        echo "  -I      retry interval"
        echo "  proxy   URL of FTP/HTTP proxy server"
        echo "  prefix  uvscan installation directory"
        exit 1
}
case $# in
[012345])
        : ok
        ;;
*)      usage
        ;;
esac
for arg in "$@"
do
        case $arg in
        -I*)    INTERVAL=${arg#-I}
                ;;
        -R*)    RETRIES=${arg#-R}
                ;;
        -*)     OPTS=$arg
                ;;
        /*)     PREFIX=$arg
                ;;
        http:)  ftp_proxy=$arg
                http_proxy=$arg
                export ftp_proxy
                export http_proxy
                ;;
        *)      usage
                ;;
        esac
done
case $OPTS in
*[!-dfrtv]*)
        usage
esac
option () {
        case $OPTS in
        -*$1*)  eval $2=yes
                ;;
        *)      eval $2=no
                ;;
        esac
}
option d DELETE
option e EXTRA
option f FORCE
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes)    VERBOSE=yes
esac

# look for binaries and libraris in plausible places
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
# this is only necessary for broken setups
LD_LIBRARY_PATH=$PREFIX
export PATH LD_LIBRARY_PATH

# where this script finds things
DATDIR=$PREFIX/datfiles
DATFILES="clean.dat extra.dat internet.dat names.dat scan.dat"
LINKNAME=current
LINKREL=datfiles/$LINKNAME

# wrapper functions for echo etc.
timestamp () {
        case $TIME in
        yes)    date "+%Y-%m-%d %H:%M:%S "
        esac
}
say () {
        case $VERBOSE in
        yes)    echo "`timestamp`$*"
        esac
}
run () {
        say "&gt; $*"
        "$@"
}
testeval () {
        # ugly workaround
        say "&gt; $*"
        set +e
        eval "$*"
        ret=$?
        set -e
        return $ret
}
is () {
        test "$@" 2&gt;/dev/null
}
say Starting $0
say DELETE=$DELETE
say FORCE=$FORCE
say README=$README
say TIME=$TIME
say VERBOSE=$VERBOSE
say RETRIES=$RETRIES
say INTERVAL=$INTERVAL
say PROXY=$ftp_proxy
say PREFIX=$PREFIX

# check directory setup is correct
for link in $LINKREL $DATFILES
do
        if ! is -h $PREFIX/$link
        then
                say $PREFIX/$link is not set up
                INIT=yes
        fi
done
if ! is -d $DATDIR
then
        say $DATDIR is not set up
        INIT=yes
fi
case $INIT in
yes)
        VERBOSE=yes
        say Doing initial setup of $0
        run mkdir -p $DATDIR
esac
run cd $DATDIR

getver () {
        match="[0-9][0-9][0-9][0-9]"
        err="version.err"
        cmd="$1" out="$2" txt="$3"
        if testeval "$cmd 2&gt;$err 1&gt;&amp;2"
        then
                VER=`cat $out | sed "/^$txt\($match\).*$/!d;s//\1/;q"`
                case $VER in
                $match) run rm -f $out $err
                        return
                esac
        fi
        cat $err
        VER=UNKNOWN
        run rm -f $out $err
}

# work out latest dat version
try=$RETRIES
while :
do      getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion="
        VERSION=$VER
        case $VERSION in
        UNKNOWN)
                if ! try=`expr $try - 1`
                then break
                fi
                say Problem with McAfee datfile update from $FTPDIR
                say Sleeping for $INTERVAL seconds before retrying
                sleep $INTERVAL
                ;;
        *)      break
                ;;
        esac
done

# work out installed dat version
getver "uvscan --version" version.err "Virus data file v"
PREVIOUS=$VER

case $FORCE in
yes)    say Forced update from $PREVIOUS
        PREVIOUS=0000
        ;;
*)      if is $VERSION -eq $PREVIOUS
        then    say Already have $VERSION
                run exit 0
        fi
esac

VERBOSE=yes

say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION

if is $VERSION = UNKNOWN
then    say Problem with McAfee datfile update from $FTPDIR
        run exit 1
elif is $VERSION -lt $PREVIOUS
then    say Remote version $VERSION older than installed version $PREVIOUS
        run exit 1
elif is -d $VERSION
then    say Cleaning away $VERSION directory
        run rm -rf $VERSION
fi

retry () {
        echo "$OUT"
        say Fetch or test failed -- removing bad McAfee data files
        run cd $DATDIR
        run rm -rf $VERSION
        if ! try=`expr $try - 1`
        then    say Giving up
                run exit 1
        fi
        say Sleeping for $INTERVAL seconds before retrying
        sleep $INTERVAL
        continue
}

try=$RETRIES
while :
do
        # fetch and extract dat files
        TARFILE=dat-$VERSION.tar
        run mkdir $VERSION
        run cd $VERSION
        run chmod 700 .
        if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
        then retry
        fi
        run tar xvf $TARFILE
        run chmod 644 *
        run chmod 755 .

        # verify the contents
        CMD="uvscan --version --dat ."
        say "&gt; $CMD"
        if ! OUT=`$CMD 2&gt;&amp;1`
        then    retry
        else    break
        fi
done

echo "$OUT"
say Update OK

# show information on this update?
case $README in
yes)    run sed 's/[[:cntrl:]]//g
                1,/^====================/d
                /^====================/,/^NEW VIRUSES DETECTED/d
                /^UNDERSTANDING VIRUS NAMES/,$d
                s/^/# /;/@MM/s/$/ &lt;--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt

# do remaining part of initial setup
case $INIT in
yes)    for file in $DATFILES
        do
                run rm -f $PREFIX/$file
                run ln -s $LINKREL/$file $PREFIX/$file
        done
esac

# update the current version link
run cd $DATDIR
run ln -s $VERSION $VERSION/$LINKNAME
run mv $VERSION/$LINKNAME .

# maybe delete old dat files
case $DELETE in
yes)    run cd $DATDIR
        run rm -rf $PREVIOUS
esac

say Completed OK
run exit 0

# done

------------------------ MailScanner list ------------------------
To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a> with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and
the archives (<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).

  </pre>
</blockquote>
</body>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Aug 18 23:36:23 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:36 2006
Subject: Deliver filenamed-checked not virus
Message-ID: <mailman.906.1137101196.24926.mailscanner@lists.mailscanner.info>

Sounds fine
--

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris at scorpion.nl  Thu Aug 19 00:25:40 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:36 2006
Subject: "autolearn=" missing keyword.
Message-ID: <mailman.907.1137101196.24926.mailscanner@lists.mailscanner.info>

Hi all !

I think this has been mentioned before on the list, but I could not find it
in the archive:

---
Aug 19 01:16:26 fedora MailScanner[18614]: Message 1BxZfF-0004sD-C0 from
130.161.131.5 (fmijinkb@qmail.cz) to blackhole.jvb.tudelft.nl is spam,
SpamAssassin (score=39.505, required 5, autolearn=, AWL 1.51,
FORGED_RCVD_HELO 0.05, HTML_20_30 0.50, HTML_IMAGE_ONLY_16 1.28,
HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.10, INVALID_TZ_CST 0.07,
LONGWORDS 2.26, MIME_BOUND_DD_DIGITS 4.23, MIME_HTML_ONLY 1.16,
MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 1.50, RAZOR2_CF_RANGE_51_100 1.49,
RAZOR2_CHECK 0.15, RCVD_IN_DSBL 2.77, RCVD_IN_NJABL_DUL 1.66,
RCVD_IN_NJABL_PROXY 1.03, RCVD_IN_SORBS_DUL 0.14, ROUND_THE_WORLD_LOCAL
0.46, UNIQUE_WORDS 2.55, URIBL_AB_SURBL 2.01, URIBL_OB_SURBL 2.00, URIBL_SBL
0.63, URIBL_SC_SURBL 3.90, URIBL_WS_SURBL 3.90, X_MESSAGE_INFO 4.19)

Aug 19 01:16:28 fedora MailScanner[18609]: Message 1BxZfJ-0004sI-6d from
130.161.131.5 (fmijinkb@qmail.cz) to blackhole.jvb.tudelft.nl is spam,
SpamAssassin (score=39.127, required 5, autolearn=, AWL 1.13,
FORGED_RCVD_HELO 0.05, HTML_20_30 0.50, HTML_IMAGE_ONLY_16 1.28,
HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.10, INVALID_TZ_CST 0.07,
LONGWORDS 2.26, MIME_BOUND_DD_DIGITS 4.23, MIME_HTML_ONLY 1.16,
MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 1.50, RAZOR2_CF_RANGE_51_100 1.49,
RAZOR2_CHECK 0.15, RCVD_IN_DSBL 2.77, RCVD_IN_NJABL_DUL 1.66,
RCVD_IN_NJABL_PROXY 1.03, RCVD_IN_SORBS_DUL 0.14, ROUND_THE_WORLD_LOCAL
0.46, UNIQUE_WORDS 2.55, URIBL_AB_SURBL 2.01, URIBL_OB_SURBL 2.00, URIBL_SBL
0.63, URIBL_SC_SURBL 3.90, URIBL_WS_SURBL 3.90, X_MESSAGE_INFO 4.19)
---

Why does mailscanner not report autolearn=spam|ham|no ?

bye,
Chris

---[ MS Version info ]---
[root@fedora ~]# MailScanner -V
This is Perl version 5.008003
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.21    IO
1.10    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.07    POSIX
1.76    Socket
0.04    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
3.000000        Mail::SpamAssassin
0.31    Net::LDAP
missing SAVI
0.11    Mail::ClamAV
[root@fedora ~]#

---[ Bayes info ]---
[root@fedora /var/spool/spamassassin]# ls -al
total 2060
drwxr-xr-x   2 exim root    4096 Aug 19 01:16 .
drwxr-xr-x  21 root root    4096 Aug 17 14:18 ..
-rw-------   1 exim exim       6 Aug 19 01:16 bayes.mutex
-rw-------   1 exim exim   90112 Aug 19 01:16 bayes_seen
-rw-------   1 exim exim 2605056 Aug 19 01:16 bayes_toks
[root@fedora /var/spool/spamassassin]#

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 03:00:24 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.908.1137101196.24926.mailscanner@lists.mailscanner.info>

Hi all,

I'm installing MS with sendmail in a client and i'm having some
problems. When a message came with a blocked attachment the user don't
receive the stored.filename.message.txt file.

I'm using MS 4.31.6 in a Debian sarge environment.



The log follows:

Aug 18 22:31:03 msmachine sm-mta[7040]: i7J1UNBC007040:
from=<eduardo_simpsom_rj@yahoo.com.br>, size=282816, class=0, nrcpts=1,
msgid=<1092879007.4182.4.camel@xxx.xxx.xxx>, proto=SMTP, daemon=MTA,
relay=200165128064.user.veloxzone.com.br [200.165.128.64]

Aug 18 22:31:03 msmachine sm-mta[7040]: i7J1UNBC007040:
to=<localaddress@client.domain.com>, delay=00:00:39, mailer=smtp,
pri=312816, stat=queued

Aug 18 22:31:03 msmachine MailScanner[7043]: New Batch: Scanning 1
messages, 283372 bytes
Aug 18 22:31:03 msmachine MailScanner[7043]: Spam Checks: Starting
Aug 18 22:31:06 msmachine MailScanner[7044]: Using locktype = flock
Aug 18 22:31:14 msmachine MailScanner[7043]: Virus and Content Scanning:
Starting
Aug 18 22:31:14 msmachine MailScanner[7043]: Filename Checks:
Windows/DOS Executable (i7J1UNBC007040 alcupd.exe)

Aug 18 22:31:14 msmachine MailScanner[7043]: Filename Checks: Allowing
i7J1UNBC007040 msg-7043-1.txt

Aug 18 22:31:14 msmachine MailScanner[7043]: Other Checks: Found 1
problems
Aug 18 22:31:14 msmachine MailScanner[7043]: Saved entire message
to /var/spool/MailScanner/quarantine/20040818/i7J1UNBC007040

Aug 18 22:31:14 msmachine MailScanner[7043]: Saved infected "alcupd.exe"
to /var/spool/MailScanner/quarantine/20040818/i7J1UNBC007040

Aug 18 22:31:14 msmachine sendmail[7050]: i7J1VEno007050:
from=postmaster, size=974, class=0, nrcpts=1,
msgid=<200408190131.i7J1VEno007050@msmachine.client.domain.com>,
relay=root@localhost

Aug 18 22:31:14 msmachine sendmail[7050]: STARTTLS=client, relay=
[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-
SHA, bits=256/256
Aug 18 22:31:14 msmachine sm-mta[7051]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3,
verify=NOT, cipher=DHE-RSA-AES256-SHA, bits=256/256

Aug 18 22:31:14 msmachine sm-mta[7051]: i7J1VEKY007051:
from=<postmaster@msmachine.disec.com.br>, size=1273, class=0, nrcpts=1,
msgid=<200408190131.i7J1VEno007050@msmachine.client.domain.com>,
proto=ESMTP, daemon=MSA, relay=localhost.localdomain [127.0.0.1]

Aug 18 22:31:14 msmachine sendmail[7050]: i7J1VEno007050: to=postmaster,
delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30974, relay=
[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (i7J1VEKY007051 Message
accepted for delivery)

Aug 18 22:31:14 msmachine MailScanner[7043]: Notices: Warned about 1
messages
Aug 18 22:31:14 msmachine MailScanner[7043]: New Batch: Scanning 1
messages, 1896 bytes
Aug 18 22:31:14 msmachine MailScanner[7043]: Spam Checks: Starting
Aug 18 22:31:29 msmachine MailScanner[7043]: Virus and Content Scanning:
Starting
Aug 18 22:31:29 msmachine MailScanner[7043]: Filename Checks: Allowing
i7J1VEKY007051 msg-7043-2.txt
Aug 18 22:31:29 msmachine MailScanner[7043]: Uninfected: Delivered 1
messages

Aug 18 22:31:29 msmachine sendmail[7058]: i7J1VEKY007051: to=root,
delay=00:00:15, xdelay=00:00:00, mailer=local, pri=121273, dsn=2.0.0,
stat=Sent



As you can see the message cames to the msmachine with an .exe
attachment and is correctly detected by MS, but after the checks the
message goes to quarantine and a notice to the sysadmin (postmaster in
localhost) is sent. And no notification to the user is sent at all.

Can anyone help me eith this?

Thanks.

Best regards,
--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Thu Aug 19 07:19:08 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.909.1137101196.24926.mailscanner@lists.mailscanner.info>

Julian,

> initialized. The version below should re-initialize itself in this
> situation. 

Will you put this in the next distribution? Otherwise I would patch it into the FreeBSD port.

Regards,
 JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From m.althoff at BROMBERG.XS4ALL.NL  Thu Aug 19 08:04:02 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:36 2006
Subject: double message
Message-ID: <mailman.910.1137101196.24926.mailscanner@lists.mailscanner.info>

==============================================================

>From ***********  Thu Aug 19 00:11:24 2004
Return-Path: <***********>
Received: from AutoTURN (net3-nl-mail-07.ad.vevida.net [213.19.161.178])
        by *********** (8.12.10/8.12.10) with ESMTP id i7IMARKX004234
        for <***********>; Thu, 19 Aug 2004 00:11:19 +0200
Received: (qmail 8300 invoked by uid 0); 18 Aug 2004 22:10:10 -0000
Received: from smtp06.wanadoo.nl (194.134.35.146)
  by net3-nl-mail-04.ad.vevida.net with SMTP; 18 Aug 2004 22:10:10 -0000
Received: from *********** [***********])
        by smtp6.wanadoo.nl (Postfix) with SMTP id E3C7A14DD2
        for <***********>; Thu, 19 Aug 2004 00:10:06 +0200 (CEST)
Message-ID: <000701c48570$2321b720$9700000a@amd2600plus>
From: "***********" <***********>
To: "***********" <***********>
References: <000801c483de$5f526430$9700000a@amd2600plus>
            <000a01c48542$dc63f2d0$1e0a0a0a@driemstijn>
Subject: Re: vijver
Date: Thu, 19 Aug 2004 00:10:14 +0200
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Spam-Status: No, hits=0.8 required=5.0, tests=MY_DSL, version=2.64
X-AlthoffCentral-MailScanner-Information: for policy see
http://www.althoffcentral.com/policy
X-AlthoffCentral-MailScanner: Found to be clean
X-AlthoffCentral-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
        required 6)
X-MailScanner-From: ***********

==============================================================

>From ***********  Thu Aug 19 00:11:24 2004
Return-Path: <***********>
Received: from AutoTURN (net3-nl-mail-04.ad.vevida.net [213.19.161.175])
        by *********** (8.12.10/8.12.10) with ESMTP id i7IMARKX004233
        for <***********>; Thu, 19 Aug 2004 00:11:19 +0200
Received: (qmail 8300 invoked by uid 0); 18 Aug 2004 22:10:10 -0000
Received: from smtp06.wanadoo.nl (194.134.35.146)
  by net3-nl-mail-04.ad.vevida.net with SMTP; 18 Aug 2004 22:10:10 -0000
Received: from *********** [***********])
        by smtp6.wanadoo.nl (Postfix) with SMTP id E3C7A14DD2
        for <***********>; Thu, 19 Aug 2004 00:10:06 +0200 (CEST)
Message-ID: <000701c48570$2321b720$9700000a@amd2600plus>
From: "***********" <***********>
To: "***********" <***********m>
References: <000801c483de$5f526430$9700000a@amd2600plus>
            <000a01c48542$dc63f2d0$1e0a0a0a@driemstijn>
Subject: Re: vijver
Date: Thu, 19 Aug 2004 00:10:14 +0200
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Spam-Status: No, hits=0.8 required=5.0, tests=MY_DSL, version=2.64
X-AlthoffCentral-MailScanner-Information: for policy see
http://www.althoffcentral.com/policy
X-AlthoffCentral-MailScanner: Found to be clean
X-AlthoffCentral-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
        required 6)
X-MailScanner-From: ***********

==============================================================

Aug 19 00:11:19 ****** sendmail[4233]: i7IMARKX004233: from=<********l>,
size=2103, class=0, nrcpts=1, msgid=<000701c48570$2321b720
$9700000a@amd2600plus>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-04.ad.vevida.net
[213.19.161.175]

Aug 19 00:11:19 ****** sendmail[4234]: i7IMARKX004234: from=<********>,
size=2103, class=0, nrcpts=1, msgid=<000701c48570$2321b720
$9700000a@amd2600plus>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-07.ad.vevida.net
[213.19.161.178]

Aug 19 00:11:24 ****** sendmail[4248]: i7IMARKX004234: to=<*************>,
delay=00:00:05, xdelay=00:00:00, mailer=local, pri=122103, dsn=2.0.0,
stat=Sent

Aug 19 00:11:25 ****** sendmail[4248]: i7IMARKX004233: to=<*************>,
delay=00:00:06, xdelay=00:00:01, mailer=local, pri=122103, dsn=2.0.0,
stat=Sent


==============================================================

$ sendmail -bt -d0.10 < /dev/null | head -n 10

Version 8.12.10
 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
                NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS
TCPWRAPPERS
                USERDB USE_LDAP_INIT
    OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASFLOCK
                HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
                HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
                HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
                HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC

==============================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 09:14:16 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.911.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
If you leave it alone, you will find it works just fine. You don't need to
go editing my code :-)

At 19:36 18/08/2004, you wrote:
>Hi All,
>
>Does mailscanner use clamscan with options(clamscan -m) or does this need to
>be put in the clamscan wrapper file ?
>
>/usr/local/libexec/MailScanner/clamav-wrapper
>ScanOptions="-m"
>
>or even if I was to use vexira
>ScanOptions="--scan-in-mbox"
>
>FreeBSD 5.2.1
>MailScanner-4.31.6
>
>Thanks
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today - it's FREE!
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 09:18:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.912.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This will be in the next release.

At 20:19 18/08/2004, you wrote:
>Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
> >Can some other McAfee users comment on this please?
>
>It's the result of upgrading McAfee in place without removing the old
>version first, so mcafee-autoupdate thinks it is already initialized.
>The version below should re-initialize itself in this situation.
>
>Tony.
>--
>f.a.n.finch  <dot@dotat.at>  http://dotat.at/
>MULL OF KINTYRE TO ARDNAMURCHAN POINT: VARIABLE BECOMING NORTH OR NORTHEAST, 3
>OR 4. SHOWERS. GOOD. SLIGHT.
>
>
>
>#!/bin/sh -e

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 09:20:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: double message
Message-ID: <mailman.913.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Change to
Lock Type = posix
as you have built sendmail without flock() support.

At 08:04 19/08/2004, you wrote:
>==============================================================
>
> >From ***********  Thu Aug 19 00:11:24 2004
>Return-Path: <***********>
>Received: from AutoTURN (net3-nl-mail-07.ad.vevida.net [213.19.161.178])
>         by *********** (8.12.10/8.12.10) with ESMTP id i7IMARKX004234
>         for <***********>; Thu, 19 Aug 2004 00:11:19 +0200
>Received: (qmail 8300 invoked by uid 0); 18 Aug 2004 22:10:10 -0000
>Received: from smtp06.wanadoo.nl (194.134.35.146)
>   by net3-nl-mail-04.ad.vevida.net with SMTP; 18 Aug 2004 22:10:10 -0000
>Received: from *********** [***********])
>         by smtp6.wanadoo.nl (Postfix) with SMTP id E3C7A14DD2
>         for <***********>; Thu, 19 Aug 2004 00:10:06 +0200 (CEST)
>Message-ID: <000701c48570$2321b720$9700000a@amd2600plus>
>From: "***********" <***********>
>To: "***********" <***********>
>References: <000801c483de$5f526430$9700000a@amd2600plus>
>             <000a01c48542$dc63f2d0$1e0a0a0a@driemstijn>
>Subject: Re: vijver
>Date: Thu, 19 Aug 2004 00:10:14 +0200
>MIME-Version: 1.0
>Content-Type: text/plain;
>         charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1437
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
>X-Spam-Status: No, hits=0.8 required=5.0, tests=MY_DSL, version=2.64
>X-AlthoffCentral-MailScanner-Information: for policy see
>http://www.althoffcentral.com/policy
>X-AlthoffCentral-MailScanner: Found to be clean
>X-AlthoffCentral-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
>         required 6)
>X-MailScanner-From: ***********
>
>==============================================================
>
> >From ***********  Thu Aug 19 00:11:24 2004
>Return-Path: <***********>
>Received: from AutoTURN (net3-nl-mail-04.ad.vevida.net [213.19.161.175])
>         by *********** (8.12.10/8.12.10) with ESMTP id i7IMARKX004233
>         for <***********>; Thu, 19 Aug 2004 00:11:19 +0200
>Received: (qmail 8300 invoked by uid 0); 18 Aug 2004 22:10:10 -0000
>Received: from smtp06.wanadoo.nl (194.134.35.146)
>   by net3-nl-mail-04.ad.vevida.net with SMTP; 18 Aug 2004 22:10:10 -0000
>Received: from *********** [***********])
>         by smtp6.wanadoo.nl (Postfix) with SMTP id E3C7A14DD2
>         for <***********>; Thu, 19 Aug 2004 00:10:06 +0200 (CEST)
>Message-ID: <000701c48570$2321b720$9700000a@amd2600plus>
>From: "***********" <***********>
>To: "***********" <***********m>
>References: <000801c483de$5f526430$9700000a@amd2600plus>
>             <000a01c48542$dc63f2d0$1e0a0a0a@driemstijn>
>Subject: Re: vijver
>Date: Thu, 19 Aug 2004 00:10:14 +0200
>MIME-Version: 1.0
>Content-Type: text/plain;
>         charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1437
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
>X-Spam-Status: No, hits=0.8 required=5.0, tests=MY_DSL, version=2.64
>X-AlthoffCentral-MailScanner-Information: for policy see
>http://www.althoffcentral.com/policy
>X-AlthoffCentral-MailScanner: Found to be clean
>X-AlthoffCentral-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
>         required 6)
>X-MailScanner-From: ***********
>
>==============================================================
>
>Aug 19 00:11:19 ****** sendmail[4233]: i7IMARKX004233: from=<********l>,
>size=2103, class=0, nrcpts=1, msgid=<000701c48570$2321b720
>$9700000a@amd2600plus>,
>proto=ESMTP, daemon=MTA, relay=net3-nl-mail-04.ad.vevida.net
>[213.19.161.175]
>
>Aug 19 00:11:19 ****** sendmail[4234]: i7IMARKX004234: from=<********>,
>size=2103, class=0, nrcpts=1, msgid=<000701c48570$2321b720
>$9700000a@amd2600plus>,
>proto=ESMTP, daemon=MTA, relay=net3-nl-mail-07.ad.vevida.net
>[213.19.161.178]
>
>Aug 19 00:11:24 ****** sendmail[4248]: i7IMARKX004234: to=<*************>,
>delay=00:00:05, xdelay=00:00:00, mailer=local, pri=122103, dsn=2.0.0,
>stat=Sent
>
>Aug 19 00:11:25 ****** sendmail[4248]: i7IMARKX004233: to=<*************>,
>delay=00:00:06, xdelay=00:00:01, mailer=local, pri=122103, dsn=2.0.0,
>stat=Sent
>
>
>==============================================================
>
>$ sendmail -bt -d0.10 < /dev/null | head -n 10
>
>Version 8.12.10
>  Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>                 MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
>NETINET6
>                 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS
>TCPWRAPPERS
>                 USERDB USE_LDAP_INIT
>     OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASFLOCK
>                 HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
>                 HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
>                 HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
>                 HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
>
>==============================================================
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.sapsed at BANGOR.AC.UK  Thu Aug 19 09:47:39 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:36 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.914.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> At 19:36 18/08/2004, you wrote:
>> Does mailscanner use clamscan with options(clamscan -m) or does this
>> need to
>> be put in the clamscan wrapper file ?
>>
>> /usr/local/libexec/MailScanner/clamav-wrapper
>> ScanOptions="-m"
>>
>> or even if I was to use vexira
>> ScanOptions="--scan-in-mbox" >
 >
 > If you leave it alone, you will find it works just fine. You don't
need to
 > go editing my code :-)

As an aside to this, can I ask why the virus scanner options are all
bundled together in SweepViruses.pm? I sometimes use the sophos-wrapper
as a way of checking whether recent updates detect things that got
missed before the update was released (if that makes sense!) However, I
realised the other day that by default, sophos-wrapper doesn't check in
zip files for example, whereas when it's called by SweepViruses it's
given the options to open archives.

It's not a big deal - just wondered whether keeping all the a-v specific
stuff in a file specific to that a-v might make more sense that having
it spread about?

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 09:58:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.915.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:47 19/08/2004, you wrote:
>As an aside to this, can I ask why the virus scanner options are all
>bundled together in SweepViruses.pm? I sometimes use the sophos-wrapper
>as a way of checking whether recent updates detect things that got
>missed before the update was released (if that makes sense!) However, I
>realised the other day that by default, sophos-wrapper doesn't check in
>zip files for example, whereas when it's called by SweepViruses it's
>given the options to open archives.
>
>It's not a big deal - just wondered whether keeping all the a-v specific
>stuff in a file specific to that a-v might make more sense that having
>it spread about?

It is a little more complicated than that. In order to support
disinfection, you have to have 3 lists of options for each scanner:
1) Those that are for scanning only
2) Those that are for disinfection only
3) Those that are common to both uses

so you can't just have 1 list in the -wrapper.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Thu Aug 19 09:58:28 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:36 2006
Subject: double message
Message-ID: <mailman.916.1137101196.24926.mailscanner@lists.mailscanner.info>

On Thu, 19 Aug 2004 09:20:45 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>Change to
>Lock Type = posix
>as you have built sendmail without flock() support.

Please ee my second message I had set "Lock Type = posix" the first couple
of message come in fine but after a few "service MailScanner restart"
commands the problem comes back. I have set it to posix back again and see
for a day what will happen.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From m.althoff at BROMBERG.XS4ALL.NL  Thu Aug 19 10:05:00 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:36 2006
Subject: double message
Message-ID: <mailman.917.1137101196.24926.mailscanner@lists.mailscanner.info>

Changed to posix and issued a service MasilScanner restrart,
this looks like it should be?

sendmail[17981]: alias database /etc/aliases rebuilt by postman
sendmail[17981]: /etc/aliases: 73 aliases, longest 49 bytes,
                 1218 bytes total
sendmail[18010]: starting daemon (8.12.10): SMTP
sm-msp-queue[18017]: starting daemon (8.12.10): queueing@00:15:00
sendmail[18025]: starting daemon (8.12.10): queueing@00:15:00
MailScanner[18047]: MailScanner E-Mail Virus Scanner version
                    4.32.5 starting...
MailScanner[18047]: Using locktype = posix
MailScanner[18047]: Creating hardcoded struct_flock subroutine
                    for linux (Linux-type)
MailScanner[18048]: MailScanner E-Mail Virus Scanner version
                    4.32.5 starting...
MailScanner[18048]: Using locktype = posix
MailScanner[18048]: Creating hardcoded struct_flock subroutine
                    for linux (Linux-type)
MailScanner[18049]: MailScanner E-Mail Virus Scanner version
                    4.32.5 starting...
MailScanner[18049]: Using locktype = posix
MailScanner[18049]: Creating hardcoded struct_flock subroutine
                    for linux (Linux-type)
MailScanner[18052]: MailScanner E-Mail Virus Scanner version
                    4.32.5 starting...
MailScanner[18052]: Using locktype = posix
MailScanner[18052]: Creating hardcoded struct_flock subroutine
for linux (Linux-type)
MailScanner[18053]: MailScanner E-Mail Virus Scanner version
                    4.32.5 starting...
MailScanner[18053]: Using locktype = posix
MailScanner[18053]: Creating hardcoded struct_flock subroutine
                    for linux (Linux-type)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Aug 19 15:43:47 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.918.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:00 PM 8/18/2004, Eduardo Almeida wrote:
>As you can see the message cames to the msmachine with an .exe
>attachment and is correctly detected by MS, but after the checks the
>message goes to quarantine and a notice to the sysadmin (postmaster in
>localhost) is sent. And no notification to the user is sent at all.
>
>Can anyone help me eith this?

What are your relevant Mailscanner.conf settings set to?  is "Quarantine
Whole Message" set to "yes"?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 15:56:41 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.919.1137101196.24926.mailscanner@lists.mailscanner.info>

The MailScanner.conf settings are set to the following:

Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
Stored Bad Content Message Report  = %report-dir
%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir
%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir
%/stored.virus.message.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = no
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1


The %report-dir% and %org-name% variables are set and the %report-dir
points to a valid and existing path.


On Qui, 2004-08-19 at 10:43 -0400, Matt Kettler wrote:
> At 10:00 PM 8/18/2004, Eduardo Almeida wrote:
> >As you can see the message cames to the msmachine with an .exe
> >attachment and is correctly detected by MS, but after the checks the
> >message goes to quarantine and a notice to the sysadmin (postmaster in
> >localhost) is sent. And no notification to the user is sent at all.
> >
> >Can anyone help me eith this?
>
> What are your relevant Mailscanner.conf settings set to?  is "Quarantine
> Whole Message" set to "yes"?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Aug 19 16:04:15 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.920.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:56 AM 8/19/2004, Eduardo Almeida wrote:
>Quarantine Infections = yes
>Quarantine Silent Viruses = no
>Quarantine Whole Message = yes
>Quarantine Whole Messages As Queue Files = yes

Hmm, I suspect there's your setting... when MailScanner quarantines the
whole message, there's no message to the recipient left.

Normally, MS just yanks the infected attachment, and adds the warning, and
sends the message along.

Someone more knowledgable than me can possibly step in and correct me, but
I don't think there's a setting that changes this. It's almost like you'd
need a "notify recipients of quarantined messages" option.

However, that seems a bit silly.. if you're going to notify them, why
quarantine the whole message? Why not just quarantine the dangerous parts
and let the rest through?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Thu Aug 19 16:07:03 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:36 2006
Subject: Not able to get all mail archived to a file
Message-ID: <mailman.921.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have set this option but its not working

Archive Mail = /tmp/foobar

touch /tmp/foobar
chmod 666 /tmp/foobar

Strange I had this working at one point.

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 16:18:05 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.922.1137101196.24926.mailscanner@lists.mailscanner.info>

This configuration always worked in RedHat. But we're migrating to
Debian and this is happening in all machines. I quarantine the whole
message to be able to resend the message without efforts. The only thing
to do is copy the message files to /var/spool/mqueue.


On Qui, 2004-08-19 at 11:04 -0400, Matt Kettler wrote:
> At 10:56 AM 8/19/2004, Eduardo Almeida wrote:
> >Quarantine Infections = yes
> >Quarantine Silent Viruses = no
> >Quarantine Whole Message = yes
> >Quarantine Whole Messages As Queue Files = yes
>
> Hmm, I suspect there's your setting... when MailScanner quarantines the
> whole message, there's no message to the recipient left.
>
> Normally, MS just yanks the infected attachment, and adds the warning, and
> sends the message along.
>
> Someone more knowledgable than me can possibly step in and correct me, but
> I don't think there's a setting that changes this. It's almost like you'd
> need a "notify recipients of quarantined messages" option.
>
> However, that seems a bit silly.. if you're going to notify them, why
> quarantine the whole message? Why not just quarantine the dangerous parts
> and let the rest through?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 16:21:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.923.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:04 19/08/2004, you wrote:
>At 10:56 AM 8/19/2004, Eduardo Almeida wrote:
>>Quarantine Infections = yes
>>Quarantine Silent Viruses = no
>>Quarantine Whole Message = yes
>>Quarantine Whole Messages As Queue Files = yes
>
>Hmm, I suspect there's your setting... when MailScanner quarantines the
>whole message, there's no message to the recipient left.
>
>Normally, MS just yanks the infected attachment, and adds the warning, and
>sends the message along.

Storing things in quarantine has no effect on what is sent to users.
What are
Deliver Cleaned Messages
and any settings including the word "Silent"
set to?


>Someone more knowledgable than me can possibly step in and correct me, but
>I don't think there's a setting that changes this. It's almost like you'd
>need a "notify recipients of quarantined messages" option.
>
>However, that seems a bit silly.. if you're going to notify them, why
>quarantine the whole message? Why not just quarantine the dangerous parts
>and let the rest through?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Thu Aug 19 16:26:09 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:36 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.924.1137101196.24926.mailscanner@lists.mailscanner.info>

HI
Sorry to bother you but after 2 hoours on the net and complaint from
usersyou are my last resort before a downgrade of sendmail
Running Fedora C2 with sendmail sendmail-8.12.11-4.6

Im getting loads of this in my log and cant figure out why:
Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
host-207-254-243-131.classicnet.net [207.254.243.131] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA

If it only was spam senders I wouldnt mind but even companies that I would
excpect to have a correct MTA get it. We still managed to recieve about 7000
mail today so Im very confused who to blame. I cant figure out if its me or
fedora c2 thats screwed or if its some of the companies that dont follow
some RFC....

I cant find anything to help me on the web so if anyone got a clue pls help
or I just have to downgrade my sendmail

/Anders

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BULLETWEB.NET  Thu Aug 19 16:34:38 2004
From: mailscanner at BULLETWEB.NET (David Scott)
Date: Thu Jan 12 21:26:36 2006
Subject: Mail is being delivered to the wrong person
Message-ID: <mailman.925.1137101196.24926.mailscanner@lists.mailscanner.info>

I have a strange thing happening. Since installing MS, I am getting calls
from my customers telling me they are getting mail for people who are not
them. These seem to have a pattern.

monicaa is getting monicam's mail
johnd is getting johndw's mail.

What can I do to correct this?

Thanks,
David Scott

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ccampbell at BRUEGGERS.COM  Thu Aug 19 16:45:39 2004
From: ccampbell at BRUEGGERS.COM (Christian Campbell)
Date: Thu Jan 12 21:26:36 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.926.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash: 
SHA1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I am looking to NOT scan an email from a specific 
address.&nbsp; I<BR>found the correct FAQ that addresses this, but I'm having a 
hard<BR>time understanding it due to the formatting of the text, and 
I'm<BR>simply not "getting it".&nbsp; Could someone please help me?&nbsp; 
Here's<BR>the link to the FAQ I'm looking at:<BR><A 
href="http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/244.html">http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/244.html</A></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>If I want to NOT scan an email from <A 
href="mailto:user@domain.tld">user@domain.tld</A>, how do I<BR>config?&nbsp; <A 
href="mailto:user@domain.tld">user@domain.tld</A> is sending an HTML email with 
a form<BR>that needs to be delivered (with the form intact) for 
legitimate<BR>business purposes.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks in advance,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Christian</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Christian Campbell <BR>Systems Engineer 
<BR>Bruegger's Enterprises <BR>Desk: 802-652-9270 <BR>Cell: 802-734-5023 
<BR>Fax: 802-660-4034 <BR>Email: ccampbell at brueggers dot com </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>PGP Public Key available via PGP keyservers <BR>or 
<A 
href="http://www2.brueggers.com/pgp/ccampbell.html">http://www2.brueggers.com/pgp/ccampbell.html</A> 
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>"We all know Linux is great... <BR>It does infinite 
loops in 5 seconds." <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
-Linus Torvalds </FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=Arial size=2>
<DIV><BR>-----BEGIN PGP SIGNATURE-----<BR>Version: GnuPG v1.2.3-nr1 (Windows XP) 
- GPGshell v3.10</DIV>
<DIV>&nbsp;</DIV>
<DIV>iD8DBQFBJMzcbedHH5VEUwcRAnkJAJ92Y/u/+MxiFwvMZk+5gc0UB3mHoQCeM6pD<BR>KnO8FrYdnUgZJ9Lak8qMe48=<BR>=5DRf<BR>-----END 
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 17:07:42 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.927.1137101196.24926.mailscanner@lists.mailscanner.info>

Thanks Julian,

The problem was the Deliver Cleaned Messages. My client asked me to not
send any cleaned or disinfected message. The comments in the conffile
should include this, don't you think?

On Qui, 2004-08-19 at 16:21 +0100, Julian Field wrote:
> What are
> Deliver Cleaned Messages
> and any settings including the word "Silent"
> set to?
>
>

--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Thu Aug 19 18:05:16 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:36 2006
Subject: Not able to get all mail archived to a file
Message-ID: <mailman.928.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>From: Brent Bolin <brentbolin@HOTMAIL.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Not able to get all mail archived to a file
>Date: Thu, 19 Aug 2004 10:07:03 -0500
>
>I have set this option but its not working
>
>Archive Mail = /tmp/foobar
>
>touch /tmp/foobar
>chmod 666 /tmp/foobar
>
>Strange I had this working at one point.
>

This was a dumb fix.  Stopping and restart sendmail.

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From peter at UCGBOOK.COM  Thu Aug 19 18:11:23 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:36 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.929.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Christian Campbell wrote:
> I am looking to NOT scan an email from a specific address.  I
> found the correct FAQ that addresses this, but I'm having a hard
> time understanding it due to the formatting of the text, and I'm
> simply not "getting it".  Could someone please help me?  Here's
> the link to the FAQ I'm looking at:
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/244.html

I fixed the formatting for you. Hope it's easier now.

For those writing FAQ:s, please use monospaced text since it's the only
readable alternative.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Thu Aug 19 18:13:38 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:36 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.930.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Eduardo Almeida wrote:
> The problem was the Deliver Cleaned Messages. My client asked me to not
> send any cleaned or disinfected message. The comments in the conffile
> should include this, don't you think?

But it is in the comment:

# Do you want to deliver messages once they have been cleaned of any
# viruses?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = yes

The definition of cleaned vs. disinfected can be found here:

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones. "Disinfection" involves removing viruses from files
# (such as removing macro viruses from documents). "Cleaning" is the
# replacement of infected attachments with "VirusWarning.txt" text
# attachments.
# Less than 1% of viruses in the wild can be successfully disinfected,
# as macro viruses are now a rare occurrence. So the default has been
# changed to "no" as it gives a significant performance improvement.
#
# This can also be the filename of a ruleset.
Deliver Disinfected Files = no


--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Thu Aug 19 18:15:49 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:36 2006
Subject: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.931.1137101196.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Thursday, August 19, 2004 10:26 AM:

> HI
> Sorry to bother you but after 2 hoours on the net and
> complaint from usersyou are my last resort before a downgrade
> of sendmail Running Fedora C2 with sendmail sendmail-8.12.11-4.6
>
> Im getting loads of this in my log and cant figure out why:
> Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
> host-207-254-243-131.classicnet.net [207.254.243.131] did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> If it only was spam senders I wouldnt mind but even companies
> that I would excpect to have a correct MTA get it. We still
> managed to recieve about 7000 mail today so Im very confused
> who to blame. I cant figure out if its me or fedora c2 thats
> screwed or if its some of the companies that dont follow some RFC....
>
> I cant find anything to help me on the web so if anyone got a
> clue pls help or I just have to downgrade my sendmail
>
> /Anders
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).

This can happen if a host connects to port 25, but does not issue any
commands.  This may just be a probe to see if port 25 is open.  They could
be looking for a sendmail server < 8.12.9 or issuing a HELO/EHLO and then
disconnecting.  If your legit email is coming through without issue, I
wouldn't worry about it.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Thu Aug 19 18:18:29 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:36 2006
Subject: Mail is being delivered to the wrong person
Message-ID: <mailman.932.1137101196.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Thursday, August 19, 2004 10:35 AM:

> I have a strange thing happening. Since installing MS, I am
> getting calls from my customers telling me they are getting
> mail for people who are not them. These seem to have a pattern.
>
> monicaa is getting monicam's mail
> johnd is getting johndw's mail.
>
> What can I do to correct this?
>
> Thanks,
> David Scott
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).

What do your logs show?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Thu Aug 19 18:18:29 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:36 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.933.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Anders Andersson, IT wrote:
> Im getting loads of this in my log and cant figure out why:
> Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
> host-207-254-243-131.classicnet.net [207.254.243.131] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA

I only get those from our systems monitoring tool (Nagios). It checks if
smtp is available by connecting to port 25 and then dumps the
connection, it's just interested in the answer and never follows through
with a message. I have never seen it from "outsiders".

If you follow the msgids, are they successfully delivered, or what?

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dh at UPTIME.AT  Thu Aug 19 18:23:35 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:36 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.934.1137101196.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Peter Bonivart wrote:

| Anders Andersson, IT wrote:
|
|> Im getting loads of this in my log and cant figure out why:
|> Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
|> host-207-254-243-131.classicnet.net [207.254.243.131] did not issue
|> MAIL/EXPN/VRFY/ETRN during connection to MTA
|
|
<snip>

see http://www.sendmail.org/faq/section4.html

Subject: Q4.18 -- What does "NOQUEUE: Null connection from ..." mean?

which also reads:

Note 2: In 8.10, the text which led to the confusion has been changed
to: "... did not issue MAIL/EXPN/VRFY/ETRN during connection to ...".


- -d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBJOIXPMoaMn4kKR4RA7D8AKCHjMnI0dwZKX9j43uvxHs7m6bf+ACeKXzf
ndbV1Z9JWClUdjSB0Sgkpy4=
=M55K
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Thu Aug 19 18:56:59 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:36 2006
Subject: SV: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.935.1137101196.24926.mailscanner@lists.mailscanner.info>

> -----Ursprungligt meddelande-----
> Från: Mike Kercher [mailto:mike@CAMAROSS.NET] 
> Skickat: den 19 augusti 2004 19:16
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: Re: Sendmail issues with MAIL/EXPN/VRFY/ETRN
> 
> MailScanner mailing list <> scribbled on Thursday, August 19, 
> 2004 10:26 AM:
> 
> > HI
> > Sorry to bother you but after 2 hoours on the net and 
> complaint from 
> > usersyou are my last resort before a downgrade of sendmail Running 
> > Fedora C2 with sendmail sendmail-8.12.11-4.6
> >
> > Im getting loads of this in my log and cant figure out why:
> > Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
> > host-207-254-243-131.classicnet.net [207.254.243.131] did not issue 
> > MAIL/EXPN/VRFY/ETRN during connection to MTA
> >
> > If it only was spam senders I wouldnt mind but even 
> companies that I 
> > would excpect to have a correct MTA get it. We still managed to 
> > recieve about 7000 mail today so Im very confused who to 
> blame. I cant 
> > figure out if its me or fedora c2 thats screwed or if its 
> some of the 
> > companies that dont follow some RFC....
> >
> > I cant find anything to help me on the web so if anyone got 
> a clue pls 
> > help or I just have to downgrade my sendmail
> >
> > /Anders
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> This can happen if a host connects to port 25, but does not 
> issue any commands.  This may just be a probe to see if port 
> 25 is open.  They could be looking for a sendmail server < 
> 8.12.9 or issuing a HELO/EHLO and then disconnecting.  If 
> your legit email is coming through without issue, I wouldn't 
> worry about it.

Well, thats just the problem, some legit mail wont get threw because of this
and some do. Ive found some references towards saslauthd on a page and
turned that one on. 
I also found ppl talking about this behavior when they tried to run TLS.
Since Ive never had TLS running before so I really dont know if that could
be the isue

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Thu Aug 19 19:01:11 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:36 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.936.1137101196.24926.mailscanner@lists.mailscanner.info>

> -----Ursprungligt meddelande-----
> Från: Peter Bonivart [mailto:peter@UCGBOOK.COM] 
> Skickat: den 19 augusti 2004 19:18
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: Re: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
> 
> Anders Andersson, IT wrote:
> > Im getting loads of this in my log and cant figure out why:
> > Aug 19 17:16:47 ns2 sendmail[30108]: i7JEGk4c030108:
> > host-207-254-243-131.classicnet.net [207.254.243.131] did not issue 
> > MAIL/EXPN/VRFY/ETRN during connection to MTA
> 
> I only get those from our systems monitoring tool (Nagios). 
> It checks if smtp is available by connecting to port 25 and 
> then dumps the connection, it's just interested in the answer 
> and never follows through with a message. I have never seen 
> it from "outsiders".
> 
> If you follow the msgids, are they successfully delivered, or what?
> 
The connections that will get this wont be delivered. Since I know legit
companies tried to send Im wondering if it a RFC issue or if it got
somethign to do with TLS. Im lost but after turnign on saslauthd it seems to
be less problems even if its not perfect.
But I really dont like it since I dont have a clue what it does.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Thu Aug 19 19:07:38 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:37 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.937.1137101196.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Thursday, August 19, 2004 1:01 PM:

>>
> The connections that will get this wont be delivered. Since I
> know legit companies tried to send Im wondering if it a RFC
> issue or if it got somethign to do with TLS. Im lost but
> after turnign on saslauthd it seems to be less problems even
> if its not perfect.
> But I really dont like it since I dont have a clue what it does.
>

Have you fiddled with the settings in your sendmail.mc?

define(`confTO_CONNECT', `1m')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(delay_checks)dnl

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 19:43:32 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:37 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.938.1137101197.24926.mailscanner@lists.mailscanner.info>

The comments only talk about viruses and not attachments blocked by the
filename.rules.conf. My problem was with blocked extensions.

On Qui, 2004-08-19 at 19:13 +0200, Peter Bonivart wrote:
> Eduardo Almeida wrote:
> > The problem was the Deliver Cleaned Messages. My client asked me to not
> > send any cleaned or disinfected message. The comments in the conffile
> > should include this, don't you think?
>
> But it is in the comment:
>
> # Do you want to deliver messages once they have been cleaned of any
> # viruses?
> # By making this a ruleset, you can re-create the "Deliver From Local"
> # facility of previous versions.
> Deliver Cleaned Messages = yes
>
> The definition of cleaned vs. disinfected can be found here:
>
> # Should I attempt to disinfect infected attachments and then deliver
> # the clean ones. "Disinfection" involves removing viruses from files
> # (such as removing macro viruses from documents). "Cleaning" is the
> # replacement of infected attachments with "VirusWarning.txt" text
> # attachments.
> # Less than 1% of viruses in the wild can be successfully disinfected,
> # as macro viruses are now a rare occurrence. So the default has been
> # changed to "no" as it gives a significant performance improvement.
> #
> # This can also be the filename of a ruleset.
> Deliver Disinfected Files = no
>
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Thu Aug 19 19:56:07 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.939.1137101197.24926.mailscanner@lists.mailscanner.info>

> -----Ursprungligt meddelande-----
> Från: Mike Kercher [mailto:mike@CAMAROSS.NET] 
> > The connections that will get this wont be delivered. Since I know 
> > legit companies tried to send Im wondering if it a RFC 
> issue or if it 
> > got somethign to do with TLS. Im lost but after turnign on 
> saslauthd 
> > it seems to be less problems even if its not perfect.
> > But I really dont like it since I dont have a clue what it does.
> >
> 
> Have you fiddled with the settings in your sendmail.mc?
> 
> define(`confTO_CONNECT', `1m')dnl
> define(`confTO_IDENT', `0')dnl
> FEATURE(delay_checks)dnl
> 
Nope, they look like they should accept for FEATURE(delay_checks)dnl witch
doesnt exist. But I checked the link David gave see
http://www.sendmail.org/faq/section4.html and they said "Unless this happens
very often, you can ignore this. If it happens very often, it's either
someone playing around or it's a network problem."
We also had a dns prob that was my bad since I forgott fedora c2 use chroot
and all my files were in the wrong place :( it worked kinda but very slow.
Well, I figured that one out and looking at the logs now it seems to have
stoped as far as I can see only spammers got that response. So I just have
to wait until tomorrow and see what happens when sweden wakes up again.

Thanks for all the help and to bad it seems to be my fault  *sniff*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 20:32:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.940.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:07 19/08/2004, you wrote:
>Thanks Julian,
>
>The problem was the Deliver Cleaned Messages. My client asked me to not
>send any cleaned or disinfected message. The comments in the conffile
>should include this, don't you think?

What extra explanation would you like to see, and exactly where? I am
always open to suggestions of ways to improve the documentation.


>On Qui, 2004-08-19 at 16:21 +0100, Julian Field wrote:
> > What are
> > Deliver Cleaned Messages
> > and any settings including the word "Silent"
> > set to?
> >
> >
>
>--
>Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 20:33:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Not able to get all mail archived to a file
Message-ID: <mailman.941.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:05 19/08/2004, you wrote:
>>From: Brent Bolin <brentbolin@HOTMAIL.COM>
>>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Not able to get all mail archived to a file
>>Date: Thu, 19 Aug 2004 10:07:03 -0500
>>
>>I have set this option but its not working
>>
>>Archive Mail = /tmp/foobar
>>
>>touch /tmp/foobar
>>chmod 666 /tmp/foobar
>>
>>Strange I had this working at one point.
>
>This was a dumb fix.  Stopping and restart sendmail.

You should have the "x" attribute set of the directory. So if you really
want 666, then put 777.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 20:35:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.942.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:45 19/08/2004, you wrote:
>If I want to NOT scan an email from
><mailto:user@domain.tld>user@domain.tld, how do I
>config?  <mailto:user@domain.tld>user@domain.tld is sending an HTML email
>with a form
>that needs to be delivered (with the form intact) for legitimate
>business purposes.

One extra point in addition: you don't want to switch off scanning for mail
from this address, you just want to disable form tag checking for this
address. Never switch off more checks than you absolutely have to, or it
will come back to bite you one day.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From eduardo_simpsom_rj at YAHOO.COM.BR  Thu Aug 19 20:57:54 2004
From: eduardo_simpsom_rj at YAHOO.COM.BR (Eduardo Almeida)
Date: Thu Jan 12 21:26:37 2006
Subject: MS reports not being sent to users
Message-ID: <mailman.943.1137101197.24926.mailscanner@lists.mailscanner.info>

I think that the comment before the Deliver Cleaned Messages should be:

# Do you want to deliver messages once they have been cleaned of any
# viruses or blocked filenames or filetypes?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = yes



On Qui, 2004-08-19 at 20:32 +0100, Julian Field wrote:
> At 17:07 19/08/2004, you wrote:
> >Thanks Julian,
> >
> >The problem was the Deliver Cleaned Messages. My client asked me to not
> >send any cleaned or disinfected message. The comments in the conffile
> >should include this, don't you think?
>
> What extra explanation would you like to see, and exactly where? I am
> always open to suggestions of ways to improve the documentation.
>
>
> >On Qui, 2004-08-19 at 16:21 +0100, Julian Field wrote:
> > > What are
> > > Deliver Cleaned Messages
> > > and any settings including the word "Silent"
> > > set to?
> > >
> > >
> >
> >--
> >Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Eduardo Almeida <eduardo_simpsom_rj@yahoo.com.br>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Thu Aug 19 21:21:11 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.944.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>If you leave it alone, you will find it works just fine. You don't need to
>go editing my code :-)
>
>At 19:36 18/08/2004, you wrote:
>>Hi All,
>>
>>Does mailscanner use clamscan with options(clamscan -m) or does this need 
>>to
>>be put in the clamscan wrapper file ?
>>
>>/usr/local/libexec/MailScanner/clamav-wrapper
>>ScanOptions="-m"
>>
>>or even if I was to use vexira
>>ScanOptions="--scan-in-mbox"
>>
>>FreeBSD 5.2.1
>>MailScanner-4.31.6
>>
>>Thanks

OK, removed any edits I did in clamav-wrapper.

Did have to edit virus.scanners.conf to get clamav to work
had to add bin /usr/local/bin

Still having problems getting vexira to work.  Works from the command line 
but /var/log/maillog dosen't detect any eicar virus.

Any input would be appreciated

btb

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 21:50:05 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.945.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:21 19/08/2004, you wrote:
>Did have to edit virus.scanners.conf to get clamav to work
>had to add bin /usr/local/bin

That's fine, that's a config file :-)

>Still having problems getting vexira to work.  Works from the command line
>but /var/log/maillog dosen't detect any eicar virus.

What does

cd /tmp
/usr/lib/MailScanner/vexira-wrapper /usr/lib/Vexira --allfiles -s -z
-noboot -nombr -r1 -rs -lang=EN --alltypes .

produce? (don't forget the "." on the end)

Any errors? If not, what version of Vexira are you using?
Please can you send me the output of the above command. Might help if you
put a copy of eicar.com in a subdirectory of /tmp so that it has something
to find.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Thu Aug 19 21:54:08 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:37 2006
Subject: HPUX IA64
Message-ID: <mailman.946.1137101197.24926.mailscanner@lists.mailscanner.info>

We have a potential customer who wants to run MailScanner on HPUX IA64. I'm
familiar with a few sites that are running MailScanner on HPUX but would
appreciate hearing from any of you who can give me any information - system
specs, messages processed daily, etc. and any specific HPUX IA64 info.

If you mail me off list I'll work with Ugo to format (and cleanse the
information to protect the innocent) and get it into the MAQ.

Thanks in Advance for you assistance,

Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Brent Bolin
> Sent: Thursday, August 19, 2004 4:21 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Scan options for clamscan or other AV
>
> >If you leave it alone, you will find it works just fine. You don't need
> to
>
> >go editing my code :-)
>
> >
>
> >At 19:36 18/08/2004, you wrote:
>
> >>Hi All,
>
> >>
>
> >>Does mailscanner use clamscan with options(clamscan -m) or does this
> need
>
> >>to
>
> >>be put in the clamscan wrapper file ?
>
> >>
>
> >>/usr/local/libexec/MailScanner/clamav-wrapper
>
> >>ScanOptions="-m"
>
> >>
>
> >>or even if I was to use vexira
>
> >>ScanOptions="--scan-in-mbox"
>
> >>
>
> >>FreeBSD 5.2.1
>
> >>MailScanner-4.31.6
>
> >>
>
> >>Thanks
>
>
> OK, removed any edits I did in clamav-wrapper.
>
>
> Did have to edit virus.scanners.conf to get clamav to work
>
> had to add bin /usr/local/bin
>
>
> Still having problems getting vexira to work.  Works from the command line
>
> but /var/log/maillog dosen't detect any eicar virus.
>
>
> Any input would be appreciated
>
>
> btb
>
>
> _________________________________________________________________
>
> Don't just search. Find. Check out the new MSN Search!
>
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
> ------------------------ MailScanner list ------------------------
>
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>
> 'leave mailscanner' in the body of the email.
>
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Thu Aug 19 22:03:58 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:37 2006
Subject: rules and whitelist
Message-ID: <mailman.947.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have a two part question so please bear with me:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have an issue with a client who tells me that mail from a
specific domain show always be allowed to reach them. I.E. should not be
deleted. OK, so I created a rule that says the following:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>From:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
*@arcas.com&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
deliver<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>amongst other rules as well. They still say that the mail is
not coming thru. They also say that before I put this rule into place, mail
from this domain used to be accepted but only if it was in reply to an email
sent from the domain protected by MailScanner. I have also added the following
to the spam.whitelist.rules file:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>From:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
*@arcas.com&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
yes<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Does all this look correct in order to never mark as spam mail
from the arcas.com domain? Does it matter if in the rule files, the elements are
separated by spaces or tabs?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The second part of my question involves setting up rule files
specific to domains. I host a small number of domains but would like to have rules
applicable to each domain only. Is it possible to somehow have a rule call another
rule? For example, in my main rules file I could have:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="mailto:*@somedomain.com">*@somedomain.com</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/MailScanner/rules/somedomain.com.rules<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am led to believe by a very reputable source that you cannot
call one rule file with another. Is there any way to achieve this functionality?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>TIA<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Dave<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From brentbolin at HOTMAIL.COM  Thu Aug 19 22:06:43 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Scan options for clamscan or other AV
Message-ID: <mailman.948.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>Did have to edit virus.scanners.conf to get clamav to work
>>had to add bin /usr/local/bin
>
>That's fine, that's a config file :-)
>
>>Still having problems getting vexira to work.  Works from the command line
>>but /var/log/maillog dosen't detect any eicar virus.
>
>What does
>
>cd /tmp
>/usr/lib/MailScanner/vexira-wrapper /usr/lib/Vexira --allfiles -s -z
>-noboot -nombr -r1 -rs -lang=EN --alltypes .
>
>produce? (don't forget the "." on the end)
>
>Any errors? If not, what version of Vexira are you using?
>Please can you send me the output of the above command. Might help if you
>put a copy of eicar.com in a subdirectory of /tmp so that it has something
>to find.

I have three virus files in the /tmp directory.

Eicar
Worm/Netsky.D.Dam worm
Worm/Mydoom.M worm

When I use the arguments you gave me(from SweepViruses.pm) vexira detects 
all three.  With no arguments it only finds eicar.com

No errors are displayed by running vexira from the command line or 
/var/log/maillog

vexira --version
6.27.0.6
operating system: FreeBSD
product version:  2.2.1-14
engine version:   6.27.0.6
packlib version:  2.0.3.13 (supports 24 formats)
vdf version:      6.27.0.21

product:          Vexira Antivirus Server
key file:         LICENSE.KEY
registered user:
serial number:    2003000000
key expires:      13 Feb 2006
run mode:         COMMERCIAL

product:          Vexira Antivirus Workstation
key file:         LICENSE.KEY
registered user:
serial number:    2003000000
key expires:      13 Feb 2006
run mode:         COMMERCIAL

product:          Vexira Antivirus (command line scanner)
key file:         LICENSE.KEY
registered user:
serial number:    2003000000
key expires:      13 Feb 2006
run mode:         COMMERCIAL

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 22:25:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: rules and whitelist
Message-ID: <mailman.949.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:03 19/08/2004, you wrote:
>I have a two part question so please bear with me:
>
>I have an issue with a client who tells me that mail from a specific
>domain show always be allowed to reach them. I.E. should not be deleted.
>OK, so I created a rule that says the following:
>
>From:             *@arcas.com                               deliver
>
>amongst other rules as well.

Don't you mean "To:" and not "From:" ?

>  They still say that the mail is not coming thru. They also say that
> before I put this rule into place, mail from this domain used to be
> accepted but only if it was in reply to an email sent from the domain
> protected by MailScanner. I have also added the following to the
> spam.whitelist.rules file:
>
>From:           *@arcas.com                     yes
>Does all this look correct in order to never mark as spam mail from the
>arcas.com domain?

Correct. "From" the arcas.com domain, which is not what you said above.

>  Does it matter if in the rule files, the elements are separated by
> spaces or tabs?

The only files where spaces/tabs matter are filename.rules.conf and
filetype.rules.conf. So "no".

>  The second part of my question involves setting up rule files specific
> to domains. I host a small number of domains but would like to have rules
> applicable to each domain only. Is it possible to somehow have a rule
> call another rule? For example, in my main rules file I could have:
>
>             To:      <mailto:*@somedomain.com>*@somedomain.com
>         /etc/MailScanner/rules/somedomain.com.rules
>
>I am led to believe by a very reputable source that you cannot call one
>rule file with another. Is there any way to achieve this functionality?

You cannot call one rules file from another. However, you can use an "and"
condition in a rules file to say
To: *@somedomain.com and From: arcas.com yes
and things like that.

There is also per-domain and per-user whitelist and blacklist support in
CustomConfig.pm which you may find useful.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Thu Aug 19 22:51:14 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:37 2006
Subject: HPUX IA64
Message-ID: <mailman.950.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Stephen Swaney wrote:
> We have a potential customer who wants to run MailScanner on HPUX IA64. I'm
> familiar with a few sites that are running MailScanner on HPUX but would
> appreciate hearing from any of you who can give me any information - system
> specs, messages processed daily, etc. and any specific HPUX IA64 info.
>
> If you mail me off list I'll work with Ugo to format (and cleanse the
> information to protect the innocent) and get it into the MAQ.

So if there's *one* IA64 system running MS it's immediately qualified
for the MAQ?  :-)


--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Thu Aug 19 23:08:06 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:37 2006
Subject: rules and whitelist
Message-ID: <mailman.951.1137101197.24926.mailscanner@lists.mailscanner.info>

> >
> >I have an issue with a client who tells me that mail from a specific
> >domain show always be allowed to reach them. I.E. should not be deleted.
> >OK, so I created a rule that says the following:
> >
> >From:             *@arcas.com                               deliver
> >
> >amongst other rules as well.
>
> Don't you mean "To:" and not "From:" ?
[Dave Filchak]

No ... I don't think so. Mail from arcas.com should be delivered and not
marked as spam. The client can send mail To: arcas.com with no problems.
It's when the mail is coming into my clients domain that there is a problem.
>
> >  They still say that the mail is not coming thru. They also say that
> > before I put this rule into place, mail from this domain used to be
> > accepted but only if it was in reply to an email sent from the domain
> > protected by MailScanner. I have also added the following to the
> > spam.whitelist.rules file:
> >
> >From:           *@arcas.com                     yes
> >Does all this look correct in order to never mark as spam mail from the
> >arcas.com domain?
>
> Correct. "From" the arcas.com domain, which is not what you said above.
[Dave Filchak]
I didn't???

<snip>
>
> >  The second part of my question involves setting up rule files specific
> > to domains. I host a small number of domains but would like to have
> rules
> > applicable to each domain only. Is it possible to somehow have a rule
> > call another rule? For example, in my main rules file I could have:
> >
> >             To:      <mailto:*@somedomain.com>*@somedomain.com
> >         /etc/MailScanner/rules/somedomain.com.rules
> >
> >I am led to believe by a very reputable source that you cannot call one
> >rule file with another. Is there any way to achieve this functionality?
>
> You cannot call one rules file from another. However, you can use an "and"
> condition in a rules file to say
> To: *@somedomain.com and From: arcas.com yes
> and things like that.
>
> There is also per-domain and per-user whitelist and blacklist support in
> CustomConfig.pm which you may find useful.
[Dave Filchak]

Is there info on this in the package or is it on the MailScanner site?
Thanks
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Thu Aug 19 23:15:45 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:37 2006
Subject: Incomplete sendmail logs after upgrade to MS 4.32.5
Message-ID: <mailman.952.1137101197.24926.mailscanner@lists.mailscanner.info>

Just upgraded two systems running different MS-versions to MS 4.32.5.
When checking the logfiles I noticed something strange.

I see the from= logline from sendmail. Then MS shows it's loglines when
processing the message. After that I get a to= logline from the next
sendmail with a stat=sent. I don't see the to= logline with the
stat=queued from the daemonized sendmail.

I checked whether there was some other sendmail running but it wasn't.
Killing MS stopped processing mail from mqueue.in as expected. Messages
appeared in mqueue.in but still no loglines with to= and stat=queued.

Anybody else seen this behaviour. I have seen this on two different
machines sendmail 8.12.10 and 8.12.8 on RedHat Enterprise resp. Redhat
9.

MS was installed using the standard rpm.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 23:16:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: rules and whitelist
Message-ID: <mailman.953.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:08 19/08/2004, you wrote:
> > >I have an issue with a client who tells me that mail from a specific
> > >domain show always be allowed to reach them. I.E. should not be deleted.
> > >OK, so I created a rule that says the following:
> > >
> > >From:             *@arcas.com                               deliver
> > >
> > >amongst other rules as well.
> >
> > Don't you mean "To:" and not "From:" ?
>[Dave Filchak]
>
>No ... I don't think so. Mail from arcas.com should be delivered and not
>marked as spam. The client can send mail To: arcas.com with no problems.
>It's when the mail is coming into my clients domain that there is a problem.

In which case you want
To:     client.domain.com       deliver

><snip>
> >
> > >  The second part of my question involves setting up rule files specific
> > > to domains. I host a small number of domains but would like to have
> > rules
> > > applicable to each domain only. Is it possible to somehow have a rule
> > > call another rule? For example, in my main rules file I could have:
> > >
> > >             To:      <mailto:*@somedomain.com>*@somedomain.com
> > >         /etc/MailScanner/rules/somedomain.com.rules
> > >
> > >I am led to believe by a very reputable source that you cannot call one
> > >rule file with another. Is there any way to achieve this functionality?
> >
> > You cannot call one rules file from another. However, you can use an "and"
> > condition in a rules file to say
> > To: *@somedomain.com and From: arcas.com yes
> > and things like that.
> >
> > There is also per-domain and per-user whitelist and blacklist support in
> > CustomConfig.pm which you may find useful.
>[Dave Filchak]
>
>Is there info on this in the package or is it on the MailScanner site?

Take a look in CustomConfig.pm, there are some docs in there.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Thu Aug 19 23:17:37 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:37 2006
Subject: HPUX IA64
Message-ID: <mailman.954.1137101197.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Peter Bonivart
> Sent: Thursday, August 19, 2004 5:51 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: HPUX IA64
>
> Stephen Swaney wrote:
> > We have a potential customer who wants to run MailScanner on HPUX IA64.
> I'm
> > familiar with a few sites that are running MailScanner on HPUX but would
> > appreciate hearing from any of you who can give me any information -
> system
> > specs, messages processed daily, etc. and any specific HPUX IA64 info.
> >
> > If you mail me off list I'll work with Ugo to format (and cleanse the
> > information to protect the innocent) and get it into the MAQ.
>
> So if there's *one* IA64 system running MS it's immediately qualified
> for the MAQ?  :-)
>

Excellent point Peter and I'll fill in the blanks for the one I know about
(a test system).

I should have been a bit more specific. I'm also trying to find out how much
email a 2-1300MHz IA64 CPUs with 4GB of RAM could process if it were running
MailScanner with SpamAssassin and a typical load of related applications.

Thanks,

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 19 23:37:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Incomplete sendmail logs after upgrade to MS 4.32.5
Message-ID: <mailman.955.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:15 19/08/2004, you wrote:
>Just upgraded two systems running different MS-versions to MS 4.32.5.
>When checking the logfiles I noticed something strange.
>
>I see the from= logline from sendmail. Then MS shows it's loglines when
>processing the message. After that I get a to= logline from the next
>sendmail with a stat=sent. I don't see the to= logline with the
>stat=queued from the daemonized sendmail.
>
>I checked whether there was some other sendmail running but it wasn't.
>Killing MS stopped processing mail from mqueue.in as expected. Messages
>appeared in mqueue.in but still no loglines with to= and stat=queued.
>
>Anybody else seen this behaviour. I have seen this on two different
>machines sendmail 8.12.10 and 8.12.8 on RedHat Enterprise resp. Redhat
>9.
>
>MS was installed using the standard rpm.

MS does not affect the standard sendmail logging in any way.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 19 23:45:50 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:37 2006
Subject: [Fwd: Announcing the Spamtrappers list]
Message-ID: <mailman.956.1137101197.24926.mailscanner@lists.mailscanner.info>

Justin Mason posted this to a couple of lists earlier this evening, so I
thought I'd pass it on:
-------- Forwarded Message --------

Hash: SHA1

Hi all --

It occurred to me recently that maybe quite a lot of the innards of
spamtrap systems are being kept more secret than they need to be, and a
public mailing list for spamtrap operators would be well worthwhile.

There's a number of things that would be improved through sharing our
techniques, suggestions, possibly even data --

  - new scaling mechanisms;

  - what to do with all that spam - where to report, ways to analyze it,
    etc.;

  - new protocols for dealing effectively with massive quantities of
    spam - for example, using SMTP to deliver spamtrap data is not
    necessarily required, since reliability isn't as important for spam
    forwarding as it is for ham, considering the volumes;

  - an "open source" approach to the problem; there's currently a lot of
    secrecy, and probably more than is really required (as long as we
    don't spill the beans on what domains and addresses we're collecting
    from).   Being able to share thoughts can be very useful, esp. when
    someone notices some new spammer behaviour.

The list info and subscription page is here:

  http://lists.taint.org/mailman/listinfo/spamtrappers/

- --j.



--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Aug 19 23:52:41 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:37 2006
Subject: Incomplete sendmail logs after upgrade to MS 4.32.5
Message-ID: <mailman.957.1137101197.24926.mailscanner@lists.mailscanner.info>

Hi!

> I see the from= logline from sendmail. Then MS shows it's loglines when
> processing the message. After that I get a to= logline from the next
> sendmail with a stat=sent. I don't see the to= logline with the
> stat=queued from the daemonized sendmail.
>
> I checked whether there was some other sendmail running but it wasn't.
> Killing MS stopped processing mail from mqueue.in as expected. Messages
> appeared in mqueue.in but still no loglines with to= and stat=queued.

I haev seen this exact same behaviour, after a restart of the syslog
deamon that we were using (syslog-ng) the problem was gone.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wppiphoto at wppi.com  Fri Aug 20 06:10:44 2004
From: wppiphoto at wppi.com (SW)
Date: Thu Jan 12 21:26:37 2006
Subject: E-Mail Server giving too much information w/ Return Receipt
    Requests {Scanned}
Message-ID: <mailman.958.1137101197.24926.mailscanner@lists.mailscanner.info>

Hello,

I just found out that if someone selects to be notified of an e-mail message
delivery, that the mail server will send out a response back to the user
with that user's e-mail address and if any aliases were setup, it will also
the target e-mail address like the following:

Subject: Return receipt
The original message was received at Fri, 20 Aug 2004 01:06:24 -0400 from
[68.166.149.62]

   ----- The following addresses had successful delivery notifications -----
wppi@wppi.com  (successfully delivered to mailbox)
    (expanded from: <stevewest15@wppi.com>)

   ----- Transcript of session follows -----
wppi@wppi.com... Successfully delivered
-------------------------------------------
Is there any way to block our mail server from sending out this information
back?

Thank you,

SW



-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Fri Aug 20 07:01:58 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:37 2006
Subject: E-Mail Server giving too much information w/ Return Receipt
    Requests {Scanned}
Message-ID: <mailman.959.1137101197.24926.mailscanner@lists.mailscanner.info>

> Is there any way to block our mail server from sending out
> this information back?

Probably. It might help to know though what mail server (MTA) you are
using...

Regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Fri Aug 20 07:45:19 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:37 2006
Subject: Spam Score and spam action
Message-ID: <mailman.960.1137101197.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
may MailScanner delete emails with
X-Mailscanner-Spamscore: < 5?

How can I setup?

Peter

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQSWeCDUPm8nTX+dsEQKWmgCgmBisKAMOE8HmExYSzQQz8zhBtpUAoLJX
jklfwqUe4uuai5lLQfNPsLLd
=Mnnw
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Aug 20 08:48:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Spam Score and spam action
Message-ID: <mailman.961.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 07:45 20/08/2004, you wrote:
>may MailScanner delete emails with
>X-Mailscanner-Spamscore: < 5?
>
>How can I setup?

I assume what you are trying to do is change the value of 5 to something
else. If so, I suggest you search for "5" in MailScanner.conf.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Fri Aug 20 10:46:17 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: OT: Sendmail issues with MAIL/EXPN/VRFY/ETRN
Message-ID: <mailman.962.1137101197.24926.mailscanner@lists.mailscanner.info>

Hi
Ive checked everything today and it seems like it been running ok. So I can
only blame my self and no one else  =(
Thanks for all the info

> -----Ursprungligt meddelande-----
> Från: Anders Andersson, IT [mailto:anders.andersson@LTKALMAR.SE] 
> 
> > -----Ursprungligt meddelande-----
> > Från: Mike Kercher [mailto:mike@CAMAROSS.NET]
> > > The connections that will get this wont be delivered. 
> Since I know 
> > > legit companies tried to send Im wondering if it a RFC
> > issue or if it
> > > got somethign to do with TLS. Im lost but after turnign on
> > saslauthd
> > > it seems to be less problems even if its not perfect.
> > > But I really dont like it since I dont have a clue what it does.
> > >
> > 
> > Have you fiddled with the settings in your sendmail.mc?
> > 
> > define(`confTO_CONNECT', `1m')dnl
> > define(`confTO_IDENT', `0')dnl
> > FEATURE(delay_checks)dnl
> > 
> Nope, they look like they should accept for 
> FEATURE(delay_checks)dnl witch doesnt exist. But I checked 
> the link David gave see 
> http://www.sendmail.org/faq/section4.html and they said 
> "Unless this happens very often, you can ignore this. If it 
> happens very often, it's either someone playing around or 
> it's a network problem."
> We also had a dns prob that was my bad since I forgott fedora 
> c2 use chroot and all my files were in the wrong place :( it 
> worked kinda but very slow.
> Well, I figured that one out and looking at the logs now it 
> seems to have stoped as far as I can see only spammers got 
> that response. So I just have to wait until tomorrow and see 
> what happens when sweden wakes up again.
> 
> Thanks for all the help and to bad it seems to be my fault  *sniff*
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Fri Aug 20 10:54:25 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:37 2006
Subject: Spam Score and spam action
Message-ID: <mailman.963.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sorry, i want to set mail as High Score spam mail (for deleting) ,
where X-Mailscanner-Spamscore is lower then 5

On aug 20, 2004, at 9:48, Julian Field wrote:

> At 07:45 20/08/2004, you wrote:
>> may MailScanner delete emails with
>> X-Mailscanner-Spamscore: < 5?
>>
>> How can I setup?
>
> I assume what you are trying to do is change the value of 5 to
> something
> else. If so, I suggest you search for "5" in MailScanner.conf.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Fri Aug 20 11:20:24 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: OT: Vispan and f-secure
Message-ID: <mailman.964.1137101197.24926.mailscanner@lists.mailscanner.info>

Ive reinstalled my server and I cant get vispan to give me stats from
F-Secure. I get stats from mcafee, clam and f-protbut I dont get anything
from f-secure. Anyone see this or have a clue.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Aug 20 13:30:00 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:37 2006
Subject: E-Mail Server giving too much information w/ Return Receipt
    Requests {Scanned}
Message-ID: <mailman.965.1137101197.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Friday, August 20, 2004 12:11 AM:

> Hello,
>
> I just found out that if someone selects to be notified of an
> e-mail message delivery, that the mail server will send out a
> response back to the user with that user's e-mail address and
> if any aliases were setup, it will also the target e-mail
> address like the following:
>
> Subject: Return receipt
> The original message was received at Fri, 20 Aug 2004
> 01:06:24 -0400 from [68.166.149.62]
>
>    ----- The following addresses had successful delivery
> notifications ----- wppi@wppi.com  (successfully delivered to mailbox)
>     (expanded from: <stevewest15@wppi.com>)
>
>    ----- Transcript of session follows ----- wppi@wppi.com...
> Successfully delivered
> -------------------------------------------
> Is there any way to block our mail server from sending out
> this information back?
>

If your MTA is sendmail, this will do the trick in your sendmail.mc:

define(`confPRIVACY_FLAGS',
`goaway,noreceipts,nobodyreturn,restrictqrun')dnl

(the key being noreceipts)

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From abdul at elxlinux.com  Fri Aug 20 13:55:37 2004
From: abdul at elxlinux.com (Abdul Khader)
Date: Thu Jan 12 21:26:37 2006
Subject: Mailscanner not sending the sender notification
Message-ID: <mailman.966.1137101197.24926.mailscanner@lists.mailscanner.info>

Hi All,
I have installed mailscanner and it is working fine with clamav anti
virus. It is sending all notifications to the recipient but not to the
sender.

Also I want a signature of clean mail which is not working.

Regards
Abdul Khader

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Fri Aug 20 14:45:09 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:37 2006
Subject: confusion on spam score number format
Message-ID: <mailman.967.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

I'm a bit confused on this new feature in 4.32.5.  I got a spam,
and the headers from MS look like:

X-Colby-MailScanner-SpamCheck: spam, SpamAssassin (score=8.079, required 5,
     BAYES_50 0.00, FORGED_MUA_OUTLOOK 2.57, FORGED_OUTLOOK_TAGS 1.00,
     FROM_HAS_MIXED_NUMS 0.26, HTML_60_70 0.11, HTML_FONTCOLOR_BLUE 0.10,
     HTML_FONTCOLOR_RED 0.10, HTML_FONTCOLOR_UNSAFE 0.10,
     HTML_FONT_BIG 0.27, HTML_MESSAGE 0.10, HTML_TITLE_EMPTY 0.12,
     MIME_HTML_ONLY 0.32, MSGID_FROM_MTA_SHORT 3.03)
X-Colby-MailScanner-SpamScore: 8

But I have:

Spam Score Number Format = %6.2f

so I was expecting:

X-Colby-MailScanner-SpamScore: 8.08

in my headers.  Am I not understanding what this feature does?

Jeff Earickson

PS.  Love the "-v" feature that tells you what your perl module versions
are.  It would maybe help if this would do a "uname -a" and also pluck
out the MTA version number (this may be a PITA), eg for sendmail something
like: "/usr/lib/sendmail -d0.1 -bt < /dev/null | grep Version".

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 20 15:25:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: confusion on spam score number format
Message-ID: <mailman.968.1137101197.24926.mailscanner@lists.mailscanner.info>

I screwed up.
Please apply the attached (very short) patch to Message.pm.

At 14:45 20/08/2004, you wrote:
>X-Colby-MailScanner-SpamScore: 8
>
>But I have:
>
>Spam Score Number Format = %6.2f
>
>so I was expecting:
>
>X-Colby-MailScanner-SpamScore: 8.08

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "Message.pm.patch")  1.9KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From jaearick at COLBY.EDU  Fri Aug 20 15:40:12 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:37 2006
Subject: confusion on spam score number format
Message-ID: <mailman.969.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks.  Patch applied.  Now I will have to wait several hours for
more spam to hit my mailbox before I can see if it works...
Seriously...  So much of our spam goes over the high spam score of
10 and gets deleted anymore that I get very few in the range of
5-10 that actually gets delivered.  I only get about 6/day this
way...  This is how good MailScanner really is!

Jeff Earickson

On Fri, 20 Aug 2004, Julian Field wrote:

> Date: Fri, 20 Aug 2004 15:25:30 +0100
> From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: confusion on spam score number format
>
> I screwed up.
> Please apply the attached (very short) patch to Message.pm.
>
> At 14:45 20/08/2004, you wrote:
>> X-Colby-MailScanner-SpamScore: 8
>>
>> But I have:
>>
>> Spam Score Number Format = %6.2f
>>
>> so I was expecting:
>>
>> X-Colby-MailScanner-SpamScore: 8.08
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Fri Aug 20 16:00:33 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:37 2006
Subject: confusion on spam score number format
Message-ID: <mailman.970.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jeff A. Earickson wrote:

> Thanks.  Patch applied.  Now I will have to wait several hours for
> more spam to hit my mailbox before I can see if it works...
> Seriously...  So much of our spam goes over the high spam score of
> 10 and gets deleted anymore that I get very few in the range of
> 5-10 that actually gets delivered.  I only get about 6/day this
> way...  This is how good MailScanner really is!
>

Jeff,

If you only deliver spam in the range 5-10 then the format you specified 
(%6.2f) will give you 3 digits before the decimal point... which is 
pointless... %5.2f would be sufficient (and even %4.2f if you don't 
deliver messages with a score = 10).

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Carl.Boberg at NRM.SE  Fri Aug 20 16:18:55 2004
From: Carl.Boberg at NRM.SE (Carl Boberg)
Date: Thu Jan 12 21:26:37 2006
Subject: Vispan and f-secure
Message-ID: <mailman.971.1137101197.24926.mailscanner@lists.mailscanner.info>

Check the forum on vispan´s homepage.
I have posted the correct regexp there :-)

/ Carl 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT
> Sent: den 20 augusti 2004 12:20
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: OT: Vispan and f-secure
> Importance: High
> 
> Ive reinstalled my server and I cant get vispan to give me stats from
> F-Secure. I get stats from mcafee, clam and f-protbut I dont 
> get anything
> from f-secure. Anyone see this or have a clue.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Fri Aug 20 16:38:56 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: Vispan and f-secure
Message-ID: <mailman.972.1137101197.24926.mailscanner@lists.mailscanner.info>

> -----Ursprungligt meddelande-----
> Från: Carl Boberg [mailto:Carl.Boberg@NRM.SE] 
> Check the forum on vispan´s homepage.
> I have posted the correct regexp there :-)
> 
> / Carl 
Thanks, I really need to learn perl thingys  :)

> 
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders 
> Andersson, IT
> > Sent: den 20 augusti 2004 12:20
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: OT: Vispan and f-secure
> > Importance: High
> > 
> > Ive reinstalled my server and I cant get vispan to give me 
> stats from 
> > F-Secure. I get stats from mcafee, clam and f-protbut I dont get 
> > anything from f-secure. Anyone see this or have a clue.
> > 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Fri Aug 20 17:54:01 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:37 2006
Subject: double message
Message-ID: <mailman.973.1137101197.24926.mailscanner@lists.mailscanner.info>

On 19 Aug 2004 at 9:20, Julian Field wrote:

> Change to
> Lock Type = posix
> as you have built sendmail without flock() support.

I think that every once in a while I get a double message too.  I used to think it was
the fault of the e-mail client or the POP service, but now I wonder.  How do you tell if
sendmail has been compiled to support flock()?  Following is the output of the same
command on my system, which is stock Fedora Core 1.

[root@gingham root]# sendmail -bt -d0.10 < /dev/null | head -n 40

Version 8.12.10

Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP
LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT

OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASFLOCK HASGETDTABLESIZE HASINITGROUPS HASLSTAT
HASNICE HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID
HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV
HASSTRERROR HASUNAME HASUNSETENV HASWAITPID
IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP

I see the HASFLOCK in the "OS defines section", but Matthijs has that too.
Thanks,

--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Fri Aug 20 18:33:02 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:37 2006
Subject: OT: Re: E-Mail Server giving too much information w/ Return
    Receipt Requests {Scanned}
Message-ID: <mailman.974.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Kercher wrote:

>If your MTA is sendmail, this will do the trick in your sendmail.mc:
>
>define(`confPRIVACY_FLAGS',
>`goaway,noreceipts,nobodyreturn,restrictqrun')dnl
>
>(the key being noreceipts)
>
>Mike
>
>

Mike,

Just to let you know, "nobodyreturn" is included when "goaway" is defined

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From vlad at MAZEK.COM  Fri Aug 20 19:05:22 2004
From: vlad at MAZEK.COM (Vlad Mazek)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.975.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greetings,

I was curious if anybody here explored the possibility of MailScanner
both delivering and archiving all incoming mail for auditing purposes.
We currently use a number of procmail scripts to manage this aspect and
would like to do it at the MailScanner level.

Any advice, experience, suggestion or patch would be appreciated. Thank you

-Vlad

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ochanis at ncc.edu  Fri Aug 20 19:26:11 2004
From: ochanis at ncc.edu (Steve Ochani)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.976.1137101197.24926.mailscanner@lists.mailscanner.info>

On 20 Aug 2004 at 14:05, Vlad Mazek wrote:

> Greetings,
>
> I was curious if anybody here explored the possibility of MailScanner
> both delivering and archiving all incoming mail for auditing purposes.
> We currently use a number of procmail scripts to manage this aspect
> and would like to do it at the MailScanner level.
>
> Any advice, experience, suggestion or patch would be appreciated.
> Thank you

As far as I know there isn't a need for a patch to accomplish this. Look in the
MailScanner.conf under the heading
Mail Archiving and Monitoring

Again, as discussed before watch out for the legal and ethical implications of doing this.


«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»
Education is what remains after one has forgotten everything he
learned in school. -Albert Einstein

Steve O.
http://www.steveo.us

B17G WWII Bomber "Yankee Lady" Flight
http://www.steveo.us/b17ride

SUNY NCC Physical Sciences Dept. Network Admin
SUNY NCC MATH/COMPUTER Unix Admin
http://www.matcmp.ncc.edu

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at hotmail.com  Fri Aug 20 19:50:51 2004
From: brentbolin at hotmail.com (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.977.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It can already do this -

Archive Mail = /var/spool/MailScanner/archive

You could place the archive anywhere you like

btb


>From: Vlad Mazek <vlad@MAZEK.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: deliver and archive
>Date: Fri, 20 Aug 2004 14:05:22 -0400
>
>Greetings,
>
>I was curious if anybody here explored the possibility of MailScanner
>both delivering and archiving all incoming mail for auditing purposes.
>We currently use a number of procmail scripts to manage this aspect and
>would like to do it at the MailScanner level.
>
>Any advice, experience, suggestion or patch would be appreciated. Thank you
>
>-Vlad
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

_________________________________________________________________
Get ready for school! Find articles, homework help and more in the Back to
School Guide! http://special.msn.com/network/04backtoschool.armx

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Fri Aug 20 19:59:36 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.978.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

Have you had any luck getting vexira to run ?

Just some more info.

I can fire up a bunch of blank messages from a remote location -

sendmail -v foobar@where_mailscanner.com

If I run top on the mailscanner machine I can see vexira  fireing up, so it
would appear its talking to vexira.

However it dosn't detect viruses(eicar)

btb

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 20 20:19:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.979.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, no problem.
Virus.scanners.conf says
vexira          /usr/lib/MailScanner/vexira-wrapper     /usr/lib/Vexira
and it detects all sorts of eicar just fine.

If you set
         Debug = yes
what output do you get, and what appears in the logs?

At 19:59 20/08/2004, you wrote:
>Julian,
>
>Have you had any luck getting vexira to run ?
>
>Just some more info.
>
>I can fire up a bunch of blank messages from a remote location -
>
>sendmail -v foobar@where_mailscanner.com
>
>If I run top on the mailscanner machine I can see vexira  fireing up, so it
>would appear its talking to vexira.
>
>However it dosn't detect viruses(eicar)

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Fri Aug 20 20:25:03 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.980.1137101197.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-08-20 at 19:59, Brent Bolin wrote:
> Julian,
>
> Have you had any luck getting vexira to run ?
>
> Just some more info.
>
> I can fire up a bunch of blank messages from a remote location -
>
> sendmail -v foobar@where_mailscanner.com
>
> If I run top on the mailscanner machine I can see vexira  fireing up, so it
> would appear its talking to vexira.
>
> However it dosn't detect viruses(eicar)

Have you tried using the wrapper-script to scan infected files?
Are you sure you don't have any symlinks in the path to the MailScanner
work directory?
Are the paths for vexira correct in the virus.scanner.conf file?
Have you changed any of the permissions settings for the work dir in
mailScanner.conf.  Does vexira drop priviledges when running as root
(this could cause permissions problems)?
If all else fails try hacking the vexira wrapper script to redirect the
output to a file (try redirecting stdout and stderr to different files,
this should at least show what it is doing) - don't forget to undo the
changes after!




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Fri Aug 20 20:46:02 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.981.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>Yes, no problem.
>Virus.scanners.conf says
>vexira          /usr/lib/MailScanner/vexira-wrapper     /usr/lib/Vexira
>and it detects all sorts of eicar just fine.
>
>If you set
>         Debug = yes
>what output do you get, and what appears in the logs?
>
>At 19:59 20/08/2004, you wrote:
>>Julian,
>>
>>Have you had any luck getting vexira to run ?
>>
>>Just some more info.
>>
>>I can fire up a bunch of blank messages from a remote location -
>>
>>sendmail -v foobar@where_mailscanner.com
>>
>>If I run top on the mailscanner machine I can see vexira  fireing up, so 
>>it
>>would appear its talking to vexira.
>>
>>However it dosn't detect viruses(eicar)

debug output here, dosen't appear to see any files -

Starting MailScanner...
In Debugging mode, not forking...
SA bayes lock is /root/.spamassassin/bayes.lock
Bayes lock is at /root/.spamassassin/bayes.lock
Vexira Antivirus / FreeBSD Version 2.2.1-14
Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
All rights reserved.

Loading /usr/lib/Vexira/vexira.vdf ...

VDF version: 6.27.0.21 created 19 Aug 2004

Vexira Antivirus license: 2003000000 for x, Inc.

checking drive/path (list): .

------ scan results ------
    directories:      1
  scanned files:      0
         alerts:      0
     suspicious:      0
      scan time: 00:00:01
--------------------------
Thank you for using Vexira Antivirus!
Stopping now as you are debugging me.


Here is the tail of the log file -

New Batch: Scanning 1 messages, 1371 bytes
mail MailScanner[40289]: Archived message i7KJSW3k040326 to mbox file 
/var/spool/MailScanner/archive
Saved archive copies of i7KJSW3k040326
MCP Checks completed at 1371 bytes per second
Spam Checks: Starting
mail MailScanner[40289]: Message i7KJSW3k040326 from 127.0.0.1 
(brent@x.x.com) to
x.x.com is not spam, SpamAssassin (score=0, required 6, autolearn=not spam)
mail MailScanner[40289]: Spam Checks completed at 1371 bytes per second
mail MailScanner[40289]: Virus and Content Scanning: Starting
mail MailScanner[40289]: Filename Checks: Allowing i7KJSW3k040326 eicar.com 
(no rule matched)
mail MailScanner[40289]: Virus Scanning completed at 1371 bytes per second
mail MailScanner[40289]: Uninfected: Delivered 1 messages
mail MailScanner[40289]: Virus Processing completed at 1371 bytes per second
mail MailScanner[40289]: Disinfection completed at 1371 bytes per second
mail MailScanner[40289]: Batch completed at 685 bytes per second (1371 / 2)
mail MailScanner[40289]: MailScanner child dying of old age
mail sendmail[40335]: i7KJSW3k040326: to=<jack@x.x.com>, 
ctladdr=<brent@x.x.com>
(3129/3129), delay=00:00:03, xdelay=00:00:00, mailer=local, pri=120832, 
dsn=2.0.0, stat=Sent

I've tried to remove time/date dirt in maillog so this posts better

It dosn't look like vexira sees any files.

Also here is my virus.scanners.conf

vexira    /usr/local/libexec/MailScanner/vexira-wrapper /usr/lib/Vexira


btb

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ^Ö get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From brentbolin at HOTMAIL.COM  Fri Aug 20 21:02:13 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.982.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Are the paths for vexira correct in the virus.scanner.conf file?
Have you changed any of the permissions settings for the work dir in
mailScanner.conf.  Does vexira drop priviledges when running as root
(this could cause permissions problems)?
If all else fails try hacking the vexira wrapper script to redirect the
output to a file (try redirecting stdout and stderr to different files,
this should at least show what it is doing) - don't forget to undo the
changes after!


========================================

Paths in virus.scanner.conf look correrct.

Don't know what the permissions should be.

Vexira shows it running as root.

How do hack the wrapper ?

There was a symlink created when I install vexira.

/usr/lib/Vexira/vexira --> /usr/bin/vexira but I removed it.

Remember clamav works fine.

btb

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ^Ö get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From hden at KCBBS.GEN.NZ  Fri Aug 20 21:13:44 2004
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:26:37 2006
Subject: eTRUST and update reporting
Message-ID: <mailman.983.1137101197.24926.mailscanner@lists.mailscanner.info>

First..

 Thanks for the earlier replies regarding eTrust. After altering
 virus.scanners.conf, pointing it to the etrust folder sorted the
 problem and had MailScanner 'find' and begin to use eTrust.

 I now have just one more query, although I suspect this
 isn't an issue,

 I'm running both Sophos and eTrsut. At update,
 sophos reports..

 update.virus.scanners: Found sophos installed
 update.virus.scanners: Running autoupdate for sophos
 Sophos-autoupdate[8219]: Sophos successfully updated [SNIP]

 Where as eTrust reports...

 update.virus.scanners: Running autoupdate for etrust
 eTrust-autoupdate[8132]: eTrust did not need updating

 But, the eTrust log do show a successfull dowmload?

 Just checking to see if I need another config tweak
 somewhere? although I'm happy to live with this as it
 doesn't seem to be affecting performance.

Cheers!
Hendrik

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Fri Aug 20 22:11:04 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.984.1137101197.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-08-20 at 20:46, Brent Bolin wrote:
> debug output here, dosen't appear to see any files -

stick these three lines into vexira-wrapper (temporarily) then run the
debug again.  Put them above the exec line.

pwd
ls -lR .
who am i

post the results.  It looks to me like either its running in the wrong
directory (unlikely) of doesn't have permissions to read the files.





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Fri Aug 20 22:35:48 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:37 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.985.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Starting MailScanner...
In Debugging mode, not forking...
SA bayes lock is /root/.spamassassin/bayes.lock
Bayes lock is at /root/.spamassassin/bayes.lock
Line: /var/spool/MailScanner/incoming/41484
Line: total 4
Line: drwx------  2 root  wheel  512 Aug 20 16:34 i7KLYX3k041501
Line: -rw-------  1 root  wheel  790 Aug 20 16:34 i7KLYX3k041501.header
Line:
Line: ./i7KLYX3k041501:
Line: total 2
Line: -rw-------  1 root  wheel  68 Aug 20 16:34 eicar.com
Line: root             ttyp1    Aug 20 14:27 (67.39.169.194)
Line: Vexira Antivirus / FreeBSD Version 2.2.1-14
Line: Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
Line: Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
Line: All rights reserved.
Line:
Line: Loading /usr/lib/Vexira/vexira.vdf ...
Line:
Line: VDF version: 6.27.0.23 created 20 Aug 2004
Line:
Line: Vexira Antivirus license: 2003000000 for Specialty Store Services,
Inc.
Line:
Line: checking drive/path (list): .
Line:
Line: ------ scan results ------
Line:    directories:        1
Line:  scanned files:        0
Line:         alerts:        0
Line:     suspicious:        0
Line:      scan time: 00:00:01
Line: --------------------------
Line: Thank you for using Vexira Antivirus!
Stopping now as you are debugging me.



>From: Kevin Spicer <kevins@BMRB.CO.UK>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Any success getting vexira running with mailscanner
>Date: Fri, 20 Aug 2004 22:11:04 +0100
>
>On Fri, 2004-08-20 at 20:46, Brent Bolin wrote:
> > debug output here, dosen't appear to see any files -
>
>stick these three lines into vexira-wrapper (temporarily) then run the
>debug again.  Put them above the exec line.
>
>pwd
>ls -lR .
>who am i
>
>post the results.  It looks to me like either its running in the wrong
>directory (unlikely) of doesn't have permissions to read the files.
>
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Sat Aug 21 00:18:00 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.986.1137101197.24926.mailscanner@lists.mailscanner.info>

It does, with the only disadvantage (from only *some* users' point of view,
myself included) is that spam and viruses also get archived.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Vlad Mazek
Sent: Friday, August 20, 2004 1:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: deliver and archive

Greetings,

I was curious if anybody here explored the possibility of MailScanner
both delivering and archiving all incoming mail for auditing purposes.
We currently use a number of procmail scripts to manage this aspect and
would like to do it at the MailScanner level.

Any advice, experience, suggestion or patch would be appreciated. Thank you

-Vlad

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Sat Aug 21 00:27:00 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.987.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Couldn't you avoid that by using the action rules?

For example:

for non-spam, have it "deliver" and forward to an archive

for spam, have it "deliver" and forward to that archive (just in case
it's a false positive)

for high-spam, do whatever (delete, deliver) and don't forward to the
archive.


Seems to me like that would work.


On Aug 20, 2004, at 4:18 PM, Alex Neuman wrote:

> It does, with the only disadvantage (from only *some* users' point of
> view,
> myself included) is that spam and viruses also get archived.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Vlad Mazek
> Sent: Friday, August 20, 2004 1:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: deliver and archive
>
> Greetings,
>
> I was curious if anybody here explored the possibility of MailScanner
> both delivering and archiving all incoming mail for auditing purposes.
> We currently use a number of procmail scripts to manage this aspect and
> would like to do it at the MailScanner level.
>
> Any advice, experience, suggestion or patch would be appreciated.
> Thank you
>
> -Vlad
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Sat Aug 21 00:29:17 2004
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:26:37 2006
Subject: deliver and archive
Message-ID: <mailman.988.1137101197.24926.mailscanner@lists.mailscanner.info>

I believe that doesn't work because "Archive" runs before virus or spam
checking. Or at least that's what I understood from Julian's several
postings about this.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of John Rudd
Sent: Friday, August 20, 2004 6:27 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: deliver and archive

Couldn't you avoid that by using the action rules?

For example:

for non-spam, have it "deliver" and forward to an archive

for spam, have it "deliver" and forward to that archive (just in case
it's a false positive)

for high-spam, do whatever (delete, deliver) and don't forward to the
archive.


Seems to me like that would work.


On Aug 20, 2004, at 4:18 PM, Alex Neuman wrote:

> It does, with the only disadvantage (from only *some* users' point of
> view,
> myself included) is that spam and viruses also get archived.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Vlad Mazek
> Sent: Friday, August 20, 2004 1:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: deliver and archive
>
> Greetings,
>
> I was curious if anybody here explored the possibility of MailScanner
> both delivering and archiving all incoming mail for auditing purposes.
> We currently use a number of procmail scripts to manage this aspect and
> would like to do it at the MailScanner level.
>
> Any advice, experience, suggestion or patch would be appreciated.
> Thank you
>
> -Vlad
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Sat Aug 21 00:43:19 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:37 2006
Subject: Feature Request (and: Re: deliver and archive)
Message-ID: <mailman.989.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Right, but what I'm saying is, effectively, to archive by using the
spam/high-spam/non-spam actions to forward messages to an archive email
address, instead of archiving by using Mailscanner's built in archive
function.  That should allow you to weed out spam and/or high spam.

Not sure about viruses.  I almost wish that viruses and filename/type
checks had an "actions" setting (or has Julian done that since my last
upgrade? Last time I made an actions feature request, about non-spam
actions, Julian had in fact already done it) like the spam actions.  I
can see the following action settings:

viruses
noisy-viruses
silent-viruses
bad-filenames
bad-filetypes
spam
high-spam
non-spam

(I include the last 3 for a complete list, and because "non-spam" would
also imply non-virus, etc. in that list)

Then you could have keywords that reflect how viruses are handled (just
like you do for spam): deliver, bounce (which would imply sending a
report when it's a virus/filename/filecheck problem), delete, etc.



And, a second feature request that depends upon the first would be:
have something that orders the processing for those actions.  Sort of
like:

Action Order = noisy-virus silent-virus virus high-spam spam non-spam

(and I would only have messages continue to be processed by the next
action type IF the previous action type included "deliver")

(and this second feature request is NOT the same as asking to have the
order of the actual checks changed (which has been discussed before),
just how messages actions are done)


On Aug 20, 2004, at 4:29 PM, Alex Neuman wrote:

> I believe that doesn't work because "Archive" runs before virus or spam
> checking. Or at least that's what I understood from Julian's several
> postings about this.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of John Rudd
> Sent: Friday, August 20, 2004 6:27 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: deliver and archive
>
> Couldn't you avoid that by using the action rules?
>
> For example:
>
> for non-spam, have it "deliver" and forward to an archive
>
> for spam, have it "deliver" and forward to that archive (just in case
> it's a false positive)
>
> for high-spam, do whatever (delete, deliver) and don't forward to the
> archive.
>
>
> Seems to me like that would work.
>
>
> On Aug 20, 2004, at 4:18 PM, Alex Neuman wrote:
>
>> It does, with the only disadvantage (from only *some* users' point of
>> view,
>> myself included) is that spam and viruses also get archived.
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf
>> Of Vlad Mazek
>> Sent: Friday, August 20, 2004 1:05 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: deliver and archive
>>
>> Greetings,
>>
>> I was curious if anybody here explored the possibility of MailScanner
>> both delivering and archiving all incoming mail for auditing purposes.
>> We currently use a number of procmail scripts to manage this aspect
>> and
>> would like to do it at the MailScanner level.
>>
>> Any advice, experience, suggestion or patch would be appreciated.
>> Thank you
>>
>> -Vlad
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ml at NETGROUPES.CA  Sat Aug 21 01:03:21 2004
From: ml at NETGROUPES.CA (Mailing List)
Date: Thu Jan 12 21:26:37 2006
Subject: From rewrite
Message-ID: <mailman.990.1137101197.24926.mailscanner@lists.mailscanner.info>

Hi,

I have instances where the from address is rewritten in the form
displayname@gateway's_domain.com, instead of leaving what ever was
there.

Any ideas?

Oh yes
Postfix 2.1.1-5.rh9
MailScanner 4.31.6-1 (I'll upgrade just in case, but I doubt...)

Thanks! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mhw at WITTSEND.COM  Sat Aug 21 02:53:37 2004
From: mhw at WITTSEND.COM (Michael H. Warfield)
Date: Thu Jan 12 21:26:37 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.991.1137101197.24926.mailscanner@lists.mailscanner.info>

On Mon, Aug 16, 2004 at 03:46:36PM -0700, Chris W. Parker wrote:
> Michael H. Warfield <mailto:mhw@WITTSEND.COM>
>     on Monday, August 16, 2004 2:04 PM said:

> >         5) Restrict ssh to IPv6.

> [snip]

> that's a good read and all, but what about the rest of us? :P

        Huh?

        I guess I don't understand the question.

        Anyone who is on IPv4 has IPv6.  In fact, everyone with an
IPv4 address has and entire IPv6 network assigned to them.  I've
traveled around the world, US, Canada, Asia, Europe, and have never
EVER found a single place where I could not get to IPv6 if I could
connect to the network at all.  In fact, I've driven from Florida
to Michigan and from Georgia to Mass using Spring 3G cellular and (even
though I lost the PPP connections in some mountains and some tunnels)
never had trouble maintaining my IPv6 connectivity once the link was up.

        What "rest of us" are you referring to?  You've all got it.
You just need to know how to use it.

> chris.

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  316bytes. ]
    [ Unable to print this part. ]


From mhw at WITTSEND.COM  Sat Aug 21 03:11:33 2004
From: mhw at WITTSEND.COM (Michael H. Warfield)
Date: Thu Jan 12 21:26:37 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.992.1137101197.24926.mailscanner@lists.mailscanner.info>

On Tue, Aug 17, 2004 at 12:15:12AM -0500, Alex Neuman wrote:
> I have to admit I'm stone cold dumb as to IPv6 as well. Can you recommend a
> good place to start reading up?

        Not a problem.  All too common, in fact.  Especially in North
America where we seem to collectively have our heads in the sands and
don't realize that IPv6 actually passed IPv4 by in terms of routable
network capacity (not counting 6bone or 6to4 - just the production networks)
some time ago.

        First starting point, "IPv6 Style" <http://www.ipv6style.jp> but
don't let the .jp scare you.  It's in English and loaded with really
cool articles on getting started cheap and easy.  One of my favorite
IPv6 sites, hands down.

        From there, you might check out DeepSpace6 <http://www.deepspace6.net>
(Tends to be slow - look for mirrors).

        Check out <http://www.bieringer.de/linux/IPv6>, Peter Bieringer's
Linux IPv6 HowTo (he has a DeepSpace6 mirror).

        Tunnel brokers (if you want static IPv6 addresses) and ISPs:

        Hurricane Electric: <http://www.tunnelbroker.net>
        FreeNet6: <http://www.freenet6.org>
        SixXS (Europe): <http://www.sixxs.net>

        Books:  IPv6 Essentials, O'Reilly

        Shows:  LinuxWorld (me!  :-) )

        It's easy to get started and people don't realize how much
IPv6 is already out there.  Lots of DNS servers and SMTP servers
are already talking native IPv6.  Lots of web servers (I'm surprised
how often my web browser routes out through IPv6 instead of IPv4).  Some
of the root name servers have added IPv6.

        ARIN is now including IPv6 their sites:

[root@alcove mhw]# host -t AAAA www.arin.net
www.arin.net has AAAA address 2001:440:2000:1::16

        Shame on the American Registries for Internet Numbers.  A trivial
EUI address.  Typical IPv4 mindthink applied to IPv6 and so needless.  Sigh.

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  316bytes. ]
    [ Unable to print this part. ]


From peter at UCGBOOK.COM  Sat Aug 21 12:13:13 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:37 2006
Subject: Exchange 2003 strips X-headers?
Message-ID: <mailman.993.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Did anyone see this behavior? We have a customer who is migrating from
Exchange 5.5 to 2003 and the test mailboxes on the 2003 servers do not
contain any X-headers from previous servers, i.e. all info from
MailScanner like spam score and so on. Is it something that can be
changed in Exchange 2003? I don't want it like this, it will affect
analyzing problems.

Here's an example of a spam e-mail:

--->
Microsoft Mail Internet Headers Version 2.0
Received:  from XXX (x.y.z [x.x.x.x]) by x.y.z
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id
KGM62R9D; Thu, 10 Jun 2004 07:08:49 +0200
Received:  from x.y.z [x.x.x.x] by [x.x.x.x];
using TFS Secure Messaging on Thu, 10 Jun 2004 7:12:51 +0200
Received:  from x.y.z (x.y.z [x.x.x.x]) by
x.y.z (8.12.10+Sun/8.12.9) with ESMTP id i5A58X7u028498 for
<someone@somewhere.xyz>; Thu, 10 Jun 2004 07:08:33 +0200 (CEST)
Received:  from x.x.x.x ([x.x.x.x]) by x.y.z
(8.12.10/8.12.8) with SMTP id i5A58Dbl016607 for
<someone@somewhere.xyz>; Thu, 10
Jun 2004 07:08:25 +0200 (CEST)
Received:  from x.x.x.x by x.x.x.x Thu, 10 Jun 2004 00:02:25 -0600
Content-class: urn:content-classes:message
Subject: {Spam?} Important
MIME-Version: 1.0
Content-Type: application/ms-tnef;
        name="winmail.dat"
Content-Transfer-Encoding: binary
Date: Thu, 10 Jun 2004 08:03:25 +0200
Message-ID: <wprzsgknkruYcko6war0srvtuo@ae.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <wprzsgknkruYcko6war0srvtuo@ae.com>
Thread-Topic: {Spam?} Important
Thread-Index: AcROqQQpLzyl8RnPRkiFKz8/tuFVpQ==
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
From: "Ruiz Jon" <Rudddate@lycos.com>
To: <someone@somewhere.xyz>
Reply-To: "Ruiz Jon" <Rudddate@lycos.com>
<---

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From res at AUSICS.NET  Sat Aug 21 14:15:27 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:37 2006
Subject: non rpm installscript
Message-ID: <mailman.994.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
  I know this was covered recently but can someone kindly give me a refresher
  as to how to get around the non rpm install.sh that insists we have rpm :)

  Have a slackware box that is existing on a network as a secondary mx I need
  to put this on.


--
Regards,
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 21 19:21:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.995.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Is anyone running the latest release candidate of SpamAssassin 3 on
MailScanner 4.32?
If so, have you seen any problems?
I've just done some basic tests (and written a script which installs all
the required modules for Solaris) and it appears to work okay. Can anyone
confirm this is all okay?

Thanks!
Jules
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gdoris at ROGERS.COM  Sat Aug 21 22:44:08 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:26:37 2006
Subject: Difference in virus scanners????
Message-ID: <mailman.996.1137101197.24926.mailscanner@lists.mailscanner.info>

I tried manually scanning 6362 files that are in the MailScanner
quarantine directory using ClamAV, Trend, and F-Prot.  I got some very
different results.  Does anyone know why there should be such a
difference?

Each of the scanners checked the same files.  However, they reported back
the following results:

ClamAV - 31 infected files
Trend - 61 infected files (76 including compressed files)
F-Prot - 46 infected files + 6 suspicious files


Details follow....

ClamAV Results
--------------------------------------
Scan started: Sat Aug 21 17:19:19 2004

-- summary --
Known viruses: 23583
Scanned directories: 45
Scanned files: 6362
Infected files: 31
Data scanned: 23.57 MB
I/O buffer size: 131072 bytes
Time: 33.975 sec (0 m 33 s)

************************************************************

Virus Scanner v3.1, VSAPI v7.000-1011
Trend Micro Inc. 1996,1997
        Pattern version 160
        Pattern number 70212
Directory:
        Searched : 45
File:
        Searched : 6362
            Scan : 6361
        Infected : 61
        Infected : 76(Include files been compressed)
Time:
        Start : 8/21/04 17:16:18
         Stop : 8/21/04 17:17:51
         Used : 01:33

************************************************************

Virus scanning report  -  21 August 2004 @ 17:15

F-PROT ANTIVIRUS
Program version: 4.4.2
Engine version: 3.14.11

VIRUS SIGNATURE FILES
SIGN.DEF created 18 August 2004
SIGN2.DEF created 18 August 2004
MACRO.DEF created 16 August 2004

Search: quarantine
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER
Results of virus scanning:

Files: 6362
MBRs: 0
Boot sectors: 0
Objects scanned: 6522
Infected: 46
Suspicious: 6
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 1:03


--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 21 22:58:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: non rpm installscript
Message-ID: <mailman.997.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:15 21/08/2004, you wrote:
>  I know this was covered recently but can someone kindly give me a refresher
>  as to how to get around the non rpm install.sh that insists we have rpm :)
>
>  Have a slackware box that is existing on a network as a secondary mx I need
>  to put this on.

I have just removed the rpm-based install code from the non-rpm install
script. At some point in the near future the distributions will be merged,
just not quite yet.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 21 22:59:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: Difference in virus scanners????
Message-ID: <mailman.998.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:44 21/08/2004, you wrote:
>I tried manually scanning 6362 files that are in the MailScanner
>quarantine directory using ClamAV, Trend, and F-Prot.  I got some very
>different results.  Does anyone know why there should be such a
>difference?
>
>Each of the scanners checked the same files.  However, they reported back
>the following results:
>
>ClamAV - 31 infected files
>Trend - 61 infected files (76 including compressed files)
>F-Prot - 46 infected files + 6 suspicious files

It would be interesting to see the differences between the lists of
detected viruses.
A possibility is that F-Prot and/or Trend are finding both infected
archives and infected files within those archives, which ClamAV may be just
reporting as one infection.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chris at scorpion.nl  Sat Aug 21 23:02:23 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.999.1137101197.24926.mailscanner@lists.mailscanner.info>

Will it help to know it runs flawlessly on RH9 ?

bye,
Chris

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: zaterdag 21 augustus 2004 20:21
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SpamAssassin 3 and MailScanner 4.32?
>
> Is anyone running the latest release candidate of SpamAssassin 3 on
> MailScanner 4.32?
> If so, have you seen any problems?
> I've just done some basic tests (and written a script which
> installs all
> the required modules for Solaris) and it appears to work
> okay. Can anyone
> confirm this is all okay?
>
> Thanks!
> Jules
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gdoris at ROGERS.COM  Sun Aug 22 02:24:25 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:26:37 2006
Subject: Difference in virus scanners????
Message-ID: <mailman.1000.1137101197.24926.mailscanner@lists.mailscanner.info>

On Sat, 21 Aug 2004, Julian Field wrote:

> At 22:44 21/08/2004, you wrote:
> >I tried manually scanning 6362 files that are in the MailScanner
> >quarantine directory using ClamAV, Trend, and F-Prot.  I got some very
> >different results.  Does anyone know why there should be such a
> >difference?
> >
> >Each of the scanners checked the same files.  However, they reported back
> >the following results:
> >
> >ClamAV - 31 infected files
> >Trend - 61 infected files (76 including compressed files)
> >F-Prot - 46 infected files + 6 suspicious files
>
> It would be interesting to see the differences between the lists of
> detected viruses.
> A possibility is that F-Prot and/or Trend are finding both infected
> archives and infected files within those archives, which ClamAV may be just
> reporting as one infection.
> --
> Julian Field

I ran the scans again and have attached the output for ClamAV and F-Prot.
The output for Trend is really verbose and was over 750k which is too much
for the list.

I'm totally confused at what I'm seeing.  It looks like some of the
scanners are counting both an I-Frame exploit and a Worm in the same
message???

--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



    [ Part 2, Application/OCTET-STREAM (Name: "fprot")  1.6KB. ]
    [ Unable to print this part. ]


    [ Part 3, Application/OCTET-STREAM (Name: "clam")  1.6KB. ]
    [ Unable to print this part. ]


From sevans at FOUNDATION.SDSU.EDU  Sun Aug 22 05:43:42 2004
From: sevans at FOUNDATION.SDSU.EDU (Steve Evans)
Date: Thu Jan 12 21:26:37 2006
Subject: Exchange 2003 strips X-headers?
Message-ID: <mailman.1001.1137101197.24926.mailscanner@lists.mailscanner.info>

FYI - I'm on Exchange 2003 and it's not doing anything to my X-headers. 


Steve Evans
SDSU Foundation
 
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Peter Bonivart
Sent: Saturday, August 21, 2004 4:13 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Exchange 2003 strips X-headers?

Did anyone see this behavior? We have a customer who is migrating from
Exchange 5.5 to 2003 and the test mailboxes on the 2003 servers do not
contain any X-headers from previous servers, i.e. all info from
MailScanner like spam score and so on. Is it something that can be
changed in Exchange 2003? I don't want it like this, it will affect
analyzing problems.

Here's an example of a spam e-mail:

--->
Microsoft Mail Internet Headers Version 2.0
Received:  from XXX (x.y.z [x.x.x.x]) by x.y.z with SMTP (Microsoft
Exchange Internet Mail Service Version 5.5.2657.72) id KGM62R9D; Thu, 10
Jun 2004 07:08:49 +0200
Received:  from x.y.z [x.x.x.x] by [x.x.x.x]; using TFS Secure Messaging
on Thu, 10 Jun 2004 7:12:51 +0200
Received:  from x.y.z (x.y.z [x.x.x.x]) by x.y.z (8.12.10+Sun/8.12.9)
with ESMTP id i5A58X7u028498 for <someone@somewhere.xyz>; Thu, 10 Jun
2004 07:08:33 +0200 (CEST)
Received:  from x.x.x.x ([x.x.x.x]) by x.y.z
(8.12.10/8.12.8) with SMTP id i5A58Dbl016607 for
<someone@somewhere.xyz>; Thu, 10 Jun 2004 07:08:25 +0200 (CEST)
Received:  from x.x.x.x by x.x.x.x Thu, 10 Jun 2004 00:02:25 -0600
Content-class: urn:content-classes:message
Subject: {Spam?} Important
MIME-Version: 1.0
Content-Type: application/ms-tnef;
        name="winmail.dat"
Content-Transfer-Encoding: binary
Date: Thu, 10 Jun 2004 08:03:25 +0200
Message-ID: <wprzsgknkruYcko6war0srvtuo@ae.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <wprzsgknkruYcko6war0srvtuo@ae.com>
Thread-Topic: {Spam?} Important
Thread-Index: AcROqQQpLzyl8RnPRkiFKz8/tuFVpQ==
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
From: "Ruiz Jon" <Rudddate@lycos.com>
To: <someone@somewhere.xyz>
Reply-To: "Ruiz Jon" <Rudddate@lycos.com>
<---

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sun Aug 22 09:10:22 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:37 2006
Subject: Exchange 2003 strips X-headers?
Message-ID: <mailman.1002.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve Evans wrote:
> FYI - I'm on Exchange 2003 and it's not doing anything to my X-headers.

Ok, so then I should be able to get rid of it too. Good news. Problem is
the Microsoft admins probably don't know what a header is so asking them
to help is usually not very rewarding.

No one knows where this behavior is configurable..?

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From res at AUSICS.NET  Sun Aug 22 09:12:37 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:37 2006
Subject: non rpm installscript
Message-ID: <mailman.1003.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sat, 21 Aug 2004, Julian Field wrote:

> At 14:15 21/08/2004, you wrote:
>>  I know this was covered recently but can someone kindly give me a
>> refresher
>>  as to how to get around the non rpm install.sh that insists we have rpm
>> :)
>>
>>  Have a slackware box that is existing on a network as a secondary mx I
>> need
>>  to put this on.
>
> I have just removed the rpm-based install code from the non-rpm install
> script. At some point in the near future the distributions will be merged,
> just not quite yet.


Thanks :)


--
Regards,
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chris at scorpion.nl  Sun Aug 22 11:01:57 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1004.1137101197.24926.mailscanner@lists.mailscanner.info>

Actually, I might have to come back on that one .. I just noticed that my
"autolearn=, " error mentioned some days ago is visible on other SA3 setups
as well. They all use MailScanner 4.32.(4|5) with SA 3.0-rc1.

Aug 22 11:14:21 vmx01 MailScanner[18769]: Message 1ByoQV-0005Fw-3a from
213.206.89.190 (xbucmle@issihk.net) to paradogs.com is spam, SpamAssassin
(score=16.499, required 5.5, autolearn=, AWL 0.00, BAYES_99 1.89, DCC_CHECK
2.17, EXCUSE_3 0.12, HTML_40_50 0.04, HTML_FONT_BIG 0.14, HTML_MESSAGE 0.00,
HTML_MIME_NO_HTML_TAG 0.14, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18,
MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, RCVD_ILLEGAL_IP 0.94,
X_MESSAGE_INFO 4.24)

I see examples of these with low and high scores ...

bye,
Chris

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Christiaan den Besten
> Sent: zondag 22 augustus 2004 0:02
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SpamAssassin 3 and MailScanner 4.32?
>
> Will it help to know it runs flawlessly on RH9 ?
>
> bye,
> Chris
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> > Sent: zaterdag 21 augustus 2004 20:21
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: SpamAssassin 3 and MailScanner 4.32?
> >
> > Is anyone running the latest release candidate of SpamAssassin 3 on
> > MailScanner 4.32?
> > If so, have you seen any problems?
> > I've just done some basic tests (and written a script which
> > installs all
> > the required modules for Solaris) and it appears to work
> > okay. Can anyone
> > confirm this is all okay?
> >
> > Thanks!
> > Jules
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From danielk at AVALONPUB.COM  Sun Aug 22 11:08:22 2004
From: danielk at AVALONPUB.COM (Daniel Kleinsinger)
Date: Thu Jan 12 21:26:37 2006
Subject: Exchange 2003 strips X-headers?
Message-ID: <mailman.1005.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:

> Did anyone see this behavior? We have a customer who is migrating from
> Exchange 5.5 to 2003 and the test mailboxes on the 2003 servers do not
> contain any X-headers from previous servers...
>

I've noticed similar things when running in mixed mode w/ Exchange 2000
and 5.5.  I'm not 100% sure, but I think that emails received through
the IMC (SMTP server in normal talk) on the 5.5 machine and then
tranferred to the other server lose their headers.  Is the 5.5 machine
the one receiving the SMTP connections?  I'd hazard a guess that the
behaviour might change when you switch to native mode or make the 2003
machine the one that talks SMTP.  I've looked and not found any other
way to keep the headers so please let me know if you find another solution.

Daniel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From anders.andersson at LTKALMAR.SE  Sun Aug 22 11:50:59 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: Exchange 2003 strips X-headers?
Message-ID: <mailman.1006.1137101197.24926.mailscanner@lists.mailscanner.info>

> -----Ursprungligt meddelande-----
> Från: Peter Bonivart [mailto:peter@UCGBOOK.COM] 
> Did anyone see this behavior? We have a customer who is 
> migrating from Exchange 5.5 to 2003 and the test mailboxes on 
> the 2003 servers do not contain any X-headers from previous 
> servers, i.e. all info from MailScanner like spam score and 
> so on. Is it something that can be changed in Exchange 2003? 
> I don't want it like this, it will affect analyzing problems.

Ive seen that after we did the migration ie not in native mode yet but soon.
I didnt find any real reason for it but after restarting IMC on 5.5 and the
new 2003 server we got them back. I think it has something to do with the
old problem that 5.5 removes headers after resending a mail. Since 5.5 dont
use smtp internaly I think it get confused when sending to 2003.
So the solution for e was to to restart the servises and we got the headers
back  =)
> 
> Here's an example of a spam e-mail:
> 
> --->
> Microsoft Mail Internet Headers Version 2.0
> Received:  from XXX (x.y.z [x.x.x.x]) by x.y.z with SMTP 
> (Microsoft Exchange Internet Mail Service Version 
> 5.5.2657.72) id KGM62R9D; Thu, 10 Jun 2004 07:08:49 +0200
> Received:  from x.y.z [x.x.x.x] by [x.x.x.x]; using TFS 
> Secure Messaging on Thu, 10 Jun 2004 7:12:51 +0200
> Received:  from x.y.z (x.y.z [x.x.x.x]) by x.y.z 
> (8.12.10+Sun/8.12.9) with ESMTP id i5A58X7u028498 for 
> <someone@somewhere.xyz>; Thu, 10 Jun 2004 07:08:33 +0200 (CEST)
> Received:  from x.x.x.x ([x.x.x.x]) by x.y.z
> (8.12.10/8.12.8) with SMTP id i5A58Dbl016607 for 
> <someone@somewhere.xyz>; Thu, 10 Jun 2004 07:08:25 +0200 (CEST)
> Received:  from x.x.x.x by x.x.x.x Thu, 10 Jun 2004 00:02:25 -0600
> Content-class: urn:content-classes:message
> Subject: {Spam?} Important
> MIME-Version: 1.0
> Content-Type: application/ms-tnef;
>         name="winmail.dat"
> Content-Transfer-Encoding: binary
> Date: Thu, 10 Jun 2004 08:03:25 +0200
> Message-ID: <wprzsgknkruYcko6war0srvtuo@ae.com>
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator: <wprzsgknkruYcko6war0srvtuo@ae.com>
> Thread-Topic: {Spam?} Important
> Thread-Index: AcROqQQpLzyl8RnPRkiFKz8/tuFVpQ==
> X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
> From: "Ruiz Jon" <Rudddate@lycos.com>
> To: <someone@somewhere.xyz>
> Reply-To: "Ruiz Jon" <Rudddate@lycos.com>
> <---
> 
> --
> /Peter Bonivart

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Sun Aug 22 11:53:48 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1007.1137101197.24926.mailscanner@lists.mailscanner.info>

Runs fine with SA rc1 on Fedora core2 with latest MS and I'm very happy  =)
 
> -----Ursprungligt meddelande-----
> Från: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
> Skickat: den 21 augusti 2004 20:21
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: SpamAssassin 3 and MailScanner 4.32?
> 
> Is anyone running the latest release candidate of 
> SpamAssassin 3 on MailScanner 4.32?
> If so, have you seen any problems?
> I've just done some basic tests (and written a script which 
> installs all the required modules for Solaris) and it appears 
> to work okay. Can anyone confirm this is all okay?
> 
> Thanks!
> Jules

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 22 12:11:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1008.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Are your autolearn= reports in the SA report correct?

At 11:53 22/08/2004, you wrote:
>Runs fine with SA rc1 on Fedora core2 with latest MS and I'm very happy  =)
>
> > -----Ursprungligt meddelande-----
> > Från: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
> > Skickat: den 21 augusti 2004 20:21
> > Till: MAILSCANNER@JISCMAIL.AC.UK
> > Ämne: SpamAssassin 3 and MailScanner 4.32?
> >
> > Is anyone running the latest release candidate of
> > SpamAssassin 3 on MailScanner 4.32?
> > If so, have you seen any problems?
> > I've just done some basic tests (and written a script which
> > installs all the required modules for Solaris) and it appears
> > to work okay. Can anyone confirm this is all okay?

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From anders.andersson at LTKALMAR.SE  Sun Aug 22 12:28:48 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1009.1137101197.24926.mailscanner@lists.mailscanner.info>

Yes, as far as I can tell. 
Im still trying to figure out how the autolearn function work so untill I
got figured out. Cant figure out if it only takes highscore or everything
thats marked as spam.

X-ns1_ltkalmar_se-MailScanner-SpamCheck: spam, SBL+XBL,
        SpamAssassin (resultat=32.419, krav 5, autolearn=disabled,
        DRUGS_ERECTILE 0.03, DRUGS_ERECTILE_OBFU 0.83, DRUGS_PAIN 0.04,
        MIME_BOUND_DD_DIGITS 4.23, MIME_MISSING_BOUNDARY 0.25,
        MSGID_SPAM_LETTERS 3.15, RAZOR2_CF_RANGE_51_100 1.49,
        RAZOR2_CHECK 0.15, RCVD_HELO_IP_MISMATCH 0.62, RCVD_ILLEGAL_IP 1.37,
        RCVD_IN_BL_SPAMCOP_NET 1.83, RCVD_IN_RFC_IPWHOIS 1.14,
        RCVD_IN_XBL 2.51, RCVD_NUMERIC_HELO 1.53, URIBL_AB_SURBL 2.01,
        URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_SC_SURBL 3.90,
        URIBL_WS_SURBL 0.54, X_MESSAGE_INFO 4.19)
X-ns1_ltkalmar_se-MailScanner-SpamScore: ssssssssssssssssssssssssssssssss
X-MailScanner-From: swutpxpwsuuouh@aol.com

----4161704658231208189

> -----Ursprungligt meddelande-----
> Från: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
> 
> Are your autolearn= reports in the SA report correct?
> 
> At 11:53 22/08/2004, you wrote:
> >Runs fine with SA rc1 on Fedora core2 with latest MS and I'm 
> very happy  
> >=)
> >
> > > -----Ursprungligt meddelande-----
> > > Från: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
> > > Is anyone running the latest release candidate of SpamAssassin 3 on 
> > > MailScanner 4.32?
> > > If so, have you seen any problems?
> > > I've just done some basic tests (and written a script 
> which installs 
> > > all the required modules for Solaris) and it appears to 
> work okay. 
> > > Can anyone confirm this is all okay?
> 
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz 
> MailScanner thanks transtec Computers for their support PGP 
> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Sun Aug 22 22:38:35 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:37 2006
Subject: How do i prevent alerts being delivered to specific addresses?
Message-ID: <mailman.1010.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

Not a big one, but a problem I've been wrestling with for a while.
First a little bit of explanation.  We have an internal trouble-ticket
system that accepts requests via e-mail (foo@example.com).  It's not
really smart and assumes that anything it receives is a valid request,
then after receiving a request it generates a case, then RESPONDS to the
requester with their case number (evil - I didn't write it OK).

Consequently whenever MailScanner finds a virus/spam/bad attachment
which is addressed to our ticketing system a ticket is opened, the
response forwarded to our MailScanner user (postmaster effectively) and
it's a mess to close all these bogus cases.

SO, my question to this group is how (the hell) do I tell MailScanner to
silently drop virus/spam/bad attachments addressed to the ticket system?
No alerts, no warnings, no modifying the message, just drop it.

I've put a few rules in place but obviously these aren't working as
expected.  Can someone give me the MailScanner.conf settings I need to
put into a rule set??

Cheers,

James
_____________________________
I.T. Manager - Asia Region
Open Channel Solutions
Sydney NSW 2000, Australia

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Mon Aug 23 00:31:21 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:37 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1011.1137101197.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Sat, 21 Aug 2004 19:21:27 +0100:

> Is anyone running the latest release candidate of SpamAssassin 3 on
> MailScanner 4.32?
>

Coincidentally I set up a brand new installation with 4.32 and SA 3 from 
the nightly snapshots on Saturday. So far it seems to work, I didn't have 
many messages going thru it yet. What I noticed when installing MS is that 
two perl packages from the Suse rpm install package won't install. They 
throw errors like below. I finally installed the packages via yast2. There 
must be a small error in the provided perl packages.

Sorry, I don't find the file with the errors, I'll have to look on the 
machine I sat at when installing.

Another small problem I noticed is MailWatch. I was under the impression 
that I just need to drop it in the new CustomFunctions dir and set the
Always Looked Up Last = &MailWatchLogging
but I had to add a require in CustomConfig.pm as well.
I thought everything in CustomFunctions would automatically get included. 
That is obviously not the case?


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From webalizer at nwcweb.com  Mon Aug 23 01:20:14 2004
From: webalizer at nwcweb.com (David J. Duffner - NWCWEB.com)
Date: Thu Jan 12 21:26:37 2006
Subject: How do i prevent alerts being delivered to specific addresses?
Message-ID: <mailman.1012.1137101197.24926.mailscanner@lists.mailscanner.info>

>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Gray
>Sent: Sunday, August 22, 2004 5:39 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: How do i prevent alerts being delivered to specific addresses?
>
>
>Hi All,
>
>Not a big one, but a problem I've been wrestling with for a while.
>First a little bit of explanation.  We have an internal trouble-ticket
>system that accepts requests via e-mail (foo@example.com).  It's not
>really smart and assumes that anything it receives is a valid request,
>then after receiving a request it generates a case, then
>RESPONDS to the
>requester with their case number (evil - I didn't write it OK).
>
>Consequently whenever MailScanner finds a virus/spam/bad attachment
>which is addressed to our ticketing system a ticket is opened, the
>response forwarded to our MailScanner user (postmaster effectively) and
>it's a mess to close all these bogus cases.
>
>SO, my question to this group is how (the hell) do I tell
>MailScanner to
>silently drop virus/spam/bad attachments addressed to the
>ticket system?
>No alerts, no warnings, no modifying the message, just drop it.
>
>I've put a few rules in place but obviously these aren't working as
>expected.  Can someone give me the MailScanner.conf settings I need to
>put into a rule set??
>
>Cheers,
>
>James
>_____________________________
>I.T. Manager - Asia Region
>Open Channel Solutions
>Sydney NSW 2000, Australia


        What about whitelisting the address in question that
accepts the mail, but only use From: instead of FromOrTo: so that
anything inbound is handled normally, but anything that account
sends out is essentially ignored and not processed?  This would
be in the allow_hosts file.  We use the same method on a few of
our in-house accounts to prevent similar issues and additional
load times on MailScanner processing stuff that really doesn't
matter if it's caught/tagged, etc.

        Just a thought!

      David J. Duffner
      VP Operations
      NWC Corporation
      NWCWEB.com

============================================
NWCWEB.com - Your Design & Hosting Solution!
Featuring Ensim Pro/Linux Servers, Hosted
Accounts, Web Design and e-Commerce services
NWC Corporation - Global e-Pay Solutions
============================================



--
Message scanned by MailScanner, and is believed to be clean.
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Mon Aug 23 01:41:04 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:38 2006
Subject: How do i prevent alerts being delivered to specific addresses?
Message-ID: <mailman.1013.1137101197.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David J. Duffner - NWCWEB.com wrote:
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Gray
>>Sent: Sunday, August 22, 2004 5:39 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: How do i prevent alerts being delivered to specific addresses?
>>
>>
>>SO, my question to this group is how (the hell) do I tell
>>MailScanner to
>>silently drop virus/spam/bad attachments addressed to the
>>ticket system?
>>No alerts, no warnings, no modifying the message, just drop it.
>>
>>I've put a few rules in place but obviously these aren't working as
>>expected.  Can someone give me the MailScanner.conf settings I need to
>>put into a rule set??
>>
>>Cheers,
>>
>>James
>>_____________________________
>>I.T. Manager - Asia Region
>>Open Channel Solutions
>>Sydney NSW 2000, Australia
>
>
>
>         What about whitelisting the address in question that
> accepts the mail, but only use From: instead of FromOrTo: so that
> anything inbound is handled normally, but anything that account
> sends out is essentially ignored and not processed?  This would
> be in the allow_hosts file.  We use the same method on a few of
> our in-house accounts to prevent similar issues and additional
> load times on MailScanner processing stuff that really doesn't
> matter if it's caught/tagged, etc.
>
>         Just a thought!
>
>       David J. Duffner
>       VP Operations
>       NWC Corporation

Thanks for the suggestion David.  The problem is we want to protect this
account from spam/viruses/etc but don't want to know when MailScanner
traps something (the Postmaster is notified of all viruses and blocked
content anyway, and spam is logged, so we have an audit trail "just in
case").  I've set up a couple of rules for spam actions, delivery of
cleaned/disinfected messages etc, to simple delete/no etc, (whatever is
relevant for the rule set).  But MailScanner still sends an alert for
viruses and blocked content to the original recipient.

The sequence seems to be (incoming mail addressed to foo@example.com):

Mail -> MailScanner -> MailScanner sends alert to foo@example.com to let
              |         them know it deleted/quarantined a virus etc.
              V
          Rule says delete
          virused mail or
          blocked content
          to this recipient.

What I *want* to happen is (incoming mail addressed to foo@example.com):

Mail -> MailScanner -> Rule says DON'T *this* notify recipient.
             |
             V
          Rule says drop
          this type of message:
          (as above)

This way our trouble ticket system doesn't generate a couple of dozen
bogus cases a day with warnings about quarantined/deleted content :)

For the moment we run a daily SQL script to dump all the cases
"generated" by MailScanner notifications, but I'd really like to stop it
at the cause, not clean up the effect.

Cheers,

James
_____________________________
I.T. Manager - Asia Region
Open Channel Solutions
Sydney NSW 2000, Australia

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Mon Aug 23 04:32:01 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:38 2006
Subject: How do i prevent alerts being delivered to specific addresses?
Message-ID: <mailman.1014.1137101198.24926.mailscanner@lists.mailscanner.info>

Since I host email for so many domains, I direct reports for a given domain
to a specific email address using a ruleset for the Postmaster in
MailScanner.conf  You should be able to do something like:

To:     foo@example.com         dev_null@example.com
To:     default                 postmaster

This assumes you have an alias pointing dev_null to /dev/null

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of James Gray
Sent: Sunday, August 22, 2004 7:41 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: How do i prevent alerts being delivered to specific addresses?

David J. Duffner - NWCWEB.com wrote:
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Gray
>>Sent: Sunday, August 22, 2004 5:39 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: How do i prevent alerts being delivered to specific addresses?
>>
>>
>>SO, my question to this group is how (the hell) do I tell MailScanner
>>to silently drop virus/spam/bad attachments addressed to the ticket
>>system?
>>No alerts, no warnings, no modifying the message, just drop it.
>>
>>I've put a few rules in place but obviously these aren't working as
>>expected.  Can someone give me the MailScanner.conf settings I need to
>>put into a rule set??
>>
>>Cheers,
>>
>>James
>>_____________________________
>>I.T. Manager - Asia Region
>>Open Channel Solutions
>>Sydney NSW 2000, Australia
>
>
>
>         What about whitelisting the address in question that accepts
> the mail, but only use From: instead of FromOrTo: so that anything
> inbound is handled normally, but anything that account sends out is
> essentially ignored and not processed?  This would be in the
> allow_hosts file.  We use the same method on a few of our in-house
> accounts to prevent similar issues and additional load times on
> MailScanner processing stuff that really doesn't matter if it's
> caught/tagged, etc.
>
>         Just a thought!
>
>       David J. Duffner
>       VP Operations
>       NWC Corporation

Thanks for the suggestion David.  The problem is we want to protect this
account from spam/viruses/etc but don't want to know when MailScanner traps
something (the Postmaster is notified of all viruses and blocked content
anyway, and spam is logged, so we have an audit trail "just in case").  I've
set up a couple of rules for spam actions, delivery of cleaned/disinfected
messages etc, to simple delete/no etc, (whatever is relevant for the rule
set).  But MailScanner still sends an alert for viruses and blocked content
to the original recipient.

The sequence seems to be (incoming mail addressed to foo@example.com):

Mail -> MailScanner -> MailScanner sends alert to foo@example.com to let
              |         them know it deleted/quarantined a virus etc.
              V
          Rule says delete
          virused mail or
          blocked content
          to this recipient.

What I *want* to happen is (incoming mail addressed to foo@example.com):

Mail -> MailScanner -> Rule says DON'T *this* notify recipient.
             |
             V
          Rule says drop
          this type of message:
          (as above)

This way our trouble ticket system doesn't generate a couple of dozen bogus
cases a day with warnings about quarantined/deleted content :)

For the moment we run a daily SQL script to dump all the cases "generated"
by MailScanner notifications, but I'd really like to stop it at the cause,
not clean up the effect.

Cheers,

James
_____________________________
I.T. Manager - Asia Region
Open Channel Solutions
Sydney NSW 2000, Australia

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Mon Aug 23 08:41:18 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:26:38 2006
Subject: Incomplete sendmail logs after upgrade to MS 4.32.5
Message-ID: <mailman.1015.1137101198.24926.mailscanner@lists.mailscanner.info>

On Fri, 20 Aug 2004 00:52:41 +0200, Raymond wrote:

>> I checked whether there was some other sendmail running but it wasn't.
>> Killing MS stopped processing mail from mqueue.in as expected. Messages
>> appeared in mqueue.in but still no loglines with to= and stat=queued.
>
>I haev seen this exact same behaviour, after a restart of the syslog
>deamon that we were using (syslog-ng) the problem was gone.

We'll try this.

On Thu, 19 Aug 2004 23:37:46 +0100, Julian wrote:

>MS does not affect the standard sendmail logging in any way.

I know. That made it so very strange. And for that reason we also
upgraded (outside normal upgrade policies) another system with a
different configuration.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dh at UPTIME.AT  Mon Aug 23 08:45:21 2004
From: dh at UPTIME.AT (David HXXhn)
Date: Thu Jan 12 21:26:38 2006
Subject: [OT] Modified DNA search algortihm identifies Spam.
Message-ID: <mailman.1016.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

A very interesting read at
http://www.research.ibm.com/spam/papers/chung-kwei.pdf

Apparently the modified algorithm, usually used in DNA prototype
sequenze matching is able to identify and tag Spam messages based on
combinatorical logic. Quite a nice read.

- -d

- --
nee anata wo mitsukete soshite nidoto wasurezu
~      donna ni munega itakutemo soba ni iru no
~                         zutto...zutto...zutto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBKaCRPMoaMn4kKR4RAw5lAJ9T+Z9cC1xPtHFaS1UGooTuCYD7TACZAbJ7
9yzcc1dhrtRQ3t1JZYeqJ0Y=
=S8pw
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From abdul at elxlinux.com  Mon Aug 23 09:31:11 2004
From: abdul at elxlinux.com (Abdul Khader)
Date: Thu Jan 12 21:26:38 2006
Subject: Sign Clean Messages
Message-ID: <mailman.1017.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi All,
Sign clean messages doesn't work even when I set the following
"Sign Clean Messages = yes"

Any ideas ?

Regards
Abdul Khader

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From sergios at MEDYNET.COM  Mon Aug 23 10:18:15 2004
From: sergios at MEDYNET.COM (Sergio Sergio)
Date: Thu Jan 12 21:26:38 2006
Subject: Stop autolearning of bayes
Message-ID: <mailman.1018.1137101198.24926.mailscanner@lists.mailscanner.info>

I have modified bayes_auto_learn 0 in all the possible files of 
spamassasin and nothing

Files modified:

/etc/MailScanner/spam.assassin.prefs.conf
/etc/spamassassin/local.cf

mailscanner    4.32.5-2
spamassassin   2.63-1


Thanks


On Tue, 17 Aug 2004, Matt Kettler wrote:

> At 06:32 AM 8/17/2004, Anders Andersson, IT wrote:
> >I know Ive seen how to do this and done it before but Im stuck, just cant
> >find it. Searched the archives and locked everyplace I can think of but I
> >cant find it. Might have something to do that either mailscanner4.32-5
> >changed or spamassassin 3.0 rc1 always use it.
> >
> >I need to take autolearning of untill I get the ham/spam config finished in
> >exchange
> 
> Add to spamassassin's local.cf or spam.assassin.prefs.conf
> 
>          bayes_auto_learn 0
> 
> (note: if it doesn't work in spam.assassin.prefs.conf, try it in local.cf.
> Some settings will not be honored in spam.assassin.prefs.conf.)
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

-- 

Sergio Santos
Departamento Técnico Meditex
Grupo SANED
Telf: 0034 91 749 9500/04
Madrid (Spain)




-------------------- ROGAMOS LEA ESTE TEXTO ----------------------------
Este mensaje y sus anexos pueden contener información confidencial
y/o con derecho legal. Está dirigido únicamente a la persona/s o 
entidad/es reseñadas como único destinatario autorizado. Si este mensaje 
le hubiera llegado por error, por favor elimínelo sin revisarlo ni 
reenviarlo y notifíquelo inmediatamente al remitente. Gracias por su
colaboración.

-------------------------- PLEASE NOTE ---------------------------------
This message, along with any attachments, may be confidential or
legally privileged. It is intended only for the named person(s), who
is/are the only authorized recipients. If this message has reached you in
error,kindly destroy it without review and notify the sender immediately.
Thank you for your help.

------------------------------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From abdul at elxlinux.com  Mon Aug 23 10:32:25 2004
From: abdul at elxlinux.com (Abdul Khader)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1019.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi all,
I installed the MailScanner-4.32.5 on a debian woody 3.0.
I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
But it did not make any /etc/init.d/mailscanner file. Now once I
rebooted the machine or whenever I want to restart mail scanner, I       have
to kill it and start it from the webmin. Can some one point me how to
get the mailscanner script in the /etc/init.d which starts, stops or
restarts the mailscanner service.

Regards
Abdul Khader

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Mon Aug 23 13:00:02 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1020.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Abdul Khader wrote:

> Hi all,
> I installed the MailScanner-4.32.5 on a debian woody 3.0.
> I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
> But it did not make any /etc/init.d/mailscanner file. Now once I
> rebooted the machine or whenever I want to restart mail scanner, I       have
> to kill it and start it from the webmin. Can some one point me how to
> get the mailscanner script in the /etc/init.d which starts, stops or
> restarts the mailscanner service.

Is there a reason why you didn't use the .deb package?

>
> Regards
> Abdul Khader
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Mon Aug 23 13:00:29 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Sign Clean Messages
Message-ID: <mailman.1021.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Abdul Khader wrote:

> Hi All,
> Sign clean messages doesn't work even when I set the following
> "Sign Clean Messages = yes"
>
> Any ideas ?

Any errors in your logs?

>
> Regards
> Abdul Khader
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Mon Aug 23 14:34:40 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:38 2006
Subject: Bayes lock issue?
Message-ID: <mailman.1022.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello all....</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I get the below message a few times a day... should 
I be concerned?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV>Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W: lock 
failed: File exists<BR></DIV>
<DIV><FONT face=Arial size=2>MS 4.28</FONT></DIV>
<DIV><FONT face=Arial size=2>SA&nbsp; 2.63</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks...</FONT></DIV><FONT face=Arial size=2>
<DIV><BR>Rob....</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From brentbolin at HOTMAIL.COM  Mon Aug 23 15:55:50 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:38 2006
Subject: How to debug problems with MailScanner and Vexira
Message-ID: <mailman.1023.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

What can I do to debug problems when using Vexira antivirus.  Vexira simple 
won't detect any viruses.

Clamav works fine.

Using the "top: command I can see the Vexira program running.

FreeBSD 5.2.1
MailScanner-4.31.6
product version:  2.2.1-14
engine version:   6.27.0.6
packlib version:  2.0.3.13 (supports 24 formats)
vdf version:      6.27.0.25

This is NOT a milter version, it has command line features.  It works fine 
when run from the command line.

# /usr/lib/Vexira/vexira --allfiles -s -z -noboot -nombr -r1 -rs -lang=EN 
--alltypes /tmp/tmp/*
Vexira Antivirus / FreeBSD Version 2.2.1-14
Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
All rights reserved.

Loading /usr/lib/Vexira/vexira.vdf ...

VDF version: 6.27.0.25 created 23 Aug 2004

Vexira Antivirus license: 2003000000 for Specialty Store Services, Inc.

ALERT: [Eicar-Test-Signatur virus] /tmp/tmp/eicar.com <<< Contains code of 
the Eicar-Test-Signatur virus
ALERT: [Worm/Netsky.D.Dam worm] /tmp/tmp/df-63198-5B08CC27 --> 
my_details.pif <<< Contains signature of the worm Worm/Netsky.D.Dam
ALERT: [Worm/Mydoom.M worm] /tmp/tmp/df-00748-794D30E6 --> 
specialtystoreservices.com <<< Contains signature of the worm Worm/Mydoom.M

------ scan results ------
   directories:        0
scanned files:        7
        alerts:        3
    suspicious:        0
      repaired:        0
       deleted:        0
       renamed:        0
     scan time: 00:00:01
--------------------------

This might be interesting to note.  If the "*" is not included in the scan 
vexira dosen't find anything.

# /usr/lib/Vexira/vexira --allfiles -s -z -noboot -nombr -r1 -rs -lang=EN 
--alltypes /tmp/tmp/
Vexira Antivirus / FreeBSD Version 2.2.1-14
Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
All rights reserved.

Loading /usr/lib/Vexira/vexira.vdf ...

VDF version: 6.27.0.25 created 23 Aug 2004

Vexira Antivirus license: 2003000000 for Specialty Store Services, Inc.

checking drive/path (list): /tmp/tmp/

------ scan results ------
   directories:        1
scanned files:        0
        alerts:        0
    suspicious:        0
     scan time: 00:00:01
--------------------------


drwxr-xr-x  14 root   wheel   512 Aug 19 10:32 .
drwxr-xr-x  24 root   wheel   512 Apr 25 06:56 ..
drwxr-xr-x   4 root   wheel   512 Aug 19 10:33 MailScanner
drwx------   5 smmsp  smmsp   512 Jul 29 09:38 avmilter
drwxrwx---   2 smmsp  smmsp   512 Aug 23 09:42 clientmqueue
drwx-wx---   3 root   daemon  512 Apr 29 11:24 cups
drwxrwxr-x   2 uucp   dialer  512 Aug 18 07:45 lock
drwxr-xr-x   2 root   daemon  512 Jan 10  2004 lpd
drwxr-xr-x   2 root   daemon  512 Aug 23 09:43 mqueue
drwxr-xr-x   2 root   daemon  512 Aug 23 09:42 mqueue.in
drwx------   2 root   daemon  512 Jan 10  2004 opielocks
drwxr-xr-x   3 root   daemon  512 Apr 25 06:56 output
drwxrwxrwt   2 root   wheel   512 Jul 27 13:08 samba
drwxr-xr-x   3 root   wheel   512 Jul 29 09:37 var


btb

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From cparker at SWATGEAR.COM  Mon Aug 23 17:32:32 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:38 2006
Subject: Way OT: SSH worries
Message-ID: <mailman.1024.1137101198.24926.mailscanner@lists.mailscanner.info>

Michael H. Warfield <mailto:mhw@WITTSEND.COM>
    on Friday, August 20, 2004 6:54 PM said:

>> that's a good read and all, but what about the rest of us? :P
> 
>         Huh?
> 
>         I guess I don't understand the question.

well, what i meant was that your solution was much too complicated for
me (the [less than] average linux administrator).

the information you included in these last two posts was helpful indeed.
i'll take a look at them soon.


thanks,
chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ccampbell at BRUEGGERS.COM  Mon Aug 23 17:43:31 2004
From: ccampbell at BRUEGGERS.COM (Christian Campbell)
Date: Thu Jan 12 21:26:38 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.1025.1137101198.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> At 16:45 19/08/2004, you wrote:
>> If I want to NOT scan an email from
>> <mailto:user@domain.tld>user@domain.tld, how do I
>> config?  <mailto:user@domain.tld>user@domain.tld is sending an HTML
>> email with a form that needs to be delivered (with the form intact)
>> for legitimate business purposes.
>
> One extra point in addition: you don't want to switch off
> scanning for mail
> from this address, you just want to disable form tag checking for this
> address. Never switch off more checks than you absolutely
> have to, or it
> will come back to bite you one day.

I guess due to a lack of understanding the bigger picture with MailScanner,
I'm not sure how to accomplish what I need, even *after* reading the FAQ.

I need to disable checking for HTML forms from a specific email address
while still performing all other tests on said email address.  Any chance
someone can give me a step-by-step?


Thanks in advance,
Christian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From eric.jacobs at THOMASTECHSOLUTIONS.COM  Mon Aug 23 17:47:00 2004
From: eric.jacobs at THOMASTECHSOLUTIONS.COM (Eric Jacobs)
Date: Thu Jan 12 21:26:38 2006
Subject: Fedora Core 2 kernel upgrade
Message-ID: <mailman.1026.1137101198.24926.mailscanner@lists.mailscanner.info>

Running MailScanner 4.32.5-1 on Fedora Core 2. Recently tried upgrade to
2.6.8 kernel (Fedora Core 2 rpm). This seemed to cause RAV and Bitdefender
to stop working (cutting edge finally drew blood). Clamav continued to
work. Backed down to 2.6.7 kernel and all was well again. Anyone have a
similar experience or know why those two anti-virus apps wouldn't work
under the 2.6.8 kernel?

Eric Jacobs

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Mon Aug 23 18:05:23 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.1027.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Christian Campbell wrote:

> Julian Field wrote:
>
>>At 16:45 19/08/2004, you wrote:
>>
>>>If I want to NOT scan an email from
>>><mailto:user@domain.tld>user@domain.tld, how do I
>>>config?  <mailto:user@domain.tld>user@domain.tld is sending an HTML
>>>email with a form that needs to be delivered (with the form intact)
>>>for legitimate business purposes.
>>
>>One extra point in addition: you don't want to switch off
>>scanning for mail
>>from this address, you just want to disable form tag checking for this
>>address. Never switch off more checks than you absolutely
>>have to, or it
>>will come back to bite you one day.
>
>
> I guess due to a lack of understanding the bigger picture with MailScanner,
> I'm not sure how to accomplish what I need, even *after* reading the FAQ.
>
> I need to disable checking for HTML forms from a specific email address
> while still performing all other tests on said email address.  Any chance
> someone can give me a step-by-step?

You open MailScanner.conf and look for this setting:

# Do you want to allow <Form> tags in email messages? This is a bad idea
# as these are used as scams to pursuade people to part with credit card
# information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = disarm

You create a ruleset file and put the path to this file instead of the
"disarm" here.

To create your ruleset file, you can see the EXAMPLE file in the "rules"
directory, check this
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/207.html
and this
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/230.html

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 23 18:11:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.1028.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:43 23/08/2004, you wrote:
>I need to disable checking for HTML forms from a specific email address
>while still performing all other tests on said email address.  Any chance
>someone can give me a step-by-step?

In MailScanner.conf, set

         Allow Script Tags = %rules-dir%/allow.script.rules

In /etc/MailScanner/rules/allow.script.rules, put

From:   specific@address.com    yes
FromOrTo:       default no

Then restart or reload MailScanner with
         service MailScanner reload
or
         service MailScanner restart

Read up about rulesets in the MAQ (address at the bottom of every list
posting), they are very powerful.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 23 18:21:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Help Understanding FAQ Answer
Message-ID: <mailman.1029.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:11 23/08/2004, you wrote:
>At 17:43 23/08/2004, you wrote:
>>I need to disable checking for HTML forms from a specific email address
>>while still performing all other tests on said email address.  Any chance
>>someone can give me a step-by-step?
>
>In MailScanner.conf, set
>
>         Allow Script Tags = %rules-dir%/allow.script.rules

That should of course be "Allow Form Tags"...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Mon Aug 23 21:07:04 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:38 2006
Subject: Bayes lock issue?
Message-ID: <mailman.1030.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:34 AM 8/23/2004, Rob wrote:
>I get the below message a few times a day... should I be concerned?
>
>Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W: lock
>failed: File exists

No.. lock failures for the R/W bayes lock are normal, unless you're using
the journaled learning option for SA.

Basically this message means an opportunistic event that updates the bayes
DB was tried, but another event was already writing the bayes db. These
oportunistic events are autolearning and automatic expiry, and it's
reasonably common for them to collide. Rather than logjam the mail queue,
SA just notes it failed to lock the DB, and skips the autolearn or
postpones the expiry till later.


However, this shouldn't happen every time an email autolearns or the
database tries to expire. So, keep an eye on things. As long as
autolearning still happens sometimes, and your database isn't growing to
insane sizes without ever shrinking, you're OK.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at OCS.COM  Mon Aug 23 22:22:58 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1031.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ugo Bellavance wrote:
> Abdul Khader wrote:
>
>> Hi all,
>> I installed the MailScanner-4.32.5 on a debian woody 3.0.
>> I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
>> But it did not make any /etc/init.d/mailscanner file. Now once I
>> rebooted the machine or whenever I want to restart mail scanner,
>> I       have
>> to kill it and start it from the webmin. Can some one point me how to
>> get the mailscanner script in the /etc/init.d which starts, stops or
>> restarts the mailscanner service.
>
>
> Is there a reason why you didn't use the .deb package?

Last time I tried  the latest MailScanner .deb on a 'clean' (no back
ports etc.) Debian Woody 3.0 system there were a  bunch of unmet
dependencies from Perl and other programs.  It installs OK on Debian
Sarge/Unstable though.  However not many admins I'm aware of run
Debian/Unstable in a production role though.

I found the easiest solution is just use standard Debian Woody packages,
get the Perl goodies from CPAN and use the MailScanner tar ball.

Cheers,

James Gray
______________________________
I.T. Manager - Asia Region
Open Channel Solutions
Sydney NSW 2000, Australia

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at OCS.COM  Mon Aug 23 22:27:44 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1032.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Abdul Khader wrote:
> Hi all,
> I installed the MailScanner-4.32.5 on a debian woody 3.0.
> I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
> But it did not make any /etc/init.d/mailscanner file. Now once I
> rebooted the machine or whenever I want to restart mail scanner, I       have
> to kill it and start it from the webmin. Can some one point me how to
> get the mailscanner script in the /etc/init.d which starts, stops or
> restarts the mailscanner service.
>
> Regards
> Abdul Khader

There's a start/stop/restart/etc MailScanner script I modified for use
on Debian at one of my websites (I've really got to get back to updating
it...):

http://files.grayonline.id.au/

Scroll down to the bottom and download it, modify it as required
(heavily commented) and add a symlink to the relevant rc.[1-6] directories.

Cheers,

James Gray
______________________________
I.T. Manager - Asia Region
Open Channel Solutions
Sydney NSW 2000, Australia

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Mon Aug 23 23:31:26 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1033.1137101198.24926.mailscanner@lists.mailscanner.info>

Abdul Khader wrote on         Mon, 23 Aug 2004 15:02:25 +0530:

> But it did not make any /etc/init.d/mailscanner file.
>

Did you look in that dir? Julian likes "MailScanner", so the init script 
uses the same "spelling".


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Mon Aug 23 23:35:09 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1034.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Abdul Khader wrote:
> Hi all,
> I installed the MailScanner-4.32.5 on a debian woody 3.0.
> I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
> But it did not make any /etc/init.d/mailscanner file. Now once I
> rebooted the machine or whenever I want to restart mail scanner, I       have
> to kill it and start it from the webmin. Can some one point me how to
> get the mailscanner script in the /etc/init.d which starts, stops or
> restarts the mailscanner service.

The tar dist does not contain a startup script. I can mail you mine if
you want to.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Mon Aug 23 23:38:37 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:38 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1035.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi!

> Will it help to know it runs flawlessly on RH9 ?

Same on FC1, running some time now...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From KGoods at AIAINSURANCE.COM  Mon Aug 23 23:42:34 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1036.1137101198.24926.mailscanner@lists.mailscanner.info>

JD scribbled on Monday, August 23, 2004 3:49 PM:

> Hi everyone,
>
> I have a couple of questions I want to throw out for the sake
> of discussion.
> I have Sophos v3.80. Has anyone heard of them cutting off
> virus definitions
> like symantec and mcafee have been known to do if you don't renew a
> subscription? Im worried that mailscanner will try to run the update
> script, won't get the updates, and I would never ever know until I'm
> swamped with viruses. It seems that the mailscanner install faq's lean
> towards using
> sophos. Any reason why its preferred? and how important is it really
> to update mailscanner itself?
> wheres my version of mailscanner listed anyway?
>
> -Jason
>

Greets Jason,
I'm using MailScanner, Spamassassin, and ClamAV for virus detection. All
works very well! Check into ClamAV...

Regards,
Ken

Ken Goods
Network Administrator
MIS Dept.
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jd at BENTECMED.COM  Mon Aug 23 23:48:57 2004
From: jd at BENTECMED.COM (JD)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1037.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi everyone,

I have a couple of questions I want to throw out for the sake of discussion.
I have Sophos v3.80. Has anyone heard of them cutting off virus definitions
like symantec and mcafee have been known to do if you don't renew a
subscription? Im worried that mailscanner will try to run the update script,
won't get the updates, and I would never ever know until I'm swamped with
viruses. It seems that the mailscanner install faq's lean towards using
sophos. Any reason why its preferred? and how important is it really to
update mailscanner itself?
wheres my version of mailscanner listed anyway?

-Jason

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Mon Aug 23 23:51:33 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1038.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JD wrote:

> Hi everyone,
>
> I have a couple of questions I want to throw out for the sake of discussion.
> I have Sophos v3.80. Has anyone heard of them cutting off virus definitions
> like symantec and mcafee have been known to do if you don't renew a
> subscription? Im worried that mailscanner will try to run the update script,
> won't get the updates, and I would never ever know until I'm swamped with
> viruses.

I suggest you use clamav as well to make sure you never get swamped with
viruses... but I can't help you with sofos.

> It seems that the mailscanner install faq's lean towards using
> sophos. Any reason why its preferred? and how important is it really to
> update mailscanner itself?

To benefit from the new features, for example block passwd-protected
archives, get the -v option explained below... stay tuned on this list
or look at the change log and you'll see.

> wheres my version of mailscanner listed anyway?

In the logs, when it starts, and in the new versions, you can do a

# MailScanner -v and it will give you MailScanner's and perl modules
versions.

>
> -Jason
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Tue Aug 24 00:01:24 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1039.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
That and BitDefender; I think they also have a "free" version.

Ken Goods wrote:

> JD scribbled on Monday, August 23, 2004 3:49 PM:
>
>
>>Hi everyone,
>>
>>I have a couple of questions I want to throw out for the sake
>>of discussion.
>>I have Sophos v3.80. Has anyone heard of them cutting off
>>virus definitions
>>like symantec and mcafee have been known to do if you don't renew a
>>subscription? Im worried that mailscanner will try to run the update
>>script, won't get the updates, and I would never ever know until I'm
>>swamped with viruses. It seems that the mailscanner install faq's lean
>>towards using
>>sophos. Any reason why its preferred? and how important is it really
>>to update mailscanner itself?
>>wheres my version of mailscanner listed anyway?
>>
>>-Jason
>>
>
>
> Greets Jason,
> I'm using MailScanner, Spamassassin, and ClamAV for virus detection. All
> works very well! Check into ClamAV...
>
> Regards,
> Ken
>
> Ken Goods
> Network Administrator
> MIS Dept.
> AIA Insurance, Inc.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Tue Aug 24 00:16:10 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1040.1137101198.24926.mailscanner@lists.mailscanner.info>

Yeah Bitdefender does have a free version and I have been using it for a
while now works great....
http://www.bitdefender.com/bd/site/products.php?p_id=16 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Alex Neuman van der Hans
Sent: Monday, August 23, 2004 4:01 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: version information.

That and BitDefender; I think they also have a "free" version.

Ken Goods wrote:

> JD scribbled on Monday, August 23, 2004 3:49 PM:
>
>
>>Hi everyone,
>>
>>I have a couple of questions I want to throw out for the sake of 
>>discussion.
>>I have Sophos v3.80. Has anyone heard of them cutting off virus 
>>definitions like symantec and mcafee have been known to do if you 
>>don't renew a subscription? Im worried that mailscanner will try to 
>>run the update script, won't get the updates, and I would never ever 
>>know until I'm swamped with viruses. It seems that the mailscanner 
>>install faq's lean towards using sophos. Any reason why its preferred?

>>and how important is it really to update mailscanner itself?
>>wheres my version of mailscanner listed anyway?
>>
>>-Jason
>>
>
>
> Greets Jason,
> I'm using MailScanner, Spamassassin, and ClamAV for virus detection. 
> All works very well! Check into ClamAV...
>
> Regards,
> Ken
>
> Ken Goods
> Network Administrator
> MIS Dept.
> AIA Insurance, Inc.
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Tue Aug 24 00:17:12 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1041.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JD wrote:
> It seems that the mailscanner install faq's lean towards using
> sophos. Any reason why its preferred? and how important is it really to
> update mailscanner itself?
> wheres my version of mailscanner listed anyway?

It's "preferred" because Julian uses it himself. That's why you find
more documentation about it. And that it can be used in two different
ways so twice the documentation because of that. All scanners are
treated equal by the software, no difference there. You should always
run Clam and if you use Linux you can add Bitdefender too.

Read the changelog on the web site now and then. It's easy to decide if
you need an upgrade.

The most recent version can be run with -v and will print version info
for MS and the needed perl modules. Otherwise you can check your logs,
every time a child starts it prints the version.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Tue Aug 24 00:34:10 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1042.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I run at least 6 different scanners on my own box (ClamAV+BitDefender at
my clients') and I feel a lot more confident that viruses will be caught
than if I was depending on any single scanner.

That and good filtering rules (no pw-protected zips, no .exe's, etc.)
will make it damn near impossible for viruses to get through.

Peter Bonivart wrote:

> JD wrote:
>
>> It seems that the mailscanner install faq's lean towards using
>> sophos. Any reason why its preferred? and how important is it really to
>> update mailscanner itself?
>> wheres my version of mailscanner listed anyway?
>
>
> It's "preferred" because Julian uses it himself. That's why you find
> more documentation about it. And that it can be used in two different
> ways so twice the documentation because of that. All scanners are
> treated equal by the software, no difference there. You should always
> run Clam and if you use Linux you can add Bitdefender too.
>
> Read the changelog on the web site now and then. It's easy to decide if
> you need an upgrade.
>
> The most recent version can be run with -v and will print version info
> for MS and the needed perl modules. Otherwise you can check your logs,
> every time a child starts it prints the version.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Tue Aug 24 00:47:47 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:38 2006
Subject: SpamAssassin 3 and MailScanner 4.32?
Message-ID: <mailman.1043.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi!

> Are your autolearn= reports in the SA report correct?

> > > Is anyone running the latest release candidate of
> > > SpamAssassin 3 on MailScanner 4.32?

Most of the time its ok, i know, sounds strange :) But somehow some show
up with autolearn= (blanc).

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Tue Aug 24 01:23:57 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1044.1137101198.24926.mailscanner@lists.mailscanner.info>

On 23 Aug 2004 at 15:48, JD wrote:

> Hi everyone,
>
> I have a couple of questions I want to throw out for the sake of discussion.
> I have Sophos v3.80. Has anyone heard of them cutting off virus definitions
> like symantec and mcafee have been known to do if you don't renew a
> subscription?

They don't cut off virus definitions for you specifically, but if you don't renew then you
can't download the latest sophos engine, and they don't provide virus signatures for
engines more than 3 months old.

If you update the engine automatically every month using MajorSophos, and allow it
to e-mail the results to you, you will know if the engine download didn't work.
Presumably, you would then have two more months to work out your problem before
any problem showed up with MailScanner not being able to download new
signatures.

http://www.tippingmar.com/majorsophos

--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Tue Aug 24 01:30:06 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1045.1137101198.24926.mailscanner@lists.mailscanner.info>

JD wrote:
>
> Hi everyone,
>
> I have a couple of questions I want to throw out for the sake of discussion.
> I have Sophos v3.80. Has anyone heard of them cutting off virus definitions
> like symantec and mcafee have been known to do if you don't renew a
> subscription? Im worried that mailscanner will try to run the update script,
> won't get the updates, and I would never ever know until I'm swamped with
> viruses.

It seems like everyone else glossed past this part of it, so I'll answer
it.


1) Sophos releases a new minor number version for the scanning engine
every month.  They're up to 3.84 right now.

2) They only provide updates for the current version, and the most
recent two versions (3.84, 3.83, and 3.82) (and they do something to
keep you from being able to use IDE's with the wrong version number).
However, if you're under current contract, you should be able to get the
latest and greatest and update it.  I tend to wait 2 or 3 months between
installing new versions, though I think someone on this list has a
script for automating the updating of the engines.  I still do that part
by hand (but the IDE updates I do automagically via sophos-autoupdate).

So, yeah, that's why your virus IDE's aren't really effective anymore.
You're using an engine that's 2 months out of support.


I've been contemplating looking at clamav, too, but haven't gotten to
it.  I'm thinking about running it in addition to sophos, though; not
instead.  Though, our Sophos contract ends in January.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner-user at NELAND.DK  Tue Aug 24 01:41:29 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:38 2006
Subject: Clearing AWL
Message-ID: <mailman.1046.1137101198.24926.mailscanner@lists.mailscanner.info>

 0.1 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_50_60             BODY: Message is 50% to 60% HTML
-4.9 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                            [score: 0.0000]
  11 AWL                    AWL: Auto-whitelist adjustment

How do I clear AWL?

The sender adress was abused as faked adress for sending spam, but now legit
mail from that adress is blocked.

Google claims AWL is not on www.mailscanner.info

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Tue Aug 24 02:23:03 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:38 2006
Subject: Clearing AWL
Message-ID: <mailman.1047.1137101198.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Monday, August 23, 2004 7:41 PM:

>  0.1 HTML_MESSAGE           BODY: HTML included in message
>  0.1 HTML_50_60             BODY: Message is 50% to 60% HTML
> -4.9 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
>                             [score: 0.0000]
>   11 AWL                    AWL: Auto-whitelist adjustment
>
> How do I clear AWL?
>
> The sender adress was abused as faked adress for sending
> spam, but now legit mail from that adress is blocked.
>
> Google claims AWL is not on www.mailscanner.info
>
> Leif
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).

AWL is not in MailScanner...it is in SpamAssassin.  The best thing to do is
turn off the Auto Whitelist in your MailScanner.conf and reload the
MailScanner processes.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at mailscanner.info  Tue Aug 24 04:15:02 2004
From: admin at mailscanner.info (admin@mailscanner.info)
Date: Thu Jan 12 21:26:38 2006
Subject: The Sun Cobalt server is very low on memory
Message-ID: <mailman.1048.1137101198.24926.mailscanner@lists.mailscanner.info>

Memory on the Sun Cobalt server is heavily used.
The Sun Cobalt server needs more memory than it currently has.
Consider adding more DRAM to the server.

Total memory is:	259308 KB
Used memory is:	248684 KB
Free memory is:	10624 KB
Percent used is:	95

From admin at mailscanner.info  Tue Aug 24 05:15:00 2004
From: admin at mailscanner.info (admin@mailscanner.info)
Date: Thu Jan 12 21:26:38 2006
Subject: The Sun Cobalt server is very low on memory
Message-ID: <mailman.1049.1137101198.24926.mailscanner@lists.mailscanner.info>

Memory on the Sun Cobalt server is heavily used.
The Sun Cobalt server needs more memory than it currently has.
Consider adding more DRAM to the server.

Total memory is:	259308 KB
Used memory is:	247408 KB
Free memory is:	11900 KB
Percent used is:	95

From abdul at elxlinux.com  Tue Aug 24 06:58:02 2004
From: abdul at elxlinux.com (Abdul Khader)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner startup script
Message-ID: <mailman.1050.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi,
Please send me.
Thanks.

Regards
Abdul Khader

On Tue, 2004-08-24 at 04:05, Peter Bonivart wrote:
> Abdul Khader wrote:
> > Hi all,
> > I installed the MailScanner-4.32.5 on a debian woody 3.0.
> > I used the MailScanner-install-4.32.5-1.tar.gz. I installed it in /opt
> > But it did not make any /etc/init.d/mailscanner file. Now once I
> > rebooted the machine or whenever I want to restart mail scanner, I       have
> > to kill it and start it from the webmin. Can some one point me how to
> > get the mailscanner script in the /etc/init.d which starts, stops or
> > restarts the mailscanner service.
>
> The tar dist does not contain a startup script. I can mail you mine if
> you want to.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From roel at GLOUDEMANS.INFO  Tue Aug 24 08:24:00 2004
From: roel at GLOUDEMANS.INFO (Roel Gloudemans)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner and Postfix problems
Message-ID: <mailman.1051.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi List,

(postfix 2.1.4)
(mailscanner 4.32.5)

I'vo got a problem with my mailscanner installation. Now and then, when
mailscanner drops an e-mail back into the postfix queue postfix gives the
following error messages:

[ID 947731 mail.warning] warning: corrupted queue file: active/2/255D4A1F
[ID 947731 mail.crit] panic: smtp_rcpt_cleanup: recipient count mismatch: 0+0!=1
[ID 947731 mail.warning] warning: premature end-of-input on private/smtp socket
while reading input attribute name
[ID 947731 mail.warning] warning: private/smtp socket: malformed response
[ID 947731 mail.warning] warning: transport smtp failure -- see a previous
warning/fatal/panic logfile record for the problem description
[ID 947731 mail.warning] warning: process /usr/local/libexec/smtp pid 25463
killed by signal 6

I've searched the list and found similar problems before. However, the list
suggested they're solved. So I upgrade MailScanner to the last stable release
4.32.5 . However, the loglines you see above were generated after this upgrade.
So the problem isn't solved. Worth to mention is the fact that this mail was
classified as spam (which is wasn't, but that's about too tight spamassassing
settings)

I use postfix 2.1.4 in a single server setup (postix dumps to the hold queue,
mailscanner picks it up and drops it in the incoming queue)

Can anyone provide me with any help with this problem?

Thanks,
Roel.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From t.d.lee at DURHAM.AC.UK  Tue Aug 24 11:01:44 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:38 2006
Subject: Older Archive Zip: request for testing
Message-ID: <mailman.1052.1137101198.24926.mailscanner@lists.mailscanner.info>

On Tue, 17 Aug 2004, David Lee wrote:

> On Mon, 16 Aug 2004, David Lee wrote:
>
> > On Tue, 10 Aug 2004, Robin, Rob wrote:
> >
> > > [...]
> > > t/testex............Can't call method "print" on unblessed reference at blib/lib/Archive/Zip.pm line 1862.
> > > FAILED test 14
> > >         Failed 1/15 tests, 93.33% okay
> > > ----
>
> This is a known bug in version 1.12 of Archive::Zip, which crept in since
> earlier versions and which we think only affects relatively old versions
> of perl, around 5.00503 .  About three weeks ago, I worked with A::Z's
> author, Ned Konz, to fix it.  He prepared a test version (1.12_03) which
> seems OK and he would like to release it as 1.13 (or similar).

Many thanks to all those who tested the revised A::Z (1.12_03) and
reported back.  I hope I replied to you each individually.

All the reports on the revised A::Z were positive (both about fixing that
test, and no new bugs being uncovered).  Ned Konz released it on CPAN as
version 1.13 yesterday afternoon (UK time).

I understand that Julian would like to migrate to version 1.13 of A::Z.
So it would be useful if some folk here in the MailScanner community could
try 1.13 (from CPAN) in the next few days.

Thanks.

--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 24 12:25:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1053.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:48 23/08/2004, you wrote:
>I have a couple of questions I want to throw out for the sake of discussion.
>I have Sophos v3.80. Has anyone heard of them cutting off virus definitions
>like symantec and mcafee have been known to do if you don't renew a
>subscription?

They only ever produce updates for the current version and the previous 2
or 3 versions, intentionally. They release a new version every month,
so  once every 2 - 3 months you have to upgrade the main Sophos package
itself. If you are a licensed customer of theirs, you should have a
username and password for their website, from where you can always download
the latest versions.

>  Im worried that mailscanner will try to run the update script,
>won't get the updates, and I would never ever know until I'm swamped with
>viruses. It seems that the mailscanner install faq's lean towards using
>sophos. Any reason why its preferred?

It is the main scanner I have always used myself, partly due to us having a
site licence for it. It was the first virus scanner supported by
MailScanner, back in version 1 days.

>  and how important is it really to
>update mailscanner itself?

Read the Changelog and the new version announcements (subscribe to the
mailscanner-announce list if you aren't already). See if any of the
bugfixes apply to your situation, and whether you would find any of the new
features useful.

>wheres my version of mailscanner listed anyway?

MailScanner -v

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gib at TMISNET.COM  Tue Aug 24 13:02:23 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1054.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All.

FreeBSD 4.10
Perl 5.8.2
MailScanner 4.32.4
clamscan / ClamAV version 0.72

I am getting the following error when running tests from the heise.de site
on RAR files.

ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar

I've read through the archives, applied the patch to SweepVirus.pm as
mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
and had the eicar.rar file resent from heise.de and get the same error.

Any ideas?

Thanks
gib


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alexn at teleserv.ru  Tue Aug 24 13:09:13 2004
From: alexn at teleserv.ru (XXXXXXXXX XXXXXXXXX XXXXXXXXX)
Date: Thu Jan 12 21:26:38 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1055.1137101198.24926.mailscanner@lists.mailscanner.info>

Hello!

Please help, whats happend, MailScanner is starvation

---cut here log---
Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
---cut here log---

Thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 24 13:45:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1056.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:02 24/08/2004, you wrote:
>Hi All.
>
>FreeBSD 4.10
>Perl 5.8.2
>MailScanner 4.32.4
>clamscan / ClamAV version 0.72
>
>I am getting the following error when running tests from the heise.de site
>on RAR files.
>
>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
>
>I've read through the archives, applied the patch to SweepVirus.pm as
>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
>and had the eicar.rar file resent from heise.de and get the same error.

But is it detecting the viruses in them?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gib at TMISNET.COM  Tue Aug 24 13:49:19 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1057.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

At 08:09 AM 8/24/2004 -0400, you wrote:
>Hi,
>    Your version of clam is way out of date and this was a problem with
>earlier versions.  Update clam (currently 0.75-1).
>
>-----------------------------------
>Jeff A. Earickson, Ph.D Senior UNIX Sysadmin, Email Guru,
>Colby Communications Sports Photographer
>Colby College, 4214 Mayflower Hill,
>Waterville ME, 04901-8842
>phone: 207-859-4214 **NEW** (fax = 3076)
>-----------------------------------

I updated to ClamAV 0.75.1, restarted MailScanner and still get the same
error message

   MailScanner[34137]: ClamAVModule::ERROR:: RAR module failure::
./i7OCfIYi035381/eicar.rar

unrar is at version 3.30

gib



>On Tue, 24 Aug 2004, Gib Gilbertson Jr. wrote:
>
>>Hi All.
>>
>>FreeBSD 4.10
>>Perl 5.8.2
>>MailScanner 4.32.4
>>clamscan / ClamAV version 0.72
>>
>>I am getting the following error when running tests from the heise.de site
>>on RAR files.
>>
>>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
>>
>>I've read through the archives, applied the patch to SweepVirus.pm as
>>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
>>and had the eicar.rar file resent from heise.de and get the same error.
>>
>>Any ideas?
>>
>>Thanks
>>gib
>>
>>
>>--
>>
>>     Gib Gilbertson Jr.
>>    Tierramiga Info Systems
>>     619-287-8647 Support
>>     http://www.tmisnet.com
>>     San Diego's "Friendly ISP"
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gib at TMISNET.COM  Tue Aug 24 14:28:02 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1058.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian.

It's passing the viruses on through and delivering them.

gib

At 01:45 PM 8/24/2004 +0100, you wrote:
>At 13:02 24/08/2004, you wrote:
>>Hi All.
>>
>>FreeBSD 4.10
>>Perl 5.8.2
>>MailScanner 4.32.4
>>clamscan / ClamAV version 0.72
>>
>>I am getting the following error when running tests from the heise.de site
>>on RAR files.
>>
>>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
>>
>>I've read through the archives, applied the patch to SweepVirus.pm as
>>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
>>and had the eicar.rar file resent from heise.de and get the same error.
>
>But is it detecting the viruses in them?
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 24 14:42:12 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1059.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In which case, have you added the pointer to the external unrar program in
your clamav-wrapper? I think that was mentioned at the time.

At 14:28 24/08/2004, you wrote:
>It's passing the viruses on through and delivering them.
>
>At 01:45 PM 8/24/2004 +0100, you wrote:
>>At 13:02 24/08/2004, you wrote:
>>>Hi All.
>>>
>>>FreeBSD 4.10
>>>Perl 5.8.2
>>>MailScanner 4.32.4
>>>clamscan / ClamAV version 0.72
>>>
>>>I am getting the following error when running tests from the heise.de site
>>>on RAR files.
>>>
>>>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
>>>
>>>I've read through the archives, applied the patch to SweepVirus.pm as
>>>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
>>>and had the eicar.rar file resent from heise.de and get the same error.
>>
>>But is it detecting the viruses in them?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Tue Aug 24 14:44:54 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1060.1137101198.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Gib Gilbertson Jr.
> Sent: Tuesday, August 24, 2004 8:28 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Clamscan and RAR failures
>
>
> Hi Julian.
>
> It's passing the viruses on through and delivering them.
>
> gib


is the .rar. password protected? and Have you checked using clamav rather
than the module? The module doesn't use unrar



>
> At 01:45 PM 8/24/2004 +0100, you wrote:
> >At 13:02 24/08/2004, you wrote:
> >>Hi All.
> >>
> >>FreeBSD 4.10
> >>Perl 5.8.2
> >>MailScanner 4.32.4
> >>clamscan / ClamAV version 0.72
> >>
> >>I am getting the following error when running tests from the
> heise.de site
> >>on RAR files.
> >>
> >>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
> >>
> >>I've read through the archives, applied the patch to SweepVirus.pm as
> >>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted
> MailScanner
> >>and had the eicar.rar file resent from heise.de and get the same error.
> >
> >But is it detecting the viruses in them?
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
> --
>
>       Gib Gilbertson Jr.
>      Tierramiga Info Systems
>       619-287-8647 Support
>       http://www.tmisnet.com
>       San Diego's "Friendly ISP"
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Tue Aug 24 14:55:50 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:38 2006
Subject: Bayes lock issue?
Message-ID: <mailman.1061.1137101198.24926.mailscanner@lists.mailscanner.info>

Thanks for the explanation..

:)

Rob....



----- Original Message -----
From: "Matt Kettler" <mkettler@EVI-INC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, August 23, 2004 4:07 PM
Subject: Re: Bayes lock issue?


> At 09:34 AM 8/23/2004, Rob wrote:
> >I get the below message a few times a day... should I be concerned?
> >
> >Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W: lock
> >failed: File exists
>
> No.. lock failures for the R/W bayes lock are normal, unless you're using
> the journaled learning option for SA.
>
> Basically this message means an opportunistic event that updates the bayes
> DB was tried, but another event was already writing the bayes db. These
> oportunistic events are autolearning and automatic expiry, and it's
> reasonably common for them to collide. Rather than logjam the mail queue,
> SA just notes it failed to lock the DB, and skips the autolearn or
> postpones the expiry till later.
>
>
> However, this shouldn't happen every time an email autolearns or the
> database tries to expire. So, keep an eye on things. As long as
> autolearning still happens sometimes, and your database isn't growing to
> insane sizes without ever shrinking, you're OK.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Aug 24 16:35:50 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Error Message
Message-ID: <mailman.1062.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Robin, Rob wrote:
> All,
>
>         Today, I saw in a log file a warning (or error) message.
>
> Aug 24 11:18:06 mx5 MailScanner[28664]: MailScanner child caught a SIGHUP
> Aug 24 11:18:09 mx5 MailScanner[28664]: Commercial virus checker failed with real error: Can't call method "read" on an undefined value at /usr/libdata/perl5/5.00503/File/Path.pm line 171, <GEN617> chunk 50.
>
>         Anybody knows what causes it ? It does coincide (3 secs after that) with me doing kill -15 `head -1 /var/run/MailScanner.pid`. And restart MailScanner.

What is your OS?
What version of MailScanner?
What anti-virus product?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 24 16:44:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Error Message
Message-ID: <mailman.1063.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:32 24/08/2004, you wrote:
>All,
>
>         Today, I saw in a log file a warning (or error) message.
>
>Aug 24 11:18:06 mx5 MailScanner[28664]: MailScanner child caught a SIGHUP
>Aug 24 11:18:09 mx5 MailScanner[28664]: Commercial virus checker failed
>with real error: Can't call method "read" on an undefined value at
>/usr/libdata/perl5/5.00503/File/Path.pm line 171, <GEN617> chunk 50.
>
>         Anybody knows what causes it ? It does coincide (3 secs after
> that) with me doing kill -15 `head -1 /var/run/MailScanner.pid`. And
> restart MailScanner.

As it coincided with you killing MailScanner, it's just the fact that it
was running the external virus scanner at the time, which you also
inevitably killed.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Tue Aug 24 17:14:46 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:38 2006
Subject: Any success getting vexira running with mailscanner
Message-ID: <mailman.1064.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Can anyone explain to me why vexira says it finds one directory but no files
are scanned ?


>From: Brent Bolin <brentbolin@HOTMAIL.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Any success getting vexira running with mailscanner
>Date: Fri, 20 Aug 2004 16:35:48 -0500
>
>Starting MailScanner...
>In Debugging mode, not forking...
>SA bayes lock is /root/.spamassassin/bayes.lock
>Bayes lock is at /root/.spamassassin/bayes.lock
>Line: /var/spool/MailScanner/incoming/41484
>Line: total 4
>Line: drwx------  2 root  wheel  512 Aug 20 16:34 i7KLYX3k041501
>Line: -rw-------  1 root  wheel  790 Aug 20 16:34 i7KLYX3k041501.header
>Line:
>Line: ./i7KLYX3k041501:
>Line: total 2
>Line: -rw-------  1 root  wheel  68 Aug 20 16:34 eicar.com
>Line: root             ttyp1    Aug 20 14:27 (67.39.169.194)
>Line: Vexira Antivirus / FreeBSD Version 2.2.1-14
>Line: Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
>Line: Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
>Line: All rights reserved.
>Line:
>Line: Loading /usr/lib/Vexira/vexira.vdf ...
>Line:
>Line: VDF version: 6.27.0.23 created 20 Aug 2004
>Line:
>Line: Vexira Antivirus license: 2003000000 for Services,
>Inc.
>Line:
>Line: checking drive/path (list): .
>Line:
>Line: ------ scan results ------
>Line:    directories:        1
>Line:  scanned files:        0
>Line:         alerts:        0
>Line:     suspicious:        0
>Line:      scan time: 00:00:01
>Line: --------------------------
>Line: Thank you for using Vexira Antivirus!
>Stopping now as you are debugging me.
>
>
>
>>From: Kevin Spicer <kevins@BMRB.CO.UK>
>>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Any success getting vexira running with mailscanner
>>Date: Fri, 20 Aug 2004 22:11:04 +0100
>>
>>On Fri, 2004-08-20 at 20:46, Brent Bolin wrote:
>> > debug output here, dosen't appear to see any files -
>>
>>stick these three lines into vexira-wrapper (temporarily) then run the
>>debug again.  Put them above the exec line.
>>
>>pwd
>>ls -lR .
>>who am i
>>
>>post the results.  It looks to me like either its running in the wrong
>>directory (unlikely) of doesn't have permissions to read the files.
>>
>>
>>
>>
>>
>>BMRB International
>>http://www.bmrb.co.uk
>>+44 (0)20 8566 5000
>>_________________________________________________________________
>>This message (and any attachment) is intended only for the
>>recipient and may contain confidential and/or privileged
>>material.  If you have received this in error, please contact the
>>sender and delete this message immediately.  Disclosure, copying
>>or other action taken in respect of this email or in
>>reliance on it is prohibited.  BMRB International Limited
>>accepts no liability in relation to any personal emails, or
>>content of any email which does not directly relate to our
>>business.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>_________________________________________________________________
>On the road to retirement? Check out MSN Life Events for advice on how to
>get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

_________________________________________________________________
Get ready for school! Find articles, homework help and more in the Back to
School Guide! http://special.msn.com/network/04backtoschool.armx

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From roel at GLOUDEMANS.INFO  Tue Aug 24 17:42:20 2004
From: roel at GLOUDEMANS.INFO (Roel Gloudemans)
Date: Thu Jan 12 21:26:38 2006
Subject: Mailscanner and Postfix problems
Message-ID: <mailman.1065.1137101198.24926.mailscanner@lists.mailscanner.info>

Some additional information:
1) The problem is caused independently if a mail is spam or not

2) A dump of the header of the corrupted queue file (original mail addresses
have been modified)

Never had any kind of these problems when still running Postfix 2.0

-------- cut here --------
C?           5389             280               2               0T
1093287256S^Uxxxxx@gloudemans.infoA^Uclient_name=localhostA^Xclient_address=127.0.0.1A#message_origin=localhost[127.0.0.1]A^Yhelo_name=gloudemans.infoA^Sprotocol_name=ESMTPO^Tjhbeecroft@yahoo.comR^Tjhbeecroft@yahoo.comM^@N6Received:
from gloudemans.info (localhost [127.0.0.1])N9 by mail.gloudemans.info
(Postfix) with ESMTP id AECB288FNC      for <xxxxxxx@yahoo.com>; Mon, 23 Aug
2004 20:54:16 +0200 (CEST)N9Received: from
Mix-Caen-107-2-114.w193-249.abo.wanadoo.frNA
(Mix-Caen-107-2-114.w193-249.abo.wanadoo.fr [xxx.xxx.xxx.xxx]) byNI
xxx.xxx.xxx.xxx (Horde) with HTTP for <xxxxx@xxx.xxx.xxx.xxx>; Mon, 23
AugN^T     2004 20:54:16 +0200N<Message-ID:
<20040823205416.4o4so84c0ww8004w@xxx.xxx.xxx.xxx>N%Date: Mon, 23 Aug 2004
20:54:16 +0200NESCFrom: xxxxx@gloudemans.infoN^XTo:
xxxxx@yahoo.comN^VSubject: helloN^QMIME-Version: 1.0N/Content-Type:
text/plain; charset="ISO-8859-15"NESCContent-Disposition:
inlineN^_Content-Transfer-Encoding: 7bitN4User-Agent: Internet Messaging
Program (IMP) 4.0-cvsN X-Originating-IP: xxx.xxx.xxx.xxxC?              0
            0               0               0T
1093287256S^Uxxxxx@gloudemans.infoA^Uclient_name=localhostA^Xclient_address=127.0.0.1A#message_origin=localhost[127.0.0.1]A^Yhelo_name=gloudemans.infoA^Sprotocol_name=ESMTPO^Tjhbeecroft@yahoo.comR^Tjhbeecroft@yahoo.comM^@N6Received:
from gloudemans.info (localhost [127.0.0.1])N9 by mail.gloudemans.info
(Postfix) with ESMTP id AECB288FNC      for <xxxxx@yahoo.com>; Mon, 23 Aug
2004 20:54:16 +0200 (CEST)N9Received: from
Mix-Caen-107-2-114.w193-249.abo.wanadoo.frNA
(Mix-Caen-107-2-114.w193-249.abo.wanadoo.fr [xxx.xxx.xxx.xxx]) byNI
xxx.xxx.xxx.xxx (Horde) with HTTP for <xxxxx@xxx.xxx.xxx.xxx>; Mon, 23
AugN^T     2004 20:54:16 +0200N<Message-ID:
<20040823205416.4o4so84c0ww8004w@xxx.xxx.xxx.xxx>N%Date: Mon, 23 Aug 2004
20:54:16 +0200NESCFrom: xxxxx@gloudemans.infoN^XTo:
xxxxx@yahoo.comN^NSubject: helloN^QMIME-Version: 1.0N/Content-Type:
text/plain; charset="ISO-8859-15"NESCContent-Disposition:
inlineN^_Content-Transfer-Encoding: 7bitN4User-Agent: Internet Messaging
Program (IMP) 4.0-cvsN X-Originating-IP: xxx.xxx.xxx.xxxN^@N^KH
------- cut here -------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From cmaurand at XYONET.COM  Tue Aug 24 22:06:08 2004
From: cmaurand at XYONET.COM (Curtis Maurand)
Date: Thu Jan 12 21:26:38 2006
Subject: javascript
Message-ID: <mailman.1066.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm having trouble with any messages containing javascript. All messages
containing javascript (like advertisments from my suppliers) are
summarily deleted.  I've tried to enable scripts everywhere that I can see.

I'm running f-prot with -disinf -archive -ai command line switches.

Anyone have any ideas?

Curtis

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Tue Aug 24 22:44:25 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:38 2006
Subject: javascript
Message-ID: <mailman.1067.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Curtis Maurand wrote:
> I'm having trouble with any messages containing javascript. All messages
> containing javascript (like advertisments from my suppliers) are
> summarily deleted.  I've tried to enable scripts everywhere that I can see.
>
> I'm running f-prot with -disinf -archive -ai command line switches.

It's not your virus scanner that is blocking scripts, it's MS itself.
Look at this option in MailScanner.conf:

Allow Script Tags = no

I recommend using disarm instead of either yes or no.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Tue Aug 24 22:46:03 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:38 2006
Subject: javascript
Message-ID: <mailman.1068.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Or a ruleset in order to add your suppliers to a "permitted" list and
everybody else to disarm.

Peter Bonivart wrote:
> Curtis Maurand wrote:
>
>> I'm having trouble with any messages containing javascript. All messages
>> containing javascript (like advertisments from my suppliers) are
>> summarily deleted.  I've tried to enable scripts everywhere that I can
>> see.
>>
>> I'm running f-prot with -disinf -archive -ai command line switches.
>
>
> It's not your virus scanner that is blocking scripts, it's MS itself.
> Look at this option in MailScanner.conf:
>
> Allow Script Tags = no
>
> I recommend using disarm instead of either yes or no.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 24 22:50:00 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:38 2006
Subject: javascript
Message-ID: <mailman.1069.1137101198.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-24 at 16:46 -0500, Alex Neuman van der Hans wrote:
> Or a ruleset in order to add your suppliers to a "permitted" list and
> everybody else to disarm.

Disarm will still deliver the emails without the javascript

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner-user at NELAND.DK  Tue Aug 24 23:29:07 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:38 2006
Subject: Content-Type: text/plain; charset=unknown-8bit after adding footer
Message-ID: <mailman.1070.1137101198.24926.mailscanner@lists.mailscanner.info>

After using MailScanner to add an advert at the bottom of each message "this
message is scanned for spam and virus by..."
some recipients gets a message saying the message can't be read because it
is in a non-supported charset, and one should save the attached message and
read it in an editor which supports the charset. (I won't quote the message
because it is in danish...)

Can I somehow make sendmail pretend the message is in iso-8859-1 if not
listed otherwise?

The mangled message has these lines in the header.

Content-Type: text/plain;     charset=unknown-8bit
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by ...

I've asked the same in comp.mail.sendmail.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gib at TMISNET.COM  Tue Aug 24 23:47:24 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1071.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian.

At 02:42 PM 8/24/2004 +0100, you wrote:
>In which case, have you added the pointer to the external unrar program in
>your clamav-wrapper? I think that was mentioned at the time.

That fixed the problem. Thanks for your help.

gib

>At 14:28 24/08/2004, you wrote:
>>It's passing the viruses on through and delivering them.
>>
>>At 01:45 PM 8/24/2004 +0100, you wrote:
>>>At 13:02 24/08/2004, you wrote:
>>>>Hi All.
>>>>
>>>>FreeBSD 4.10
>>>>Perl 5.8.2
>>>>MailScanner 4.32.4
>>>>clamscan / ClamAV version 0.72
>>>>
>>>>I am getting the following error when running tests from the heise.de site
>>>>on RAR files.
>>>>
>>>>ClamAVModule::ERROR:: RAR module failure.:: ./i7OBkkhH019323/eicar.rar
>>>>
>>>>I've read through the archives, applied the patch to SweepVirus.pm as
>>>>mentioned in e-mails from Julian on Fri, 13 Aug. I've restarted MailScanner
>>>>and had the eicar.rar file resent from heise.de and get the same error.
>>>
>>>But is it detecting the viruses in them?
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pete at EATATHOME.COM.AU  Tue Aug 24 23:54:39 2004
From: pete at EATATHOME.COM.AU (Pete)
Date: Thu Jan 12 21:26:38 2006
Subject: LDAP and sendmail using perl!
Message-ID: <mailman.1072.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris Lyon wrote:

>I have been doing some research on how to get sendmail to only accept e-
>mails from valid systems. I also saw some of the past posts on LDAP and
>sendmail but I don't have access to the servers nor can I put a vb script
>on them to pull that information. So instead, I wrote a script to use LDAP
>to pull all the valid e-mail address from the LDAP tree. So I have all the
>vaild ones but can't figure out the right way to implement it.
>
>Based on my research I image I need to populate the /etc/mail/access file
>with all the e-mail addresses
>
>Quote:
>sample
>
>To: valid@address.com OK
>
>
>But how is that going to work? Should there be a deny somewhere? Any words
>of wizdom would be great!
>
>
>BTW, Once I have this tested I would be more then happy to release the
>script!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
>
>
See the links to the maq above, it has already been writen and
instructions provided by others, there is no need for you to recreate
this process.
Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cslyon at QXZI.NET  Wed Aug 25 00:16:32 2004
From: cslyon at QXZI.NET (Chris Lyon)
Date: Thu Jan 12 21:26:38 2006
Subject: LDAP and sendmail using perl!
Message-ID: <mailman.1073.1137101198.24926.mailscanner@lists.mailscanner.info>

I have been doing some research on how to get sendmail to only accept e-
mails from valid systems. I also saw some of the past posts on LDAP and
sendmail but I don't have access to the servers nor can I put a vb script
on them to pull that information. So instead, I wrote a script to use LDAP
to pull all the valid e-mail address from the LDAP tree. So I have all the
vaild ones but can't figure out the right way to implement it.

Based on my research I image I need to populate the /etc/mail/access file
with all the e-mail addresses

Quote:
sample

To: valid@address.com OK


But how is that going to work? Should there be a deny somewhere? Any words
of wizdom would be great!


BTW, Once I have this tested I would be more then happy to release the
script!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Wed Aug 25 01:06:23 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:38 2006
Subject: LDAP and sendmail using perl!
Message-ID: <mailman.1074.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Pete wrote:

> Chris Lyon wrote:
>
>> I have been doing some research on how to get sendmail to only accept e-
>> mails from valid systems. I also saw some of the past posts on LDAP and
>> sendmail but I don't have access to the servers nor can I put a vb
>> script
>> on them to pull that information. So instead, I wrote a script to use
>> LDAP
>> to pull all the valid e-mail address from the LDAP tree. So I have
>> all the
>> vaild ones but can't figure out the right way to implement it.
>>
>> Based on my research I image I need to populate the /etc/mail/access
>> file
>> with all the e-mail addresses
>

LDAP is a good way to prevent you from accepting mail FOR non-existent
users.
Your script is one way to use the LDAP routing feature, and it has it's
advantages.
The MAQ discusses the file format that you'd need on the mailscanner
machine.
http://www.mailscanner.biz/maq/#whatifijust

Another (pure LDAP) method is discussed in this thread.
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0406&L=mailscanner&T=0&F=&S=&P=55620
And this is discussed in at least one other thread on this list.

Only accepting mail FROM your own servers can be configured w/ the
access file.

Only accepting mail FROM "valid systems" on the internet can be handled
w/ RBLs, and/or the SPF method, both of which have their
advantages+disadvantages, are not specific to mailscanner, and are
discussed in many threads on the mailscanner list, as well as other
mailing lists, and sites all over the internet.

The "deny" (aka anti-relay)  feature that you're looking for is default
sendmail behavior.
That's not to say that your distro's sendmail.mc/cf isn't
[mis]configured to allow relaying.

The trick is to make sure that there are not any overly permissive relay
rules in your configs.
Read here for info:
http://sendmail.org/tips/relaying.html
http://sendmail.org/

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cs at SCHULTE.IT  Wed Aug 25 01:19:27 2004
From: cs at SCHULTE.IT (Christian Schulte)
Date: Thu Jan 12 21:26:38 2006
Subject: Content-Type: text/plain; charset=unknown-8bit after adding
    footer
Message-ID: <mailman.1075.1137101198.24926.mailscanner@lists.mailscanner.info>

Leif Neland wrote:
> After using MailScanner to add an advert at the bottom of each message "this
> message is scanned for spam and virus by..."
> some recipients gets a message saying the message can't be read because it
> is in a non-supported charset, and one should save the attached message and
> read it in an editor which supports the charset. (I won't quote the message
> because it is in danish...)
>
> Can I somehow make sendmail pretend the message is in iso-8859-1 if not
> listed otherwise?

I think you want to put

define(`confSEVEN_BIT_INPUT', `false')dnl
define(`confEIGHT_BIT_HANDLING', `mime')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl

in your sendmail.mc.

> Content-Type: text/plain;     charset=unknown-8bit
> Content-Transfer-Encoding: quoted-printable
> X-MIME-Autoconverted: from 8bit to quoted-printable by ...

should then become

Content-Type: text/plain;     charset=iso-8859-1
Content-Transfer-Encoding: 8bit
                           ^^^^

This will of course lead to the client displaying wrong characters if
the 8 bit data is not encoded in DEF_CHAR_SET. Sendmail just adds
DEF_CHAR_SET charset definition for messages containing 8 bit data but
no charset definition and cannot do anything more about the 8 bit data.

Since this is a sendmail feature to workaround broken clients which do
not define the charset where they should your

> some recipients gets a message saying the message can't be read
> because it is in a non-supported charset, and one should save the
> attached message and read it in an editor which supports the charset.

problem could become a some recipient gets a message which the MUA does
not display correctly since sendmail told it to use iso-8859-1 but the
actual 8 bit message data is encoded in e.g. UTF-8 problem.

--
Christian Schulte

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at mailscanner.info  Wed Aug 25 04:15:01 2004
From: admin at mailscanner.info (admin@mailscanner.info)
Date: Thu Jan 12 21:26:38 2006
Subject: The Sun Cobalt server is very low on memory
Message-ID: <mailman.1076.1137101198.24926.mailscanner@lists.mailscanner.info>

Memory on the Sun Cobalt server is heavily used.
The Sun Cobalt server needs more memory than it currently has.
Consider adding more DRAM to the server.

Total memory is:	259308 KB
Used memory is:	247072 KB
Free memory is:	12236 KB
Percent used is:	95

From admin at mailscanner.info  Wed Aug 25 04:45:00 2004
From: admin at mailscanner.info (admin@mailscanner.info)
Date: Thu Jan 12 21:26:38 2006
Subject: The Sun Cobalt server is very low on memory
Message-ID: <mailman.1077.1137101198.24926.mailscanner@lists.mailscanner.info>

Memory on the Sun Cobalt server is heavily used.
The Sun Cobalt server needs more memory than it currently has.
Consider adding more DRAM to the server.

Total memory is:	259308 KB
Used memory is:	246992 KB
Free memory is:	12316 KB
Percent used is:	95

From Jan-Peter.Koopmann at SECEIDOS.DE  Wed Aug 25 06:44:52 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:38 2006
Subject: Clamscan and RAR failures
Message-ID: <mailman.1078.1137101198.24926.mailscanner@lists.mailscanner.info>

On Wednesday, August 25, 2004 12:47 AM MailScanner mailing list wrote:

> That fixed the problem. Thanks for your help.

Good to hear that. BTW: Is it really too much asked to strip your quotes
down a bit? It's great that you actually quoted in the correct way but
why did you not delete everything after "gib"? That is entirely
pointless.

Gib, do not take it personal but quoting on this list is miserable and
on some mornings I just have to point it out... :-)


Kind regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From m.sapsed at BANGOR.AC.UK  Wed Aug 25 08:55:42 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:38 2006
Subject: version information.
Message-ID: <mailman.1079.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John Rudd wrote:
> It seems like everyone else glossed past this part of it, so I'll answer
> it.
>
> 1) Sophos releases a new minor number version for the scanning engine
> every month.  They're up to 3.84 right now.
>
> 2) They only provide updates for the current version, and the most
> recent two versions (3.84, 3.83, and 3.82) (and they do something to
> keep you from being able to use IDE's with the wrong version number).

My impression is that it ignores IDEs older than 90 days.

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Wed Aug 25 11:11:34 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:38 2006
Subject: double message
Message-ID: <mailman.1080.1137101198.24926.mailscanner@lists.mailscanner.info>

Again this is going bad. Even messages
incoming handled by maiolman and going to
list members get out twice with as huge
list this is realy bad.

-------------------------------------------------------
Incoming to a email address which is an mailman list:
-------------------------------------------------------

Aug 25 11:11:20 bromberg sendmail[7846]: i7P9ARZH007846:
from=<************>, size=63183, class=0, nrcpts=1,
msgid=<000801c48a83$11686660$ce4579c3@nvt2pj3ipvtra5>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-07.ad.vevida.net
[213.19.161.178]

Aug 25 11:11:20 bromberg sendmail[7847]: i7P9ARZH007847:
from=<************>, size=63183, class=0, nrcpts=1,
msgid=<000801c48a83$11686660$ce4579c3@nvt2pj3ipvtra5>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-04.ad.vevida.net
[213.19.161.175]


-------------------------------------------------------
send double to me
-------------------------------------------------------

Aug 25 11:14:31 bromberg sendmail[7932]: i7P9BYZ3007906:
to=<m.althoff AT ****.****.nl>, delay=00:02:57,
xdelay=00:00:00, mailer=local, pri=838745, dsn=2.0.0, stat=Sent

Aug 25 11:14:58 bromberg sendmail[7932]: i7P9BXZ3007905:
to=<m.althoff AT ****.****.nl>, delay=00:03:24,
xdelay=00:00:00, mailer=local, pri=838745, dsn=2.0.0, stat=Sent

-------------------------------------------------------
THIS IS BAD!!!!
-------------------------------------------------------

Aug 25 11:14:33 bromberg sendmail[7932]: i7P9BYZ3007906:
to=<listmember1@address.tld>, <listmember2@address.tld>,
delay=00:02:59, xdelay=00:00:02, mailer=esmtp,
pri=838745, relay=smtpcp.12move.nl. [62.235.14.116],
dsn=2.0.0, stat=Sent (<412136E4006206E6> Mail accepted)

Aug 25 11:14:59 bromberg sendmail[7932]: i7P9BXZ3007905: to=
<listmember1@address.tld>, <listmember2@address.tld>,
delay=00:03:25, xdelay=00:00:01, mailer=esmtp, pri=838745,
relay=smtpcp.12move.nl. [62.235.14.116], dsn=2.0.0,
stat=Sent (<412136AD0061B161> Mail accepted)

It looks like messages send to list members get out twice.
Realy need to solve this soon these are lists with over
30 members!

-------------------------------------------------------
AT 11:54 a message from the office send looks ok again.
-------------------------------------------------------

Aug 25 11:54:30 bromberg sendmail[8727]:
i7P9sOZ1008727: from=<*********>,
size=1570, class=0, nrcpts=1,
msgid=<633B8EEBF789A74FAB99D6DA0C0E7383249410@****-**.****.**>,
proto=ESMTP, daemon=MTA, relay=bsmtp2.xs4all.nl [194.109.127.153]

Aug 25 11:54:37 bromberg MailScanner[21713]:
New Batch: Scanning 1 messages, 2097 bytes
Aug 25 11:54:45 bromberg MailScanner[21713]:
Virus and Content Scanning: Starting
Aug 25 11:54:46 bromberg MailScanner[21713]:
Content Checks: Need to convert HTML to plain text in 1 messages
Aug 25 11:54:46 bromberg MailScanner[21713]:
Content Checks: Detected and will convert HTML message to plain text in
i7P9sOZ1$
Aug 25 11:54:47 bromberg MailScanner[21713]:
Uninfected: Delivered 1 messages
Aug 25 11:54:47 bromberg MailScanner[21713]:
MailScanner child dying of old age
Aug 25 11:54:48 bromberg MailScanner[8739]:
MailScanner E-Mail Virus Scanner version 4.32.5 starting...
Aug 25 11:54:47 bromberg sendmail[8741]:
i7P9sOZ1008727: to=<m.althoff AT ****.****.nl>,
delay=00:00:17, xdelay=00:00:00, $
Aug 25 11:54:49 bromberg MailScanner[8739]:
Using locktype = posix
Aug 25 11:54:49 bromberg MailScanner[8739]:
Creating hardcoded struct_flock subroutine for linux (Linux-type)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Wed Aug 25 15:10:25 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:38 2006
Subject: double message
Message-ID: <mailman.1081.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matthijs Althoff wrote:

>Again this is going bad. Even messages
>incoming handled by maiolman and going to
>list members get out twice with as huge
>list this is realy bad.
>
>-------------------------------------------------------
>Incoming to a email address which is an mailman list:
>-------------------------------------------------------
>
>Aug 25 11:11:20 bromberg sendmail[7846]: i7P9ARZH007846:
>from=<************>, size=63183, class=0, nrcpts=1,
>msgid=<000801c48a83$11686660$ce4579c3@nvt2pj3ipvtra5>,
>proto=ESMTP, daemon=MTA, relay=net3-nl-mail-07.ad.vevida.net
>[213.19.161.178]
>
>Aug 25 11:11:20 bromberg sendmail[7847]: i7P9ARZH007847:
>from=<************>, size=63183, class=0, nrcpts=1,
>msgid=<000801c48a83$11686660$ce4579c3@nvt2pj3ipvtra5>,
>proto=ESMTP, daemon=MTA, relay=net3-nl-mail-04.ad.vevida.net
>[213.19.161.175]
>
>  
>
Matthijs,

Looks like the messages are coming in from 2 different hosts!  Look at 
the relay= above.  Maybe the problem stems from there...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Wed Aug 25 17:46:19 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:38 2006
Subject: double message
Message-ID: <mailman.1082.1137101198.24926.mailscanner@lists.mailscanner.info>

On Wed, 25 Aug 2004 10:10:25 -0400, Denis Beauchemin
<Denis.Beauchemin@USHERBROOKE.CA> wrote:

>Looks like the messages are coming in from 2 different hosts!  Look at
>the relay= above.  Maybe the problem stems from there...

There are several domains I administrate:

bromberg.xs4all.nl : mail is send to me as bsmtp
althoffcentral.com : etrn smtp (*)
cycloongroep.nl    : etrn smtp (*)

(*) every 5 minutes from a script a etrn is send to
    mail.althoffcentral.com and mail.cycloongroep.nl
    a relay at my provider to start sending mail
    to me.

$ host mail.althoffcentral.com

mail.althoffcentral.com is an alias for mail.vevida.com.
mail.vevida.com has address 213.19.161.175

$ host mail.cycloongroep.nl

mail.cycloongroep.nl is an alias for mx1.vevida.com.
mx1.vevida.com has address 213.19.161.178

I have a few pop account users (family members and a domain
for the office) for which I pop their email into my system
scan it for virusses etc and put into a local user account
which they pop from home and this seems not be effected.

----------------------------------------------------
a message to althoffcentral.com double and diff relay
----------------------------------------------------

Aug 25 17:10:27 bromberg sendmail[19221]: i7PFARAV019221:
from=<address@adress.tld>, size=4041, class=0, nrcpts=1,
msgid=<net3-nl-iis-07jCRGr00002248@net3-nl-iis-07.ad.vevida.net>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-04.ad.vevida.net
[213.19.161.175]

Aug 25 17:10:27 bromberg sendmail[19222]: i7PFARAV019222:
from=<address@adress.tld>, size=4041, class=0, nrcpts=1,
msgid=<net3-nl-iis-07jCRGr00002248@net3-nl-iis-07.ad.vevida.net>,
proto=ESMTP, daemon=MTA, relay=net3-nl-mail-07.ad.vevida.net
[213.19.161.178]

----------------------------------------------------
a message from xs4all webmail to home same relays
----------------------------------------------------

Aug 25 18:12:11 bromberg sendmail[20570]: i7PGCBAT020570:
from=<fromme@tome.tld>, size=1343, class=0,
nrcpts=1, msgid=<25320.82.92.118.67.1093450332.squirrel@webmail.xs4all.nl>,
proto=ESMTP, daemon=MTA, relay=bsmtp5.xs4all.nl [194.109.127.150]

Aug 25 18:12:11 bromberg sendmail[20570]: i7PGCBAU020570:
from=<fromme@tome.tld>, size=1343, class=0,
nrcpts=1, msgid=<25320.82.92.118.67.1093450332.squirrel@webmail.xs4all.nl>,
proto=ESMTP, daemon=MTA, relay=bsmtp5.xs4all.nl [194.109.127.150]

Mayby my setup is scewed or I misconfigured or forgot something?

----------------------------------------------------
access.db
----------------------------------------------------

localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
10.10                           RELAY
xxx.xxx.xxx.xxx                 RELAY (xxx is outside office)
xxx.xxx.xxx.xxx                 RELAY (xxx is outside office)

----------------------------------------------------
local-host-names
----------------------------------------------------

# local-host-names - include all aliases for your machine here.
bromberg.althoffcentral.com (this is my linux machine)
althoffcentral.com
bromberg.xs4all.nl
cycloongroep.nl

Is this where it might go wrong?

----------------------------------------------------
virtusertable
----------------------------------------------------

user1 AT subdomain.xs4all.nl            localuser1
user2 AT subdomain.xs4all.nl            localuser2
user1 AT althoffcentral.com             localuser1
user2 AT althoffcentral.com             localuser2
user1 AT cycloongroep.nl                localuser2
user2 AT cycloongroep.nl                localuser2

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From cwharris at MORGAN.NET  Wed Aug 25 18:14:45 2004
From: cwharris at MORGAN.NET (Chris Harris)
Date: Thu Jan 12 21:26:38 2006
Subject: Filename Rules
Message-ID: <mailman.1083.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I have a customer who does not want the filename 
rules applied to his email. Can someone point me in the right direction to 
create a ruleset to not apply these rules to him? </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>THanks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Chris</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From raymond at PROLOCATION.NET  Wed Aug 25 18:18:51 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:38 2006
Subject: Filename Rules
Message-ID: <mailman.1084.1137101198.24926.mailscanner@lists.mailscanner.info>

Hi!

> I have a customer who does not want the filename rules applied to his
> email. Can someone point me in the right direction to create a ruleset
> to not apply these rules to him?

Make a ruleset, and a filename rules2, please search the archive, its been
talked over a couple of times...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Aug 25 18:21:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:38 2006
Subject: Filename Rules
Message-ID: <mailman.1085.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:14 25/08/2004, you wrote:
>I have a customer who does not want the filename rules applied to his
>email. Can someone point me in the right direction to create a ruleset to
>not apply these rules to him?

Create different filename.rules.conf files for the different customers,
then just use a ruleset to point at the relevant file. Sounds like your
customer wants a filename.rules.conf file that says
allow   .       -       -
(separated with tabs). Put this in, for example,
filename.rules.conf.allow.all. Then have a ruleset which says
FromOrTo: customer@awkward.com  /etc/MailScanner/filename.rules.conf.allow.all
FromOrTo: default       /etc/MailScanner/filename.rules.conf

Then just restart or reload MailScanner and away you go.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Aug 25 18:29:12 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Filename Rules
Message-ID: <mailman.1086.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris Harris wrote:

> I have a customer who does not want the filename rules applied to his
> email. Can someone point me in the right direction to create a ruleset
> to not apply these rules to him?
>

There is an example in the FAQ.

> THanks
>
> Chris
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Wed Aug 25 18:37:40 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:38 2006
Subject: Is it OK to use av as milter instead of command scan
Message-ID: <mailman.1087.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

Plaged with problems trying to get MailScanner running with av command scan
using vexira.

Currently have mail system running with sendmail, pop, imap, webmail, vexira
milter, spam assassin and procmail.  RBL checks built into sendmail.cf .

The problem I see is mail would get virus scanned twice.

btb

_________________________________________________________________
Check out Election 2004 for up-to-date election news, plus voter tools and
more! http://special.msn.com/msn/election2004.armx

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Wed Aug 25 19:04:31 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:38 2006
Subject: Explanation needed if not too much to ask....
Message-ID: <mailman.1088.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Please excuse me if this should not have been 
posted on this list...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I have been using Mailscanner for a couple years 
now, it works great.... but over&nbsp;these years, &nbsp;there has been some 
changes in mailscanner and the parts it uses and how there are used, ie 
spamassain, MacAfee, clamav&nbsp;and so on.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Now as for me, &nbsp;my job is to maintain many 
servers for different applications not just mail. So for me I install 
mailscanner and then I go away and all works great, I rarely keep eye over it or 
maintain it unless I start to get more spam coming through as I have many other 
tasks to do other than just make sure the email server is up to par . I have not 
had allot of time to thoroughly understand how&nbsp;Mailscanner works or how it 
use other programs to help it work. I do understand the basics.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Now my question is, is there a document or website 
explaining in detail all of mailscanner and its 3rd party programs it 
uses?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>IE; I am having trouble understanding how 
Spamassasin works&nbsp; using surbl.org? The website of surbl.org does not 
really have much info as to how it actual works and or the terminology it uses , 
like URI's, what an URI??</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I read all the docs and I am still confused.... as 
to how SA works now? I will assume I can use SA by itself(meaning with 
mailscanner)&nbsp;with my own rules and or files, or I can use 
surbl.&nbsp;Should I use both?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>if someone can explain a bit to me and or anyone 
else that may not fully understand how all this stuff works I would really 
appreciate it!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks and my apologies if this question does not 
belong here....</FONT></DIV><FONT face=Arial size=2>
<DIV><BR>Rob....</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From webmaster at EW3D.COM  Wed Aug 25 20:02:39 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:38 2006
Subject: MailScanner not processing mqueue.in
Message-ID: <mailman.1089.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
After battling server overload one morning after finding our T-1 had
been down for about 7 hours, I managed to break MailScanner's ability to
process the mqueue.in messages.

What I did. I had shut down MailScanner (MailScanner-mrtg restarted it)
and started Sendmail to reduce the processing. I also dumped the RBL
lists. Seems I was doing a lot of fighting with not very good results.

Anyway, I seached the archives and couldn't seem to hit upon the right
word combo to find any good info on this. But can someone direct me
toward what I have broken? The mqueue.in directory is catching all the
inbound mail and even though everything appears to be right in my
MailScanner config file, it is refusing to process those emails. If I
move them on mqueue, Sendmail works its way through them just fine.

Thanks,
John Hinton

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug 25 20:17:47 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:38 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1090.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
A friend of mine found a very cool addon for SpamAssassin, could we
implement this in MailScanner too? Looks really neat :)

http://www.numbski.net/softs/quarantine.html


Installing a quarantine for Sendmail's SpamAssassin Milter
This document presumes that you have already followed the instructions for
installing SpamAssassin Milter. As of today, 8-25-2004, those instructions
are out of date. Despite my best intentions to update those docs, I have
not had time to do so. My best reccommendations are to turn of MAILSERVER
in /etc/hostconfig, build the latest sendmail as per the instructions, and
follow the rest as I've instructed. You will still need to move the
existing sendmail binary, as it's just a wrapper for Postfix, and if it's
there, it will cause you problems.

Note: MUCH of the scripts I've written below, and the process of doing
this was ripped directly from Olivier Nicole at
http://www.cs.ait.ac.th/laboratory/email/quarantine.shtml. Mucho Kudos
goes out to this guy for doing a large portion of the work. What you see
below is greatly modified to user more Perl, call fewer external system
binaries (although a few are left, still a work-in-progress!) It also rids
you of calling procmail on every single message, which should make your
CPU thank you!

As I said before, I'm presuming you have a functional spamass-milter
installation and all is working well. The quarantine will work by using
the following method:


spamass-milter processes the message
If it's tagged as spam, rather than deliver it to the intended user,
deliver it to a special 'quarantine' user.
At a regular interval (every 8 hours?) run through the quarantine and send
summaries and instructions to the end users.
Allow the end user to reply to this message, which is from another special
user (quarantine-delivery), process this message, and recover messages as
appropriate.
Expire messages that stay in the quarantine for too long.
Here's what an example notifcation looks like:

Date: Wed, 25 Aug 2004 06:53:41 -0500 (CDT)
From: quarantine-delivery@mydomain.com
To: tonys@mydomain.com
Subject: Quarantined Spam Messages

You have received 2 e-mail(s) that appeared to be unsolicited and were
quarantined.

Quarantined messages are kept for 30 days before they are automatically
removed.

If you wish to see any of the following message(s), reply to this e-mail,
including the lines with the File: information below.

The word File: MUST be in your reply message, along with the filename.

File:   tonys-spam.1093414634.94578
From: "Ollie Salazar"
Subject: [SPAM: 04.80/04.50] Buy cheap Viagra through us.
Date: Wed, 25 Aug 2004 12:22:38 +0600

File:   tonys-spam.1093420512.94819
Date: Wed, 25 Aug 2004 10:34:20 +0200
From: "leif freidman"
Subject: georgia 99% Presc"ription Approval. Any Pi/lls You Want. southpaw

Pretty cool huh? Replying to this would get your messages delivered to
you.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Wed Aug 25 20:22:23 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:38 2006
Subject: MailScanner not processing mqueue.in
Message-ID: <mailman.1091.1137101198.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-08-25 at 20:02, John Hinton wrote:
> What I did. I had shut down MailScanner (MailScanner-mrtg restarted it)
> and started Sendmail to reduce the processing. I also dumped the RBL
> lists. Seems I was doing a lot of fighting with not very good results.
>
> Anyway, I seached the archives and couldn't seem to hit upon the right
> word combo to find any good info on this. But can someone direct me
> toward what I have broken?

Any clues in the logs, presumably you've stopped MailScanner and started
it again?

BTW the MailScanner-MRTG issue is solved in the latest unstable version
- it now does not attempt to restart MailScanner if it was stopped with
the init script.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Wed Aug 25 20:23:35 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:38 2006
Subject: Explanation needed if not too much to ask....
Message-ID: <mailman.1092.1137101198.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob wrote:

> Please excuse me if this should not have been posted on this list...
>
>
> I have been using Mailscanner for a couple years now, it works great....
> but over these years,  there has been some changes in mailscanner and
> the parts it uses and how there are used, ie spamassain, MacAfee,
> clamav and so on.
>
> Now as for me,  my job is to maintain many servers for different
> applications not just mail. So for me I install mailscanner and then I
> go away and all works great, I rarely keep eye over it or maintain it
> unless I start to get more spam coming through as I have many other
> tasks to do other than just make sure the email server is up to par . I
> have not had allot of time to thoroughly understand how Mailscanner
> works or how it use other programs to help it work. I do understand the
> basics.
>
> Now my question is, is there a document or website explaining in detail
> all of mailscanner and its 3rd party programs it uses?
>
> IE; I am having trouble understanding how Spamassasin works  using
> surbl.org? The website of surbl.org does not really have much info as to
> how it actual works and or the terminology it uses , like URI's, what an
> URI??
>
> I read all the docs and I am still confused.... as to how SA works now?
> I will assume I can use SA by itself(meaning with mailscanner) with my
> own rules and or files, or I can use surbl. Should I use both?

SURBL is just more tests added to SpamAssassin, but you need an
additionnal module to use it.  See www.fsl.com/support for a special
package with installation.  SURBL is one of the best tools to catch spam.

>
> if someone can explain a bit to me and or anyone else that may not fully
> understand how all this stuff works I would really appreciate it!
>
> Thanks and my apologies if this question does not belong here....
>
> Rob....
>
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cparker at SWATGEAR.COM  Wed Aug 25 20:23:39 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1093.1137101198.24926.mailscanner@lists.mailscanner.info>

Remco Barendse <mailto:mailscanner@BARENDSE.TO>
    on Wednesday, August 25, 2004 12:18 PM said:

> The word File: MUST be in your reply message, along with the filename.
> 
> File:   tonys-spam.1093414634.94578
> From: "Ollie Salazar"
> Subject: [SPAM: 04.80/04.50] Buy cheap Viagra through us.
> Date: Wed, 25 Aug 2004 12:22:38 +0600
> 
> File:   tonys-spam.1093420512.94819
> Date: Wed, 25 Aug 2004 10:34:20 +0200
> From: "leif freidman"
> Subject: georgia 99% Presc"ription Approval. Any Pi/lls You Want.
> southpaw 
> 
> Pretty cool huh? Replying to this would get your messages delivered to
> you.

you mean the user has to reply with something like this?

File: tonys-spam.1093414634.94578
File: tonys-spam.1093420512.94819


if so, that's a bit too complicated for the average user. or maybe i
don't understand the way this works?


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Wed Aug 25 20:24:59 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner not processing mqueue.in
Message-ID: <mailman.1094.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John Hinton wrote:

> After battling server overload one morning after finding our T-1 had
> been down for about 7 hours, I managed to break MailScanner's ability to
> process the mqueue.in messages.
>
> What I did. I had shut down MailScanner (MailScanner-mrtg restarted it)
> and started Sendmail to reduce the processing. I also dumped the RBL
> lists. Seems I was doing a lot of fighting with not very good results.
>
> Anyway, I seached the archives and couldn't seem to hit upon the right
> word combo to find any good info on this. But can someone direct me
> toward what I have broken? The mqueue.in directory is catching all the
> inbound mail and even though everything appears to be right in my
> MailScanner config file, it is refusing to process those emails. If I
> move them on mqueue, Sendmail works its way through them just fine.

OS?

Anything weird in your logs?

>
> Thanks,
> John Hinton
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Aug 25 20:28:26 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1095.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It doesn't need to be implemented in MailScanner at all, it's just a fancy
quarantine management system. Anyone fancy writing a system like this?
Extra add-ons like this aren't really my area, I concentrate on the core
and leave others to "add value" by implementing systems like this.

At 20:17 25/08/2004, you wrote:
>A friend of mine found a very cool addon for SpamAssassin, could we
>implement this in MailScanner too? Looks really neat :)
>
>http://www.numbski.net/softs/quarantine.html
>spamass-milter processes the message
>If it's tagged as spam, rather than deliver it to the intended user,
>deliver it to a special 'quarantine' user.
>At a regular interval (every 8 hours?) run through the quarantine and send
>summaries and instructions to the end users.
>Allow the end user to reply to this message, which is from another special
>user (quarantine-delivery), process this message, and recover messages as
>appropriate.
>Expire messages that stay in the quarantine for too long.


--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From joshua.hirsh at PARTNERSOLUTIONS.CA  Wed Aug 25 20:44:23 2004
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua)
Date: Thu Jan 12 21:26:39 2006
Subject: Postfix / Archive Mail duplicates
Message-ID: <mailman.1096.1137101199.24926.mailscanner@lists.mailscanner.info>

Michael: Were you ever able to track this down?

 I just recently enabled the Archive Mail function and am running into the
same bug. Oddly enough, it only happens on incoming mail. Outgoing mail is
handled correctly.

 No mail is kept locally on the server. It's just the gateway.


 The only real noticeable difference is that I only scan the incoming
messages for SPAM.



 Julian: Any ideas?



 The original discussion is here:


http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0403&L=mailscanner&P=R143409&
I=-1


 -Joshua


> -----Original Message-----
> From: Michael Pacey [mailto:michael@WD21.CO.UK]
> Sent: Tuesday, March 23, 2004 4:15 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Postfix / Archive Mail duplicates
>
>
> I have noticed that if my Archive Mail account is a remote account (an
> SMTP hop away) then the correct number of mails (1) is
> delivered to that
> account, not the incorrect number (2).
>
> Where is the Archive Mail function handled in MailScanner?
> I've trawled
> through the MailScanner code and I can't find it (at least, I
> can't find
> any code which looks like it reads this config option, using grep).
>
> I'm pulling my hair out!
>
> Cheers!
> --
> Michael Pacey <michael@wd21.co.uk>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alexn at teleserv.ru  Wed Aug 25 21:11:36 2004
From: alexn at teleserv.ru (XXXXXXXXX XXXXXXXXX XXXXXXXXX)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1097.1137101199.24926.mailscanner@lists.mailscanner.info>

Hello!

Please help, whats happend, MailScanner is starvation, and then do
it nothing.

---cut here log---
Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
---cut here log---

Thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Aug 25 21:15:30 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1098.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I haven't tried it but if i read it correctly replying is enough to get
the mail delivered

You are getting a digest though, so there are several mail summaries in
the message body, you just delete what you don't want and it will send the
rest of them :)

On Wed, 25 Aug 2004, Chris W. Parker wrote:

> Remco Barendse <mailto:mailscanner@BARENDSE.TO>
>    on Wednesday, August 25, 2004 12:18 PM said:
>
>> The word File: MUST be in your reply message, along with the filename.
>>
>> File:   tonys-spam.1093414634.94578
>> From: "Ollie Salazar"
>> Subject: [SPAM: 04.80/04.50] Buy cheap Viagra through us.
>> Date: Wed, 25 Aug 2004 12:22:38 +0600
>>
>> File:   tonys-spam.1093420512.94819
>> Date: Wed, 25 Aug 2004 10:34:20 +0200
>> From: "leif freidman"
>> Subject: georgia 99% Presc"ription Approval. Any Pi/lls You Want.
>> southpaw
>>
>> Pretty cool huh? Replying to this would get your messages delivered to
>> you.
>
> you mean the user has to reply with something like this?
>
> File: tonys-spam.1093414634.94578
> File: tonys-spam.1093420512.94819
>
>
> if so, that's a bit too complicated for the average user. or maybe i
> don't understand the way this works?
>
>
> Chris.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Aug 25 21:17:21 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1099.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I don't know a thing about c0ding but I guess it means that it would be
basically stripping loads of code from the existing package as MailScanner
already does the filter and quarantine bit :)


On Wed, 25 Aug 2004, Julian Field wrote:

> It doesn't need to be implemented in MailScanner at all, it's just a fancy
> quarantine management system. Anyone fancy writing a system like this?
> Extra add-ons like this aren't really my area, I concentrate on the core
> and leave others to "add value" by implementing systems like this.
>
> At 20:17 25/08/2004, you wrote:
>> A friend of mine found a very cool addon for SpamAssassin, could we
>> implement this in MailScanner too? Looks really neat :)
>>
>> http://www.numbski.net/softs/quarantine.html
>> spamass-milter processes the message
>> If it's tagged as spam, rather than deliver it to the intended user,
>> deliver it to a special 'quarantine' user.
>> At a regular interval (every 8 hours?) run through the quarantine and send
>> summaries and instructions to the end users.
>> Allow the end user to reply to this message, which is from another special
>> user (quarantine-delivery), process this message, and recover messages as
>> appropriate.
>> Expire messages that stay in the quarantine for too long.
>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alexn at TELESERV.RU  Wed Aug 25 21:47:16 2004
From: alexn at TELESERV.RU (XXXXXXXXX XXXXXXXXX XXXXXXXXX)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1100.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi. Íîâîæåíèí.

>>Can you give some additional information?
of course
>>What Operating System? Linux, BSD, Sun, etc.
Linux RH.7.3
>>What is the Mail Transport Agent? Sendmail, Qmail, etc.
Postfix -  last version.
>>What version of MailScanner?
4.32.5
>>Had MailScanner worked at any time?
Yea, MailScanner is stoped when somebody send message without some "C
record". What is this???

>>greyhair.

> Hello!
> 
> Please help, whats happend, MailScanner is starvation, and then do
> it nothing.
> 
> ---cut here log---
> Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
> Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
> Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
> ---cut here log---
> 
> Thanks.
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From webmaster at EW3D.COM  Wed Aug 25 22:25:30 2004
From: webmaster at EW3D.COM (John Hinton)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner not processing mqueue.in
Message-ID: <mailman.1101.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> OS?
>
> Anything weird in your logs?

Duh... :( Right there in my maillog! Config errors with line numbers and
everything!

I've been using the Webmin interface to MailScanner (I think there is an
update for the verion I'm running actually), but it seems that there was
no 'yes' or 'no' set on two lines both dealing with SpamAssassin.

Check SpamAssassin If On Spam List =
Spam Score =

Put a no into each of these and darn if it didn't kick right off! Here I
was looking for a MailScanner log and there in maillog was all I needed
to know.... or at least all I needed to know about this one issue. ;)

Sorry to be taking up the bandwidth.

And FYI, I'm running Whitebox Enterprise Linux (a RHEL clone), for those
who care to know.

John Hinton

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Wed Aug 25 22:45:52 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1102.1137101199.24926.mailscanner@lists.mailscanner.info>

When adding a signature, MailScanner adds this line:
MIME-Version: 1.0

But appearently this line also requires a charset-line.

Because later in the chain of sendmails, when the next receiving mailserver
doesn't accept 8-bit, this get added, and an exchange-server can't read the
message:

Content-Type: text/plain; charset=unknown-8bit
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by

In comp.mail.sendmail I got this:

"Actually the fact that using MailScanner causes the problem implies that
it (or perhaps your configuration of it) is rather broken - either it
drops an existing charset= parameter that was correct, or it adds some
MIME-part that needs a charset= parameter (due to not being US-ASCII)
but doesn't have one, or it adds "raw 8-bit" text to a (non-MIME)
message that didn't have any originally. Or something like that.

--Per Hedeland
per@hedeland.org"

Could we get this fixed? :-)

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Wed Aug 25 23:32:02 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1103.1137101199.24926.mailscanner@lists.mailscanner.info>

Chris W. Parker wrote on         Wed, 25 Aug 2004 12:23:39 -0700:

> if so, that's a bit too complicated for the average user. or maybe i
> don't understand the way this works?
>

What's complicated about this? You get a message like this.

some data about the mail here (from, to, spam score subject)
File: tonys-spam.1093414634.94578

and you simply reply and quote it:

> some data about the mail here (from, to, spam score subject)
> File: tonys-spam.1093414634.94578
>

That's it.



Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Wed Aug 25 23:32:02 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1104.1137101199.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Wed, 25 Aug 2004 20:28:26 +0100:

> It doesn't need to be implemented in MailScanner at all, it's just a 
fancy
> quarantine management system. Anyone fancy writing a system like this?
> Extra add-ons like this aren't really my area, I concentrate on the core
> and leave others to "add value" by implementing systems like this.
>

We use a system called "MailCorral" since long which has a quite advanced 
management system for quarantines, it works in connection with a special 
sendmail milter of the same name, not with MailScanner, but the quarantine 
management is completely in Perl and separate. It works more or less like 
it was described here. It scans the quarantine at chosen intervals and 
mails a detailed summary to the recipient user. We all also provide an 
option in the domain's control center to start a spam report at any time. 
So, all mail for a user, no matter which email address it was sent to, 
gets summarized in one email. You either click a link for getting one 
message or quote several blocks and send them back. Same happens for virus 
mail, just that it is sent right-away, but without the body and a notice 
how to retrieve it. I already contemplated re-vamping this system, but 
fortunately we aren't pressured much at doing so at the moment :-) I use 
MailCorral on all of our client machines and MailScanner only on the 
machines which are used directly for us because MailScanner + Spamassassin 
is so ressource hungry. One the MailScanner systems I simply use Mailwatch 
for releasing quarantined messages. Not so nice but it works.

One problem I see with the current quarantine is that you don't know which 
mail is for whom. So, the script has not only to excerpt relevant parts of 
the mail, but also the target. This involves a lot more processing and 
will maybe generate several reports to a target user instead of just one. 
The quarantine system here and ours as well overcome this problem by 
naming the files in a way that you just need to scan the file names to 
know which user they are bound to. This makes it much easier. It would be 
nice if MailScanner could do something about the filenames here, however, 
I guess, you simply don't know the final recipient, because sendmail is 
responsible for the final delivery. But it might be possible to put the 
domain or target email address in the file name or at least quarantine all 
mail for one domain in a single subdirectory for each day instead of 
putting them all in one hierarchy.
Another and probably better approach would be to take out all the 
information from the MySQL DB which was already filled by Mailwatch. It 
should be everything there except for the final recipient user. Grabbing 
it from there will take much less processing. A nice extra would be to run 
a script before it and resolve all email addresses to the final user. 
That's probably the way to go and I suppose something like that is already 
in use here and there.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at NKPANAMA.COM  Thu Aug 26 01:27:20 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:39 2006
Subject: javascript
Message-ID: <mailman.1105.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Exactly.

Michele Neylon : Blacknight Solutions wrote:

> On Tue, 2004-08-24 at 16:46 -0500, Alex Neuman van der Hans wrote:
>
>>Or a ruleset in order to add your suppliers to a "permitted" list and
>>everybody else to disarm.
>
>
> Disarm will still deliver the emails without the javascript
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> http://www.blacknight.ie
> 059 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at WOFS.COM  Thu Aug 26 03:13:59 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1106.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

Okay, I know the question about mailscanner and server load has been
discussed before but i this seems to be a little different.

My server specs is as below :

Celeron 1.3GHz, 512MB RAM, 60GB HDD, Redhat Linux 7.3, Ensim Pro 3.5.23

MailScanner 4.32.5-1
SpamAssassin 2.64
MySql 3.23.58
ClamAV 0.75
MailWatch 0.5.1
sendmail as MTA

The problem is that after updating the packages, my server's load is very
high. Before that it was around 3.5. After upgrade, it ran up to above 30
for few 30 minutes before coming back down to around 3.0 now. I have not
enabled SURBL yet. But the only reason i upgraded is to use SURBL. But now,
since the load is kinda high, I am afraid to run SURBL (with SpamCopURI)
which would definitely increase the load. I do not run DNS server locally.
I am resolving DNS using my webhost's. Would that increase the load if I
run SURBL?

My question is, what can I do to lower the load? How much load would it
reduce if I upgrade to 1GB RAM?

What if I get another server dedicated in handling mails? This server would
be used for websites. How would things work if I have 2 server? Anyone
would give a simple guild to doing this? I know I would then need to run a
DNS server which would route MX records to the 2nd server, right?

Thanks in advance.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From webalizer at nwcweb.com  Thu Aug 26 03:55:49 2004
From: webalizer at nwcweb.com (David J. Duffner - NWCWEB.com)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1107.1137101199.24926.mailscanner@lists.mailscanner.info>

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of kfliong
>Sent: Wednesday, August 25, 2004 10:14 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Mailscanner and server load
>
>
>Hi,
>
>Okay, I know the question about mailscanner and server load has been
>discussed before but i this seems to be a little different.
>
>My server specs is as below :
>
>Celeron 1.3GHz, 512MB RAM, 60GB HDD, Redhat Linux 7.3, Ensim Pro 3.5.23
>
>MailScanner 4.32.5-1
>SpamAssassin 2.64
>MySql 3.23.58
>ClamAV 0.75
>MailWatch 0.5.1
>sendmail as MTA
>
>The problem is that after updating the packages, my server's 
>load is very high. Before that it was around 3.5. After upgrade, it ran up 
>to above 30 for few 30 minutes before coming back down to around 3.0 now. 
>I have not enabled SURBL yet. But the only reason i upgraded is to use 
>SURBL. But now, since the load is kinda high, I am afraid to run SURBL (with 
>SpamCopURI) which would definitely increase the load. I do not run DNS 
>server locally. I am resolving DNS using my webhost's. Would that increase the 
>load if I run SURBL?

        First, if you're where I think you are with hosting for this
box then I can see a few issues you can clear up right away:

        #1 - take the plunge and upgrade to Ensim Pro 4.XX on either
RHEL or Fedora Core 1.  Sucker will run MUCH smoother with that
upgrade and it's all free for the taking from Ensim.  We had a few
issues with 3.5.XX that went away with the in-box upgrade for 3.7
and went out the door completely when taking it up to 4.XX on FC1.
Many will suggest RHEL, in hindsight we'd have probably gone that
route so it's your option.  ALWAYS do the Standalone, don't touch
the ServerAdvantage (or whatever they call it) from Ensim as that's
still buggy as all getout.

        #2 - running a virtual copy of that machine with the upgrades
mentioned, but it came from where you were.  Some modules even later
versions than you show.

        #3 - DON'T PANIC on load averages.  We're using MRTG and MailScanner
MRTG and they don't agree with load averages, so you're not seeing a
realtime accurate report!  We went into panic mode, turned out the
reason you see those as 'averages' is that it's spiking MailScanner
every so often, but the sampling rate in straight MRTG is taking
those little spikes as gospel and giving you the false info.  Sit
and watch 'top' for awhile and you'll see the pattern emerge.

        There are others here who may have suggestions to tweak those
spikes down a little, that can't hurt.  But overall you're seeing
an illusion, we finally got a grip on it as MailScanner MRTG samples
at a different rate and is giving us a REAL average to work with on
loads.  Straight MRTG has some other reporting issues we're trying
to work out, but it's seconds from getting stripped off the boxes
rather than waste time on it.

        #4 - We're running 5 sources in MailScanner without any issues,
so adding SURBL shouldn't cause you pain!

        #5 - MailWatch, if you have it working 100%, will most likely
need attention if you upgrade Ensim Pro.  We installed it after going
up to 3.7.XX and it's not working as well as we'd like but does do 
the basic job we require of it.  Tons of posts in the forum for your
Host on this one...

>My question is, what can I do to lower the load? How much load would it
>reduce if I upgrade to 1GB RAM?

        Load - slight tweaking but again it's an illusion.

        RAM - Hey, we all could use more RAM, never hurts to bump it
up but in this case it's not the cure as you're getting data the CPU's
overloading (which it's not at a rate to panic about) and the RAM 
really has no bearing on improving that, just gives more room for
additional processes to run which will tax the system if you turn
things like copies of MailScanner (concurrent) up.  Save the $$, stay
at 512MB unless you see a real reason or someone here thinks it's an
absolute requirement to do so.

>What if I get another server dedicated in handling mails? This 
>server would be used for websites. How would things work if I have 2 server?
Anyone
>would give a simple guild to doing this? I know I would then 
>need to run a DNS server which would route MX records to the 2nd server, right?

        All possible, all do-able, posts galore in Ensim's forums and
your Host's (if I'm guess right) forums as well.  Again, never hurts
but you're seeing a problem that doesn't exist.  If you host over 50
domains on that box, then some tweaks need to come into play and 
using a second server wouldn't hurt.  But again, why pay for it if
it's not a requirement.

        If you're where I think you are with Hosting, we abandoned
their DNS services quite some time ago.  Just one more useless
hop and the Ensim Pro setup is more than capable of handling the
DNS job with ease, even on the Celeron's.  We do it all in each
box, never had issues, it sends out DNS records on a regular basis
and it works like a champ.  Updates happen as soon as you do them,
whereas the Host's DNS servers have a notorious schedule.  Also 
factor they have hosted some serious spam and intrusion attempt
folks and their DNS domains aren't favored by some other servers,
so your updates may not get out as fast as doing it direct on your
boxes.  Since it comes right from you, unless you do something to
get blacklisted you're in the clear so that anyone trying to get
to your hosted sites actually makes it in short order vs. 404's.

        I know there's a ton in this post, but we've been there and
done that here so I understand your concerns.  Feel free to hit me
offlist if you want to compare notes, we can toss you towards a
few excellent resource folks out and about that know Ensim far 
better than we ever will!

      David J. Duffner
      VP Operations
      NWC Corporation
      NWCWEB.com
      
============================================
NWCWEB.com - Your Design & Hosting Solution!
Featuring Ensim Pro/Linux Servers, Hosted
Accounts, Web Design and e-Commerce services
NWC Corporation - Global e-Pay Solutions
============================================
 


-- 
Message scanned by MailScanner, and is believed to be clean.  
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pascal.maes at ELEC.UCL.AC.BE  Thu Aug 26 06:57:52 2004
From: pascal.maes at ELEC.UCL.AC.BE (Pascal Maes)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner and quarantine
Message-ID: <mailman.1108.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello

I'm looking for a "simple" way to allow the users to check their messages which
have been put in quarantine.

A web interface seems to be a good solution.
Perhaps is there a possibility to put this kind of messages in another mailbox
which could be read with an IMAP client.

Any idea ?

--
-- Pascal --
           --

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From garry at GLENDOWN.DE  Thu Aug 26 07:25:38 2004
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1109.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Kai Schaetzl wrote:
> One problem I see with the current quarantine is that you don't know which
> mail is for whom. So, the script has not only to excerpt relevant parts of
> the mail, but also the target. This involves a lot more processing and

I "fixed" that with a PHP script ... together with the
quarantine-information that MS sends to the recipient, I send a link to
the PHP script, identifying the mails by the date and the queue ID
(which should be relatively safe). That way, no additional
indentification is necessary ... In the web frontend, the user can just
click on the attachment (or the original queue file) to download it via
the browser ... works like a charm ...

Anyway, there have been requests of centrally storing recognized spam
mails instead of either delivering or deleting them, but at the moment
this would mean setting up an extra spam mailbox for every recipient
(which would be a problem with per-domain customers) ... just a thought,
not very well thought through yet:

If MS had an option "archive" that would store the queue files of a mail
in an extra directory (just like the quarantine), then add date, sender,
recipient and subject to a database table (like, e.g., MySQL; could even
be done by a shell call to allow for arbitrary backends, but that would
add to resource usage). A simple web frontend or script could then
generate an overview easily, and allow interactive downloads or
re-queues of the specified messages. Anything older than, say, 2 weeks
could be purged from the HD and the database, or when the user selects a
delete run. Authentication might be a problem, but the daily report run
could generate a session password if the recipient had not received one
before ...

I'd pitch in and do the web frontend and admin/cron backend, if somebody
took care of the perl programming changes for MS ;) Any takers?

-garry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Thu Aug 26 08:26:23 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1110.1137101199.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-26 at 03:55, David J. Duffner - NWCWEB.com wrote:
>         #3 - DON'T PANIC on load averages.  We're using MRTG and MailScanner
> MRTG and they don't agree with load averages, so you're not seeing a
> realtime accurate report!
<snip>
>     But overall you're seeing
> an illusion, we finally got a grip on it as MailScanner MRTG samples
> at a different rate and is giving us a REAL average to work with on
> loads.

Just to explain that a little.  MailScanner-MRTG samples every five
minutes and uses the five minute average load - thats the second load
average figure given by top and w.  This is handy as it means it takes
the average over its reporting period so is less prone to being messed
up by brief spikes.  A word of caution - older MSMRTG's didn't work like
that (it used the one minute average - which tended to be misleading).

Upping the RAM to 1G is a good idea, depending on your message
throughput you may be able then to put the MailScanner work directory in
tmpfs - that gives a significant performance boost so long as you have
enough physical ram (if it causes it to start swapping thats a bad
thing).
You need to get a feel for whether your system is CPU bound or IO bound,
the above trick will really help with disk IO related issues, network IO
issues can be helped by running a caching nameserver on the box itself
(very easy, theres an rpm for caching-nameserver I think, then you just
point resolv.conf and 127.0.0.1).
A load average of 3 isn't necessarily a problem anyway, so long as mail
is flowing with acceptable latency and you can cope with spikes.  Given
that your machine was able to battle through the backlog that built up
during your upgrade (hence the 30 load av) I'd say its not too
concerning (I'd still add ram, do the tmpfs thing and run a
caching-nameserver though).

Kevin




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From paul.hamilton at sme-ecom.co.uk  Thu Aug 26 08:51:18 2004
From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton)
Date: Thu Jan 12 21:26:39 2006
Subject: Filename Rules
Message-ID: <mailman.1111.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi all,

We recently wrote to the list asking for help in producing a pattern match
for allowing a certain 'EXE', contained within a 'zip', through MS without
being quarantined.

On receiving help and applying some tests and tweaks we managed to
get the pattern match to work, but only once. Everytime we remove and add
back in the pattern match and restart MS, MS will allow one message with
the attachment in question through no problem but subsequent ones it
quarantines.
Does any one know what is happening here?

Using MS 4.32.5 & SA 2.64 on Cobalt 550

The pattern match we're using is:

allow(tab)^xxxxx\_\d{8,8}_\d{6,6}\.exe$(tab)(tab)(tab)-(tab)-
allow(tab)^xxxxx\_\d{8,8}_\d{6,6}\.EXE$(tab)(tab)(tab)-(tab)-
allow(tab)^xxxxx\_\d{8,8}_\d{6,6}\.zip$(tab)(tab)(tab)-(tab)-
allow(tab)^xxxxx\_\d{8,8}_\d{6,6}\.ZIP$(tab)(tab)(tab)-(tab)-

The .zip and the enclosed .exe are made up in the following way:

 xxxxx_20040826_YYYYYY.zip
 xxxxx_20040826_YYYYYY.EXE

The only constant is the 'xxxxx' value.
The date changes daily and the 'YYYYYY' value also changes daily.

Both the 'x' and 'Y' values are numeric only, and include zero's.

Many thanks in advance.

Paul H

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Aug 26 09:20:15 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1112.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

you don't mention how many emails a day you are processing or what extra
SA rule you have (and whether using any RBL's in SA).

You also don't mention what "Max Children" setting you have - this can
have a big impact on load..

when you upgrade it will spike first of all as it's got all the backlog
to process.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> Hi,
>
> Okay, I know the question about mailscanner and server load has been
> discussed before but i this seems to be a little different.
>
> My server specs is as below :
>
> Celeron 1.3GHz, 512MB RAM, 60GB HDD, Redhat Linux 7.3, Ensim Pro 3.5.23
>
> MailScanner 4.32.5-1
> SpamAssassin 2.64
> MySql 3.23.58
> ClamAV 0.75
> MailWatch 0.5.1
> sendmail as MTA
>
> The problem is that after updating the packages, my server's load is very
> high. Before that it was around 3.5. After upgrade, it ran up to above 30
> for few 30 minutes before coming back down to around 3.0 now. I have not
> enabled SURBL yet. But the only reason i upgraded is to use SURBL. But now,
> since the load is kinda high, I am afraid to run SURBL (with SpamCopURI)
> which would definitely increase the load. I do not run DNS server locally.
> I am resolving DNS using my webhost's. Would that increase the load if I
> run SURBL?
>
> My question is, what can I do to lower the load? How much load would it
> reduce if I upgrade to 1GB RAM?
>
> What if I get another server dedicated in handling mails? This server would
> be used for websites. How would things work if I have 2 server? Anyone
> would give a simple guild to doing this? I know I would then need to run a
> DNS server which would route MX records to the 2nd server, right?
>
> Thanks in advance.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at WOFS.COM  Thu Aug 26 09:24:31 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1113.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just implemented SURBL. Server load shot up and stays around 30
making websites unaccessable. I have now edited SURBL to only check on
SPAMCOP_URI_RBL. I have disabled the other 3. Now my load averages around
12. This is still quite high.

BTW, after some monitoring using "top", I notice that my system is quite
RAM intensive. But "top" can't tell for sure. What other tools can I use to
see whether the highload is due to lots of disk accesses (due to not having
enough RAM).

At 03:26 PM 26/8/2004, you wrote:
>On Thu, 2004-08-26 at 03:55, David J. Duffner - NWCWEB.com wrote:
> >         #3 - DON'T PANIC on load averages.  We're using MRTG and
> MailScanner
> > MRTG and they don't agree with load averages, so you're not seeing a
> > realtime accurate report!
><snip>
> >     But overall you're seeing
> > an illusion, we finally got a grip on it as MailScanner MRTG samples
> > at a different rate and is giving us a REAL average to work with on
> > loads.
>
>Just to explain that a little.  MailScanner-MRTG samples every five
>minutes and uses the five minute average load - thats the second load
>average figure given by top and w.  This is handy as it means it takes
>the average over its reporting period so is less prone to being messed
>up by brief spikes.  A word of caution - older MSMRTG's didn't work like
>that (it used the one minute average - which tended to be misleading).
>
>Upping the RAM to 1G is a good idea, depending on your message
>throughput you may be able then to put the MailScanner work directory in
>tmpfs - that gives a significant performance boost so long as you have
>enough physical ram (if it causes it to start swapping thats a bad
>thing).
>You need to get a feel for whether your system is CPU bound or IO bound,
>the above trick will really help with disk IO related issues, network IO
>issues can be helped by running a caching nameserver on the box itself
>(very easy, theres an rpm for caching-nameserver I think, then you just
>point resolv.conf and 127.0.0.1).
>A load average of 3 isn't necessarily a problem anyway, so long as mail
>is flowing with acceptable latency and you can cope with spikes.  Given
>that your machine was able to battle through the backlog that built up
>during your upgrade (hence the 30 load av) I'd say its not too
>concerning (I'd still add ram, do the tmpfs thing and run a
>caching-nameserver though).
>
>Kevin
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Thu Aug 26 09:38:58 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1114.1137101199.24926.mailscanner@lists.mailscanner.info>

>BTW, after some monitoring using "top", I notice that my system is
quite
>RAM intensive. But "top" can't tell for sure. What other tools can I
use to
>see whether the highload is due to lots of disk accesses (due to not
having
>enough RAM).


vmstat




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Aug 26 09:39:48 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1115.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

surbl of pretty good at keeping the load DOWN, especially in comparison
to the fixed rules lists it replaced (bigevil etc).

Have you got a local DNS server (caching or normal) running on this
machine? If not I heavily suggest you install a caching name server on
the MailScanner box.

Also what extra SA rules have you got installed???

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> I have just implemented SURBL. Server load shot up and stays around 30
> making websites unaccessable. I have now edited SURBL to only check on
> SPAMCOP_URI_RBL. I have disabled the other 3. Now my load averages around
> 12. This is still quite high.
>
> BTW, after some monitoring using "top", I notice that my system is quite
> RAM intensive. But "top" can't tell for sure. What other tools can I use to
> see whether the highload is due to lots of disk accesses (due to not having
> enough RAM).
>
> At 03:26 PM 26/8/2004, you wrote:
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Thu Aug 26 09:41:57 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1116.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi!

> I have just implemented SURBL. Server load shot up and stays around 30
> making websites unaccessable. I have now edited SURBL to only check on
> SPAMCOP_URI_RBL. I have disabled the other 3. Now my load averages around
> 12. This is still quite high.
>
> BTW, after some monitoring using "top", I notice that my system is quite
> RAM intensive. But "top" can't tell for sure. What other tools can I use to
> see whether the highload is due to lots of disk accesses (due to not having
> enough RAM).

This question would be more in its place on the SURBL mailinglists i
think. But, do you have local caching servers for the DNS zones ? And,
whats the mailvolume and machine specs you are using ?

Bye,
raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 09:42:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1117.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you seen this option:

# What character set do you want to use for the attachment that
# replaces viruses (VirusWarning.txt)?
# The default is "us-ascii" but if you speak anything other than
# English, you will probably want "ISO-8859-1" instead.
# This can also be the filename of a ruleset.
Attachment Encoding Charset = us-ascii

Does it help you at all?

At 22:45 25/08/2004, you wrote:
>When adding a signature, MailScanner adds this line:
>MIME-Version: 1.0
>
>But appearently this line also requires a charset-line.
>
>Because later in the chain of sendmails, when the next receiving mailserver
>doesn't accept 8-bit, this get added, and an exchange-server can't read the
>message:
>
>Content-Type: text/plain; charset=unknown-8bit
>Content-Transfer-Encoding: quoted-printable
>X-MIME-Autoconverted: from 8bit to quoted-printable by
>
>In comp.mail.sendmail I got this:
>
>"Actually the fact that using MailScanner causes the problem implies that
>it (or perhaps your configuration of it) is rather broken - either it
>drops an existing charset= parameter that was correct, or it adds some
>MIME-part that needs a charset= parameter (due to not being US-ASCII)
>but doesn't have one, or it adds "raw 8-bit" text to a (non-MIME)
>message that didn't have any originally. Or something like that.
>
>--Per Hedeland
>per@hedeland.org"
>
>Could we get this fixed? :-)
>
>Leif
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Aug 26 10:51:23 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1118.1137101199.24926.mailscanner@lists.mailscanner.info>

> I have just implemented SURBL. Server load shot up and stays
> around 30 making websites unaccessable. I have now edited
> SURBL to only check on SPAMCOP_URI_RBL. I have disabled the
> other 3. Now my load averages around 12. This is still quite high.

It sounds to me like you have some static rulesets still in there



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Thu Aug 26 13:31:49 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1119.1137101199.24926.mailscanner@lists.mailscanner.info>

Garry Glendown wrote on         Thu, 26 Aug 2004 08:25:38 +0200:

> I "fixed" that with a PHP script ... together with the
> quarantine-information that MS sends to the recipient, I send a link to
> the PHP script, identifying the mails by the date and the queue ID
> (which should be relatively safe).

But this implies that you send a mail for each quarantined spam. The 
objective is to avoid sending dozens or hundreds of notification mails to 
users but send only a report x times a day to the final target user (no 
matter what the email address is).

> If MS had an option "archive" that would store the queue files of a mail
> in an extra directory (just like the quarantine), then add date, sender,
> recipient and subject to a database table (like, e.g., MySQL; could even
> be done by a shell call to allow for arbitrary backends, but that would
> add to resource usage). A simple web frontend or script could then
> generate an overview easily, and allow interactive downloads or
> re-queues of the specified messages.

That all exists: Mailwatch and the MailScanner quarantine. I already 
mentioned it. It just doesn't have a scheduled report system and a release 
system via mail.




Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Thu Aug 26 14:14:07 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1120.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Have you seen this option:
>
> # What character set do you want to use for the attachment that
> # replaces viruses (VirusWarning.txt)?
> # The default is "us-ascii" but if you speak anything other than
> # English, you will probably want "ISO-8859-1" instead.
> # This can also be the filename of a ruleset.
> Attachment Encoding Charset = us-ascii
>
> Does it help you at all?

Actually, I had to rewrite my signature so it would not contain any 
accented character because this (which I have set to "ISO-8859-1") 
doesn't help if you just sign messages and you don't have to add the 
viruswarning.txt file.

The email charset is applied to the signature.  When that carset is 
incompatible with my "ISO-8859-1" characters, the results are pretty 
useless.

Denis

>
> At 22:45 25/08/2004, you wrote:
>
>> When adding a signature, MailScanner adds this line:
>> MIME-Version: 1.0
>>
>> But appearently this line also requires a charset-line.
>>
>> Because later in the chain of sendmails, when the next receiving 
>> mailserver
>> doesn't accept 8-bit, this get added, and an exchange-server can't 
>> read the
>> message:
>>
>> Content-Type: text/plain; charset=unknown-8bit
>> Content-Transfer-Encoding: quoted-printable
>> X-MIME-Autoconverted: from 8bit to quoted-printable by
>>
>> In comp.mail.sendmail I got this:
>>
>> "Actually the fact that using MailScanner causes the problem implies 
>> that
>> it (or perhaps your configuration of it) is rather broken - either it
>> drops an existing charset= parameter that was correct, or it adds some
>> MIME-part that needs a charset= parameter (due to not being US-ASCII)
>> but doesn't have one, or it adds "raw 8-bit" text to a (non-MIME)
>> message that didn't have any originally. Or something like that.
>>
>> --Per Hedeland
>> per@hedeland.org"
>>
>> Could we get this fixed? :-)
>>
>> Leif
>>

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 14:34:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1121.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
As I just tack the signature on the end of the message for compatibility
with the mail clients, if I just get a message without a charset setting in
it, I don't know what it might be. I think my only option would be to add
the MIME-Version header with the charset parameter's value taken from
MailScanner.conf. But I don't think that actually helps at all.

Do I actually have enough information available to work out what the right
answer is? At the moment, I don't think so.

At 14:14 26/08/2004, you wrote:
>Julian Field wrote:
>
>>Have you seen this option:
>>
>># What character set do you want to use for the attachment that
>># replaces viruses (VirusWarning.txt)?
>># The default is "us-ascii" but if you speak anything other than
>># English, you will probably want "ISO-8859-1" instead.
>># This can also be the filename of a ruleset.
>>Attachment Encoding Charset = us-ascii
>>
>>Does it help you at all?
>
>Actually, I had to rewrite my signature so it would not contain any
>accented character because this (which I have set to "ISO-8859-1") doesn't
>help if you just sign messages and you don't have to add the
>viruswarning.txt file.
>
>The email charset is applied to the signature.  When that carset is
>incompatible with my "ISO-8859-1" characters, the results are pretty useless.
>
>Denis
>
>>
>>At 22:45 25/08/2004, you wrote:
>>
>>>When adding a signature, MailScanner adds this line:
>>>MIME-Version: 1.0
>>>
>>>But appearently this line also requires a charset-line.
>>>
>>>Because later in the chain of sendmails, when the next receiving mailserver
>>>doesn't accept 8-bit, this get added, and an exchange-server can't read the
>>>message:
>>>
>>>Content-Type: text/plain; charset=unknown-8bit
>>>Content-Transfer-Encoding: quoted-printable
>>>X-MIME-Autoconverted: from 8bit to quoted-printable by
>>>
>>>In comp.mail.sendmail I got this:
>>>
>>>"Actually the fact that using MailScanner causes the problem implies that
>>>it (or perhaps your configuration of it) is rather broken - either it
>>>drops an existing charset= parameter that was correct, or it adds some
>>>MIME-part that needs a charset= parameter (due to not being US-ASCII)
>>>but doesn't have one, or it adds "raw 8-bit" text to a (non-MIME)
>>>message that didn't have any originally. Or something like that.
>>>
>>>--Per Hedeland
>>>per@hedeland.org"
>>>
>>>Could we get this fixed? :-)
>>>
>>>Leif

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug 26 15:12:31 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1122.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> My question is, what can I do to lower the load? How much load would it
> reduce if I upgrade to 1GB RAM?

Is your system swapping?

What is the output of free?

What is the output of

vmstat 2

(ctrl-c to stop, post a few lines)

?

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Thu Aug 26 15:32:09 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1123.1137101199.24926.mailscanner@lists.mailscanner.info>

I found this thread to be interesting as I have just had to upgrade my
motherboard and ram because the machine was choking. However, in an effort
to determine how well the machine is doing now, I wonder if someone would be
so kind as to comment on the output of free and vmstat 2 I have posted
below. I was not familiar with these tools so I am not sure how to read them
so if someone would comment on the perceived performance of my machine based
on this output and also a brief explanation of how to interpret this output
(what does it all mean ;-)

Free:

             total       used       free     shared    buffers     cached
Mem:       1014712     966252      48460          0     142552     467144
-/+ buffers/cache:     356556     658156
Swap:      1020088     187928     832160

Vmstat 2:

   procs                      memory      swap          io     system
cpu
 r  b  w   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id
 1  0  0 187924  48384 142620 467112    1    6    23    39   20    10  4  1
4
 0  0  0 187924  48384 142628 467104    0    0     0    32  106   236  0  0
100
 0  0  0 187924  48384 142628 467104    0    0     0     0  105   226  0  0
100
 1  0  0 187924  48376 142644 467096    0    0     0    88  126   259  0  0
100
 1  0  0 187924  48376 142644 467096    0    0     0     0  103   225  0  0
100
 1  0  0 187924  38404 142644 467116    0    0     0    78  135   289  7  1
91
 3  0  0 187924  45572 142668 467116    0    0     0   110  115   247 58 32
10
 1  0  0 187924  48204 142676 467100    0    0     0   104  113   250 18 10
72
 1  0  0 187924  48204 142680 467100    0    0     0   120  108   233  0  0
100
 1  0  0 187924  48196 142680 467100    0    0     0    14  111   238  0  0
100
 1  0  0 187924  48204 142680 467100    0    0     0    12  109   234  0  0
100
 1  0  0 187924  48204 142696 467084    0    0     0    60  107   234  0  0
100
 1  0  0 187924  48204 142696 467084    0    0     0     0  105   227  0  0
100
 1  0  0 187924  48204 142696 467084    0    0     0    14  106   226  0  0
100
 2  0  1 187924  48204 142696 467084    0    0     0     0  102   226  0  0
100

Thanks,

Dave

PS ... Sorry to jump into this conversation but I wanted my question to be
in context.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Ugo Bellavance
Sent: Thursday, August 26, 2004 10:13 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailscanner and server load

> My question is, what can I do to lower the load? How much load would
> it reduce if I upgrade to 1GB RAM?

Is your system swapping?

What is the output of free?

What is the output of

vmstat 2

(ctrl-c to stop, post a few lines)

?

Ugo

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From garry at GLENDOWN.DE  Thu Aug 26 15:57:09 2004
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:26:39 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1124.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Kai Schaetzl wrote:

 > Garry Glendown wrote on         Thu, 26 Aug 2004 08:25:38 +0200:
 >
 >
 >> I "fixed" that with a PHP script ... together with the
 >> quarantine-information that MS sends to the recipient, I send a link to
 >> the PHP script, identifying the mails by the date and the queue ID
 >> (which should be relatively safe).
 >
 >
 >
 > But this implies that you send a mail for each quarantined spam. The
objective is to avoid sending dozens or hundreds of notification mails
to users but send only a report x times a day to the final target user
(no matter what the email address is).


No, that was the QUARANTINE file function ... i.e., viruses, blocked
file types, etc ... stuff that already has a recipient and where only
the attachment is stripped from the email ...

 >> If MS had an option "archive" that would store the queue files of a mail
 >> in an extra directory (just like the quarantine), then add date, sender,
 >> recipient and subject to a database table (like, e.g., MySQL; could even
 >> be done by a shell call to allow for arbitrary backends, but that would
 >> add to resource usage). A simple web frontend or script could then
 >> generate an overview easily, and allow interactive downloads or
 >> re-queues of the specified messages.
 >
 >
 >
 > That all exists: Mailwatch and the MailScanner quarantine. I already
mentioned it. It just doesn't have a scheduled report system and a
release system via mail.


OK; just noticed the "store" option in the MS config ... So I guess all
that we need is the frontend then ... of course it doesn't make sense to
inform the recipient of every single email ... ;)

I might look into this some time soon ... sounds doable ...


-gg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Thu Aug 26 16:21:57 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1125.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Is that all not similar to my request?
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0407&L=mailscanner&T=0&F=&S=&P=112807

Sorry for my bad english...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Aug 26 16:26:46 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1126.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave Filchak wrote:

> I found this thread to be interesting as I have just had to upgrade my
> motherboard and ram because the machine was choking. However, in an effort
> to determine how well the machine is doing now, I wonder if someone would be
> so kind as to comment on the output of free and vmstat 2 I have posted
> below. I was not familiar with these tools so I am not sure how to read them
> so if someone would comment on the perceived performance of my machine based
> on this output and also a brief explanation of how to interpret this output
> (what does it all mean ;-)
>
> Free:
>
>              total       used       free     shared    buffers     cached
> Mem:       1014712     966252      48460          0     142552     467144
> -/+ buffers/cache:     356556     658156
> Swap:      1020088     187928     832160

Here you can see that your physical ram is 1 GB, that you've got 48 MB
free, plus 658 MB free in the kernel buffer/cache.

You are using 187 MB of swap

>
> Vmstat 2:
>
>    procs                      memory      swap          io     system
> cpu
>  r  b  w   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
> id
>  1  0  0 187924  48384 142620 467112    1    6    23    39   20    10  4  1
> 4
>  0  0  0 187924  48384 142628 467104    0    0     0    32  106   236  0  0
> 100
>  0  0  0 187924  48384 142628 467104    0    0     0     0  105   226  0  0
> 100
>  1  0  0 187924  48376 142644 467096    0    0     0    88  126   259  0  0
> 100

First column: r : how many processes are waiting for cpu time.  You've
got only 1 or 0 idle system or almost.

Second column: b: how many processes are waiting for i/o operation,
you've got almost nothing ther.

Third column: w : (according to the man page) w: The number of processes
swapped out but otherwise runnable.  This field is calculated, but Linux
never desperation swaps.

Then I look at the si and so columns:

si: Amount of memory swapped in from disk (kB/s).
so: Amount of memory swapped to disk (kB/s).

so you're barely swapping.

For the rest, please see the man page, it is clear and complete.

>
> Thanks,
>
> Dave
>
> PS ... Sorry to jump into this conversation but I wanted my question to be
> in context.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Thu Aug 26 16:28:31 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:39 2006
Subject: IPBlock question
Message-ID: <mailman.1127.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello Julian,

I use IPBlock and like it a lot.  I would like to be warned when a host 
is blocked.

We have setup syslog to send us every hour all critical messages.  I 
looked into MS but it does not want to issue "crit" syslog messages.

I tried the following modification to the IPBlock code:
    MailScanner::Log::InfoLog("IPBlock: Adding block for %s", $ip);
    # Added DB 20040826
    MailScanner::Log::LogText("IPBlock: Adding block for $ip", 'crit');

Do you believe this will work?  I restarted MS and got no error message 
but I was not sure if it would also log the message as critical.

Thanks again for saving our users from the bad guys!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 16:53:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: IPBlock question
Message-ID: <mailman.1128.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:28 26/08/2004, you wrote:
>Hello Julian,
>
>I use IPBlock and like it a lot.  I would like to be warned when a host is
>blocked.
>
>We have setup syslog to send us every hour all critical messages.  I
>looked into MS but it does not want to issue "crit" syslog messages.
>
>I tried the following modification to the IPBlock code:
>    MailScanner::Log::InfoLog("IPBlock: Adding block for %s", $ip);
>    # Added DB 20040826
>    MailScanner::Log::LogText("IPBlock: Adding block for $ip", 'crit');
>
>Do you believe this will work?  I restarted MS and got no error message
>but I was not sure if it would also log the message as critical.

That should work just fine. The only difference will be that the message
will not be output on STDERR as well.

>Thanks again for saving our users from the bad guys!

No worries :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 17:02:07 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1129.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This should be fairly easy to do.

>Hello,
>i would like to ask if it is possible to add a new header to e-mails sent from
>postmaster:
>
>Content-Type: text/plain; charset=<encoding>
>
>(<encoding> would be iso-8859-2 for me)
>Now, i can translate all warnings sent by mailscanner to my language but all
>national fonts are not displayed properly. Ofcourse i can omit them but that
>looks a little bit wired...
>Now we have "Attachment Encoding Charset" - maybe mailscanner would set
>charset
>in Content-Type using a value of this option?
>
>Regards,
>Marcin

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Thu Aug 26 17:23:06 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1130.1137101199.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
> As I just tack the signature on the end of the message for
> compatibility with the mail clients, if I just get a message without
> a charset setting in it, I don't know what it might be. I think my
> only option would be to add the MIME-Version header with the charset
> parameter's value taken from MailScanner.conf. But I don't think that
> actually helps at all.
>
> Do I actually have enough information available to work out what the
> right answer is? At the moment, I don't think so.
>
When sendmail converts from 8 to 7 bit mime, it can be configured to a
default charset, which I have set to iso-8859-1.

So MailScanner should assume the same, if the sender hasn't set a charset.

Do you actually know if the sender has set a charset at the time you add the
mime header?

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wppiphoto at wppi.com  Thu Aug 26 17:25:59 2004
From: wppiphoto at wppi.com (SW)
Date: Thu Jan 12 21:26:39 2006
Subject: Error message...any ideas? {Scanned}
Message-ID: <mailman.1131.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi,

Just started getting this message from my server and I'm trying to figure
out why:

 ----- The following addresses had permanent fatal errors -----
namaste

   ----- Transcript of session follows -----
The -P option has been removed.
write failed to Bayes journal /home/namaste/.spamassassin/bayes_journal (0
of 4028)!
procmail: Quota exceeded while writing "/var/spool/mail/namaste"
550 namaste... Can't create output
--------------------------

I'm not sure who is namaste? I didn't send out an e-mail to that user. This
happens on every message I send out to valid e-mail addresses. Also, I tried
to look in my server for the above path /home/namaste/... and I don't have
such a path. Does anyone know what is the problem? BTW, I have not updated
anything on this server except the daily checks of our anti-virus programs.

Thanks,

SW



-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Thu Aug 26 17:30:16 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1132.1137101199.24926.mailscanner@lists.mailscanner.info>

Thanks for this. I will check the man as well.

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Ugo Bellavance
Sent: Thursday, August 26, 2004 11:27 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailscanner and server load

Dave Filchak wrote:

> I found this thread to be interesting as I have just had to upgrade my
> motherboard and ram because the machine was choking. However, in an
> effort to determine how well the machine is doing now, I wonder if
> someone would be so kind as to comment on the output of free and
> vmstat 2 I have posted below. I was not familiar with these tools so I
> am not sure how to read them so if someone would comment on the
> perceived performance of my machine based on this output and also a
> brief explanation of how to interpret this output (what does it all
> mean ;-)
>
> Free:
>
>              total       used       free     shared    buffers     cached
> Mem:       1014712     966252      48460          0     142552     467144
> -/+ buffers/cache:     356556     658156
> Swap:      1020088     187928     832160

Here you can see that your physical ram is 1 GB, that you've got 48 MB free,
plus 658 MB free in the kernel buffer/cache.

You are using 187 MB of swap

>
> Vmstat 2:
>
>    procs                      memory      swap          io     system
> cpu
>  r  b  w   swpd   free   buff  cache   si   so    bi    bo   in    cs us
sy
> id
>  1  0  0 187924  48384 142620 467112    1    6    23    39   20    10  4
1
> 4
>  0  0  0 187924  48384 142628 467104    0    0     0    32  106   236  0
0
> 100
>  0  0  0 187924  48384 142628 467104    0    0     0     0  105   226  0
0
> 100
>  1  0  0 187924  48376 142644 467096    0    0     0    88  126   259  0
0
> 100

First column: r : how many processes are waiting for cpu time.  You've got
only 1 or 0 idle system or almost.

Second column: b: how many processes are waiting for i/o operation, you've
got almost nothing ther.

Third column: w : (according to the man page) w: The number of processes
swapped out but otherwise runnable.  This field is calculated, but Linux
never desperation swaps.

Then I look at the si and so columns:

si: Amount of memory swapped in from disk (kB/s).
so: Amount of memory swapped to disk (kB/s).

so you're barely swapping.

For the rest, please see the man page, it is clear and complete.

>
> Thanks,
>
> Dave
>
> PS ... Sorry to jump into this conversation but I wanted my question
> to be in context.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 17:37:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1133.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:23 26/08/2004, you wrote:
>Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
> > As I just tack the signature on the end of the message for
> > compatibility with the mail clients, if I just get a message without
> > a charset setting in it, I don't know what it might be. I think my
> > only option would be to add the MIME-Version header with the charset
> > parameter's value taken from MailScanner.conf. But I don't think that
> > actually helps at all.
> >
> > Do I actually have enough information available to work out what the
> > right answer is? At the moment, I don't think so.
> >
>When sendmail converts from 8 to 7 bit mime, it can be configured to a
>default charset, which I have set to iso-8859-1.
>
>So MailScanner should assume the same, if the sender hasn't set a charset.

How is it going to discover the default charset? And somehow this has got
to be configured in a way that less-experienced sys admins are actually
going to understand. No point adding a feature if 99% of people don't
understand it :(

>Do you actually know if the sender has set a charset at the time you add the
>mime header?

I think so, yes. I only add the MIME-Version header if it isn't already
there. So I could add the Content-Type header if there is no MIME-Version
header. But unfortunately, what do I put for the MIME type? My email client
displays a message as html even if there is just a "Content-Type:
text/plain" header, or no Content-Type header at all. Not sure I can get
all the information I need to do "the right thing". I can't add the charset
unless I also set the MIME type, and I can't guess the MIME type if it
isn't already there.

Thoughts?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sconway at WLNET.COM  Thu Aug 26 17:53:27 2004
From: sconway at WLNET.COM (Stephen Conway)
Date: Thu Jan 12 21:26:39 2006
Subject: Disable Postmaster Warnings?
Message-ID: <mailman.1134.1137101199.24926.mailscanner@lists.mailscanner.info>

Good day:

I am wondering what to put in config file, if I want to disable the notices
going to postmster?  I think it is this setting:

Notices To = postmaster

Can I put 'Notices To = NONE ?

Thanks,

Steve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Thu Aug 26 18:02:33 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:39 2006
Subject: Disable Postmaster Warnings?
Message-ID: <mailman.1135.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Stephen Conway wrote:

> Good day:
>
> I am wondering what to put in config file, if I want to disable the notices
> going to postmster?  I think it is this setting:
>
> Notices To = postmaster
>
> Can I put 'Notices To = NONE ?

Use this instead:

# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Thu Aug 26 18:04:17 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1136.1137101199.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-08-26 at 17:37, Julian Field wrote:
> I think so, yes. I only add the MIME-Version header if it isn't already
> there. So I could add the Content-Type header if there is no MIME-Version
> header. But unfortunately, what do I put for the MIME type? My email client
> displays a message as html even if there is just a "Content-Type:
> text/plain" header, or no Content-Type header at all. Not sure I can get
> all the information I need to do "the right thing". I can't add the charset
> unless I also set the MIME type, and I can't guess the MIME type if it
> isn't already there.
>
> Thoughts?

Well, you could use file -i on the message body, but I suspect that
isn't going to be as portable as one might hope.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 18:05:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Disable Postmaster Warnings?
Message-ID: <mailman.1137.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:53 26/08/2004, you wrote:
>Good day:
>
>I am wondering what to put in config file, if I want to disable the notices
>going to postmster?  I think it is this setting:
>
>Notices To = postmaster
>
>Can I put 'Notices To = NONE ?

No, just put
Notices To =
without anything on the right hand side.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 18:09:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1138.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I assume I can set it to always be text/plain?

At 17:02 26/08/2004, you wrote:
>This should be fairly easy to do.
>
>>Hello,
>>i would like to ask if it is possible to add a new header to e-mails sent
>>from
>>postmaster:
>>
>>Content-Type: text/plain; charset=<encoding>
>>
>>(<encoding> would be iso-8859-2 for me)
>>Now, i can translate all warnings sent by mailscanner to my language but all
>>national fonts are not displayed properly. Ofcourse i can omit them but that
>>looks a little bit wired...
>>Now we have "Attachment Encoding Charset" - maybe mailscanner would set
>>charset
>>in Content-Type using a value of this option?
>>
>>Regards,
>>Marcin
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 18:38:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1139.1137101199.24926.mailscanner@lists.mailscanner.info>

Try the attached patch and let me know if it solves the problem for you.
Note that some of the report files in the supplied setup already contain
all the headers, so you can just edit those reports.

At 18:09 26/08/2004, you wrote:
>I assume I can set it to always be text/plain?
>
>At 17:02 26/08/2004, you wrote:
>>This should be fairly easy to do.
>>
>>>Hello,
>>>i would like to ask if it is possible to add a new header to e-mails sent
>>>from
>>>postmaster:
>>>
>>>Content-Type: text/plain; charset=<encoding>
>>>
>>>(<encoding> would be iso-8859-2 for me)
>>>Now, i can translate all warnings sent by mailscanner to my language but all
>>>national fonts are not displayed properly. Ofcourse i can omit them but that
>>>looks a little bit wired...
>>>Now we have "Attachment Encoding Charset" - maybe mailscanner would set
>>>charset
>>>in Content-Type using a value of this option?
>>>
>>>Regards,
>>>Marcin
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "Message.pm.charset.patch")  ]
    [ 3KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From kodak at FRONTIERHOMEMORTGAGE.COM  Thu Aug 26 19:03:56 2004
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:26:39 2006
Subject: OT:  Kooky religious spam
Message-ID: <mailman.1140.1137101199.24926.mailscanner@lists.mailscanner.info>

Is anyone else getting weird 7th day adventist /
anti-catholic spam?

I keep getting something that appears to be a
joe-jobbing attempt towards an anti spam
crusader that consists of some incoherent
religious babbling.  The mail contains a
line that says "FOR MORE INFO ABOUT MAILS"
and lists the url of what seems to be an
anti-spam guy.

I googled the message and I find similar
messages sans the URL, which is what leads
me to believe it's a joe jobbing.

MailScanner is marking it as high scoring spam
so I'm not worried, it's just weird and weird
warrants discussion.

Thanks,

--J(K)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 19:04:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1141.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:04 26/08/2004, you wrote:
>On Thu, 2004-08-26 at 17:37, Julian Field wrote:
> > I think so, yes. I only add the MIME-Version header if it isn't already
> > there. So I could add the Content-Type header if there is no MIME-Version
> > header. But unfortunately, what do I put for the MIME type? My email client
> > displays a message as html even if there is just a "Content-Type:
> > text/plain" header, or no Content-Type header at all. Not sure I can get
> > all the information I need to do "the right thing". I can't add the charset
> > unless I also set the MIME type, and I can't guess the MIME type if it
> > isn't already there.
> >
> > Thoughts?
>
>Well, you could use file -i on the message body, but I suspect that
>isn't going to be as portable as one might hope.

Not portable, and very slow :-(
I need a portable, fast way of doing it. I don't want to look at the
message body content at all.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Thu Aug 26 19:35:45 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1142.1137101199.24926.mailscanner@lists.mailscanner.info>

You should add that even though you only have 48 MB free ram most of it
has been place into the  -/+ buffers/cache Linux does this to make
accessing the ram faster. so really you have 706 mb of memory available
to the system.

If you use free -m it shows it in MB. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Ugo Bellavance
Sent: Thursday, August 26, 2004 8:27 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailscanner and server load

Dave Filchak wrote:

> I found this thread to be interesting as I have just had to upgrade my

> motherboard and ram because the machine was choking. However, in an 
> effort to determine how well the machine is doing now, I wonder if 
> someone would be so kind as to comment on the output of free and 
> vmstat 2 I have posted below. I was not familiar with these tools so I

> am not sure how to read them so if someone would comment on the 
> perceived performance of my machine based on this output and also a 
> brief explanation of how to interpret this output (what does it all 
> mean ;-)
>
> Free:
>
>              total       used       free     shared    buffers
cached
> Mem:       1014712     966252      48460          0     142552
467144
> -/+ buffers/cache:     356556     658156
> Swap:      1020088     187928     832160

Here you can see that your physical ram is 1 GB, that you've got 48 MB
free, plus 658 MB free in the kernel buffer/cache.

You are using 187 MB of swap

>
> Vmstat 2:
>
>    procs                      memory      swap          io     system
> cpu
>  r  b  w   swpd   free   buff  cache   si   so    bi    bo   in    cs
us sy
> id
>  1  0  0 187924  48384 142620 467112    1    6    23    39   20    10
4  1
> 4
>  0  0  0 187924  48384 142628 467104    0    0     0    32  106   236
0  0
> 100
>  0  0  0 187924  48384 142628 467104    0    0     0     0  105   226
0  0
> 100
>  1  0  0 187924  48376 142644 467096    0    0     0    88  126   259
0  0
> 100

First column: r : how many processes are waiting for cpu time.  You've
got only 1 or 0 idle system or almost.

Second column: b: how many processes are waiting for i/o operation,
you've got almost nothing ther.

Third column: w : (according to the man page) w: The number of processes
swapped out but otherwise runnable.  This field is calculated, but Linux
never desperation swaps.

Then I look at the si and so columns:

si: Amount of memory swapped in from disk (kB/s).
so: Amount of memory swapped to disk (kB/s).

so you're barely swapping.

For the rest, please see the man page, it is clear and complete.

>
> Thanks,
>
> Dave
>
> PS ... Sorry to jump into this conversation but I wanted my question 
> to be in context.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Thu Aug 26 19:43:39 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1143.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Philip Parsons wrote:

> You should add that even though you only have 48 MB free ram most of it
> has been place into the  -/+ buffers/cache Linux does this to make
> accessing the ram faster. so really you have 706 mb of memory available
> to the system.

Yes, I wrote 658 plus 48, that totals ~706 MB

>
> If you use free -m it shows it in MB.

Thanks, I didn't know.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Thu Aug 26 20:13:03 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:39 2006
Subject: Kooky religious spam
Message-ID: <mailman.1144.1137101199.24926.mailscanner@lists.mailscanner.info>

Isn't MOST religious conversation incoherent babbling? :)

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jason Balicki
Sent: Thursday, August 26, 2004 1:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: OT: Kooky religious spam

Is anyone else getting weird 7th day adventist / anti-catholic spam?

I keep getting something that appears to be a joe-jobbing attempt towards an
anti spam crusader that consists of some incoherent religious babbling.  The
mail contains a line that says "FOR MORE INFO ABOUT MAILS"
and lists the url of what seems to be an anti-spam guy.

I googled the message and I find similar messages sans the URL, which is
what leads me to believe it's a joe jobbing.

MailScanner is marking it as high scoring spam so I'm not worried, it's just
weird and weird warrants discussion.

Thanks,

--J(K)

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Aug 26 20:17:03 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:39 2006
Subject: Kooky religious spam
Message-ID: <mailman.1145.1137101199.24926.mailscanner@lists.mailscanner.info>

Mike Kercher wrote:
> Isn't MOST religious conversation incoherent babbling? :)

Only to infidels! ;-)

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 20:22:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Kooky religious spam
Message-ID: <mailman.1146.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:17 26/08/2004, you wrote:
>Mike Kercher wrote:
> > Isn't MOST religious conversation incoherent babbling? :)
>
>Only to infidels! ;-)

You better be very sure this won't turn into a flame war...
Talk about dangerous ground :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kodak at FRONTIERHOMEMORTGAGE.COM  Thu Aug 26 20:33:29 2004
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:26:39 2006
Subject: Kooky religious spam
Message-ID: <mailman.1147.1137101199.24926.mailscanner@lists.mailscanner.info>

Julian Field <> wrote:
> At 20:17 26/08/2004, you wrote:
>> Mike Kercher wrote:
>>> Isn't MOST religious conversation incoherent babbling? :)
>>
>> Only to infidels! ;-)
>
> You better be very sure this won't turn into a flame war...
> Talk about dangerous ground :-)

I was very careful to word my first message as to
convey that it was that it was only that particular
spam that was filled with incoherent religious babbling,
completely disregarding my personal beliefs (or lack
thereof) on the subject.

But hey, as long as we're jokingly bashing:  I'm
with Mike on this one. :)

--J(K)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Aug 26 20:35:18 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:39 2006
Subject: Kooky religious spam
Message-ID: <mailman.1148.1137101199.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> At 20:17 26/08/2004, you wrote:
>> Mike Kercher wrote:
>>> Isn't MOST religious conversation incoherent babbling? :)
>>
>> Only to infidels! ;-)
>
> You better be very sure this won't turn into a flame war...
> Talk about dangerous ground :-)

Yes - hence the smilies.  A toungue in cheek retort is as far as I care to
go w/it it...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner-user at NELAND.DK  Thu Aug 26 20:53:17 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1149.1137101199.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
> At 18:04 26/08/2004, you wrote:
>> On Thu, 2004-08-26 at 17:37, Julian Field wrote:
>>> I think so, yes. I only add the MIME-Version header if it isn't
>>> already there. So I could add the Content-Type header if there is
>>> no MIME-Version header. But unfortunately, what do I put for the
>>> MIME type? My email client displays a message as html even if there
>>> is just a "Content-Type: text/plain" header, or no Content-Type
>>> header at all. Not sure I can get all the information I need to do
>>> "the right thing". I can't add the charset unless I also set the
>>> MIME type, and I can't guess the MIME type if it isn't already
>>> there.
>>>
>>> Thoughts?
>>
>> Well, you could use file -i on the message body, but I suspect that
>> isn't going to be as portable as one might hope.
>
> Not portable, and very slow :-(
> I need a portable, fast way of doing it. I don't want to look at the
> message body content at all.

Do as sendmail. Let the sysadm put a default value to be used when the
sender didn't put a charset in.

If the sysadm used the wrong charset at least the message will be delivered.
As it is now, the message ends up as an attachment if it is being sent to an
exchange-server.

So far I've only seen the problem with messages generated from applications,
e.g. mailing lists or webforms.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Aug 26 21:01:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1150.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:53 26/08/2004, you wrote:
>Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
> > At 18:04 26/08/2004, you wrote:
> >> On Thu, 2004-08-26 at 17:37, Julian Field wrote:
> >>> I think so, yes. I only add the MIME-Version header if it isn't
> >>> already there. So I could add the Content-Type header if there is
> >>> no MIME-Version header. But unfortunately, what do I put for the
> >>> MIME type? My email client displays a message as html even if there
> >>> is just a "Content-Type: text/plain" header, or no Content-Type
> >>> header at all. Not sure I can get all the information I need to do
> >>> "the right thing". I can't add the charset unless I also set the
> >>> MIME type, and I can't guess the MIME type if it isn't already
> >>> there.
> >>>
> >>> Thoughts?
> >>
> >> Well, you could use file -i on the message body, but I suspect that
> >> isn't going to be as portable as one might hope.
> >
> > Not portable, and very slow :-(
> > I need a portable, fast way of doing it. I don't want to look at the
> > message body content at all.
>
>Do as sendmail. Let the sysadm put a default value to be used when the
>sender didn't put a charset in.

But it needs a mime type as well as a charset, and I have no way of finding
the correct mime type.

>If the sysadm used the wrong charset at least the message will be delivered.
>As it is now, the message ends up as an attachment if it is being sent to an
>exchange-server.

How big a problem is that?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dave at DIFFERENCE.COM.AU  Thu Aug 26 21:22:43 2004
From: dave at DIFFERENCE.COM.AU (David Cake)
Date: Thu Jan 12 21:26:39 2006
Subject: mail not delivered sendmail debian
Message-ID: <mailman.1151.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
        Just recently I upgraded my sendmail, MailScanner,
spamassassin debian unstable server, and it stopped working.
        I am running MailScanner as user/group smmsp/smmsp, and had
the standard sendmail two queues, /var/spool/mqueue and
/var/spool/mqueue.in setup.
        After much badgering with permissions, etc it still doesn't
work. It appears to be completely working right up until the moment
it should move mail from one queue to the other, but I receive no
error message and mail is never delivered.
        Everything appears to be working, no error message anymore
from sendmail (well, it does complain that my permissions are too
liberal, but it works fine).
        And when I run Mailscanner in daemon mode, all there is in
the logs in the relatively benign
Aug 27 04:14:28 hostname MailScanner[6016]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 27 04:14:34 hostname MailScanner[6016]: Using locktype = flock
        When I run it in debug mode, I get a lot of cheerful messages
about the operation of spamassasin and razor, no error messages.
        The problem appears to be that, although mqueue.in is
definitely writable, messages are written to it as
-rw-r-----  1 root smmsp
        which presumably means that although MailScanner can read
them and classify them as spam or ham or virus, it can't actually
move them out of the directory. Any ideas how to configure sendmail
correctly to work with MailScanner, or MailScanner to work with
sendmail?
        Regards
                David

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Thu Aug 26 23:55:08 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1152.1137101199.24926.mailscanner@lists.mailscanner.info>

>> Do as sendmail. Let the sysadm put a default value to be used when
>> the sender didn't put a charset in.
>
> But it needs a mime type as well as a charset, and I have no way of
> finding the correct mime type.
>
I've only seen the problem on "machine-generated" mail, which is only
text/plain

>> If the sysadm used the wrong charset at least the message will be
>> delivered. As it is now, the message ends up as an attachment if it
>> is being sent to an exchange-server.
>
> How big a problem is that?

Our customers complain loudly..

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From nbird at EXPRESS3T.COM.AU  Fri Aug 27 02:23:52 2004
From: nbird at EXPRESS3T.COM.AU (Nathan Bird)
Date: Thu Jan 12 21:26:39 2006
Subject: mail staying in mqueue.in
Message-ID: <mailman.1153.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi,

Im hoping someone can help me. My sendmail delivers my incoming mail to my
mqueue.in directory, but it never leaves this directory. When i tail syslog
(mail.log) I can see that mailscanner is starting and running as user
'sendmail' but nothing ever leaves my mqueue.in directory.

Syslog shows no apparent mailscanner erorrs, and when I run mailscanner in
debug mode (non forking) I dont get any feedback information at all.

I have the following config:

sendmail
spamassassin
clamav
& mailscanner (obviously :))

I have editited the default parms line as per the FAQs and now sendmail
deliveres the mail to my mqueue.in directory with no errors or anything

mqueue.in properties:
drwxr-x---    2 root     smmsp        4.0k Aug 27 21:18 mqueue.in

syslog output:
Aug 27 21:18:21 sloop mailscanner[1300]: MailScanner E-Mail Virus Scanner
version 3.13 starting.
Aug 27 21:18:21 sloop mailscanner[1300]: Configuring mailscanner for sendmail...
Aug 27 21:18:21 sloop mailscanner[1300]: ECS MailScanner setting UID to mail (8)
Aug 27 21:18:21 sloop mailscanner[1300]: ECS MailScanner setting GID to mail (8)
Aug 27 21:18:31 sloop sendmail[1301]: i7RBIV21001301:
from=<nbird@xxxxxxxxx>, size=10241, class=0, nrcpts=1,
msgid=<2CC5B7F44B206B449525F4888503952F099F77@xxxxxxxxxxxx>, proto=ESMTP,
daemon=MTA, relay=xxxxxxxxxxxxxxxxx [xxxxxxxxxxxxxx]

Im presuming that mailscanner isn't recognising that sendmail has dropped a
message in the mqueue.in for it to check.. But i've tried everything I can
think of to get it to work.
Any help would be very much appreciated.

Thanks in advance.!
Nathan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lbergman at WTXS.NET  Fri Aug 27 02:40:37 2004
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:26:39 2006
Subject: mail staying in mqueue.in
Message-ID: <mailman.1154.1137101199.24926.mailscanner@lists.mailscanner.info>

Nathan Bird said:
> Hi,
>
> Im hoping someone can help me. My sendmail delivers my incoming mail to my
> mqueue.in directory, but it never leaves this directory. I had this
problem recently. I was getting a core dump in the mqueue.in dir. I
traced it back to multilevel zip errors that was causing an error with
f-prot or clamav. After setting the zip level to 0 it starting
processing again. I can't remember the exact variable name though.
Sorry.
--
Lewis Bergman
Texas Communications
4309 Maple ST.
Abilene, TX 79602
325-695-6962 ext 115

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greyhair at GREYHAIR.NET  Fri Aug 27 05:24:33 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1155.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm no expert put the error is coming from MailScanner/PFDiskStore.pm

[--snip--]
MailScanner::Log::WarnLog("In Start didn't find a C record when I ".
                               "wanted one %s %s", $type, $data)
       unless $type eq 'C';
[--snip--]

Is there any additional info after "Aug 24 13:21:38 mail 
MailScanner[17800]: In Start didn't find a C record when I wanted 
one"?  ie. What is the next line.

This to me (again no expert) looks to be an IO type failure.

How many emails are going thru this server?
Did you have the same problem with earlier versions of MailScanner?
What is the space available in the queue area? (var/spool area(df 
command?))

Just trying to help.

greyhair


Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷ wrote:
> Hi. Íîâîæåíèí.
> 
> 
>>>Can you give some additional information?
> 
> of course
> 
>>>What Operating System? Linux, BSD, Sun, etc.
> 
> Linux RH.7.3
> 
>>>What is the Mail Transport Agent? Sendmail, Qmail, etc.
> 
> Postfix -  last version.
> 
>>>What version of MailScanner?
> 
> 4.32.5
> 
>>>Had MailScanner worked at any time?
> 
> Yea, MailScanner is stoped when somebody send message without some "C
> record". What is this???
> 
> 
>>>greyhair.
> 
> 
>>Hello!
>>
>>Please help, whats happend, MailScanner is starvation, and then do
>>it nothing.
>>
>>---cut here log---
>>Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
>>Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
>>Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
>>---cut here log---
>>
>>Thanks.
>>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Jan-Peter.Koopmann at SECEIDOS.DE  Fri Aug 27 06:39:42 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1156.1137101199.24926.mailscanner@lists.mailscanner.info>

>> 
>> How big a problem is that?
> 
> Our customers complain loudly..

I second that!!!

Could you not put the charset and mimetype in the first two lines of the reports/attachments etc.? Perhaps with special keywords that get parsed by mailscanner? That way it could be handled individually for each report/language without putting too much effort into finding the correct types automatically or having thousand new options in MailScanner.conf. A default option for characterset and mime-type would be nice though. If the special keywords are not found then the defaults are being used.

Kind regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Fri Aug 27 07:42:44 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1157.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks for the replies guys. I can learn a lot from all your comments.

Anyway, here are more info on my system.

Around 50,000 mails per day of which 95% are SPAMS. I am currently using
list.dsbl.org on my sendmail.cf to which is helping a little to kill off
mails before they can come into my server. But it have false identification
which is causing some users unable to send mail using SMTP, that's why I
need to rely on SURBL and remove dsbl on MTA.

I was using only bigevil previously and since SURBL will replace bigevil, I
have removed bigevil.

A recap of my system specs :

Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav (all
latest stable version)

And I do not run any DNS server. But will do that once I upgraded my box to
fedora core 1 and ensim pro 4.0.1.

For now, I want to know if I should upgrade to 1GB RAM.

Here are my loads :

    procs                      memory    swap          io     system
  cpu
  r  b  w   swpd   free   buff  cache  si  so    bi    bo   in    cs  us
sy  id
  4  0  1 318036  29432  22700
116600  48  86     6    85   18    98  31  15  54
  2  0  0 317564  37516  22784
116796   0  48    84   664  395   309  54  46   0
  8  0  0 317560  41960  22964
117188  16   0   256  1066  494   539  60  37   2
  8  0  0 317560  10104  22996
117324  20  40    84   296  342   283  72  28   0
  1 10  1 317632   5400  23032 115168  22
1180    72  1520  514   219  43  15  42
  0 24  2 318244   5304  22768 113568  88
1558   144  1766  531   215   6   5  89
14  8  2 319088   5304  22824 111548  38
1668   136  1878  619   261   4   5  91
  0 17  2 319364   5304  22824 108176 178
1226   208  1368  462   242  10  10  80
21  5  2 319808   5308  22820 106608 176
1114   232  1270  481   335  13   8  79
  0 13  1 320048  23256  22816 104052 446
864   508  1064  450   356  12  11  77
10  6  2 320220   5304  22984 103500 550 624   622  1456  556   563  58  15  27
  9  5  2 320792   5400  22996 101436 166
1000   186  1160  363   239  36  11  53
  4 12  2 321136   5296  22972  98536 348
1276   358  1466  428   311  49  13  38
  6 10  1 320968  13900  22988  97416 288
766   304  1112  353   280  62   9  29
  3 13  1 321464   7692  23072  97532 292
310   382   722  282   339  38  12  50
  2 11  1 320416  25700  23132  97708 344
162   440   442  363   415  30  14  56


And here is the top command :

   2:16pm  up 3 days, 22:53,  1 user,  load average: 6.34, 6.06, 4.96
181 processes: 178 sleeping, 3 running, 0 zombie, 0 stopped
CPU states:  6.9% user,  6.9% system, 60.8% nice, 25.2% idle
Mem:   506048K av,  458944K used,   47104K free,       0K shrd,   24508K buff
Swap: 1020116K av,  315784K used,  704332K free                  124892K cached

<SORT BY MEMORY>
   PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
  1140 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:29 mysqld
  1160 mysql     11  10 19040  13M  1524 S N   0.4  2.7   0:36 mysqld
  1161 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  1162 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  2487 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  3120 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6240 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6460 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6465 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6468 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6480 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
  6539 mysql     15  10 19040  13M  1524 S N   0.0  2.7   0:00 mysqld
31864 root       9   0 42128  10M  1692 S     0.0  2.1   0:31 MailScanner
32413 root       8   0 42184  10M  1656 S     0.0  2.1   0:30 MailScanner
31892 root       8   0 42312   9M  1648 S     0.0  2.0   0:32 MailScanner
31846 root       9   0 42196 9928  1684 S     0.0  1.9   0:29 MailScanner
31932 root       8   0 42172 9844  1656 S     0.0  1.9   0:32 MailScanner

<SORT BY CPU>
   PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
  6647 root      20   0 42332  19M  1816 R     5.9  3.9   0:00 MailScanner
  4653 apache     9   0 10924 5708  3216 R     4.4  1.1   0:01 httpd
  5264 apache     9   0 12080 7528  3836 S     4.4  1.4   0:00 httpd
  6433 apache    11   0 11840 7044  3756 S     2.4  1.3   0:00 httpd
31864 root      15   0 42132  10M  1692 S     1.9  2.1   0:32 MailScanner
  6046 apache     8   0 11128 6352  3632 S     1.4  1.2   0:00 httpd
    13 root       9   0     0    0     0 RW    0.4  0.0   6:53 kjournald
21042 root       9   0  2004 1656  1252 R     0.4  0.3   0:20 sshd
31932 root      12   0 42180 9104  1656 S     0.4  1.7   0:32 MailScanner
  6383 apache     9   0 11552 6748  3788 S     0.4  1.3   0:00 httpd
  6582 root      10   0  1156 1156   836 R     0.4  0.2   0:00 top
  6645 mysql     15  10 18876  13M  1524 S N   0.4  2.7   0:00 mysqld
  6649 root      15   0 42132  10M  1692 R     0.4  2.1   0:00 MailScanner
     1 root       8   0   456  412   392 S     0.0  0.0   0:08 init
     2 root       9   0     0    0     0 SW    0.0  0.0   0:00 keventd
     3 root       9   0     0    0     0 SW    0.0  0.0   0:00 kapmd
     4 root      19  19     0    0     0 SWN   0.0  0.0   0:00 ksoftirqd_CPU0

Please bear in mind that I have turned off 3 out of the 4 filtering in
spamcop_uri.cf.
Also, bayes is turned on. Max children is 5.

Thanks in advance.


At 04:41 PM 26/8/2004, you wrote: Hi!

 > I have just implemented SURBL. Server load shot up and stays around 30 >
making websites unaccessable. I have now edited SURBL to only check on >
SPAMCOP_URI_RBL. I have disabled the other 3. Now my load averages around >
12. This is still quite high. > > BTW, after some monitoring using "top", I
notice that my system is quite > RAM intensive. But "top" can't tell for
sure. What other tools can I use to > see whether the highload is due to
lots of disk accesses (due to not having > enough RAM).

This question would be more in its place on the SURBL mailinglists i think.
But, do you have local caching servers for the DNS zones ? And, whats the
mailvolume and machine specs you are using ?

Bye, raymond.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 27 08:46:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1158.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:39 27/08/2004, you wrote:
> >>
> >> How big a problem is that?
> >
> > Our customers complain loudly..
>
>I second that!!!
>
>Could you not put the charset and mimetype in the first two lines of the
>reports/attachments etc.? Perhaps with special keywords that get parsed by
>mailscanner? That way it could be handled individually for each
>report/language without putting too much effort into finding the correct
>types automatically or having thousand new options in MailScanner.conf. A
>default option for characterset and mime-type would be nice though. If the
>special keywords are not found then the defaults are being used.

So when I sign a clean message, I need to add

MIME-Version: 1.0
Content-type: text/plain; charset=<whatever_MS_conf_says>

to the headers in the message if they aren't already both there?
What other situations do I need to do this in?

I've not actually experienced this problem myself, so I am going completely
on what you tell me. Please be sure to explain it to me precisely, don't
assume anything.
Exactly what situations require this change?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Fri Aug 27 09:46:29 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1159.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

load looks a little high for that spec of machine...

make sure you have a caching DNS server on the machine - it makes alot
of difference to SURBL, easy to setup, I'd do that first.

As to RBL's I run only the spamcop combined list, known virus list and
ORB, all others are turned off...my spam.assassin.prefs.conf has this in
it..

############################################
header  RCVD_SPAMHAUS_XBL
rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL
tflags RCVD_SPAMHAUS_XBL net
score RCVD_SPAMHAUS_XBL 1.5

header RCVD_IN_VIRBL
eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
tflags RCVD_IN_VIRBL net
score RCVD_IN_VIRBL 0 3.0 0 3.0

# habeas getting totally abused by the spammers
score HABEAS_SWE 0.0

# don't do all the RBL's just orb and spamhause XBL - above
score RCVD_IN_NJABL 0.0
score RCVD_IN_NJABL_DIALUP 0.0
score RCVD_IN_NJABL_MULTI 0.0
score RCVD_IN_NJABL_PROXY 0.0
score RCVD_IN_NJABL_RELAY 0.0
score RCVD_IN_NJABL_SPAM 0.0
score RCVD_IN_DYNABLOCK 0.0
score RCVD_IN_OPM 0.0
score RCVD_IN_OPM_WINGATE 0.0
score RCVD_IN_OPM_SOCKS 0.0
score RCVD_IN_OPM_HTTP 0.0
score RCVD_IN_OPM_ROUTER 0.0
score RCVD_IN_SORBS_BLOCK 0.0
score RCVD_IN_DSBL 0.0
score RCVD_IN_RFCI 0.0
score DNS_FROM_RFCI_DSN 0.0
#score RCVD_IN_SBL 0.0
score HABEAS_VIOLATOR 0.0
score RCVD_IN_BSP_TRUSTED 0.0
score RCVD_IN_BSP_OTHER 0.0
#######################################################################

Doing it this way means you don't take the RBL as a complete blacklist,
just adds to the score, which helps prevent FPs.

I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
tempory files...

Also I check for valid email addresses on the inbound MTA. If it's not
from/to a valid address it gets rejected (this stops around 2/3's of
spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.

Adding RAM will always help..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> Thanks for the replies guys. I can learn a lot from all your comments.
>
> Anyway, here are more info on my system.
>
> Around 50,000 mails per day of which 95% are SPAMS. I am currently using
> list.dsbl.org on my sendmail.cf to which is helping a little to kill off
> mails before they can come into my server. But it have false identification
> which is causing some users unable to send mail using SMTP, that's why I
> need to rely on SURBL and remove dsbl on MTA.
>
> I was using only bigevil previously and since SURBL will replace bigevil, I
> have removed bigevil.
>
> A recap of my system specs :
>
> Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav (all
> latest stable version)
>
> And I do not run any DNS server. But will do that once I upgraded my box to
> fedora core 1 and ensim pro 4.0.1.
>
> For now, I want to know if I should upgrade to 1GB RAM.
>
<snip>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Fri Aug 27 11:26:46 2004
From: marcin.rozek at IOS.EDU.PL ([iso-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:39 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1160.1137101199.24926.mailscanner@lists.mailscanner.info>

On Thu, 26 Aug 2004, Julian Field wrote:

> Try the attached patch and let me know if it solves the problem for you.

I did apply the patch and restart mailscanner. Now i send an Eicar
test file to myself. Mailscanner catch this and sends notice to me
(option "Notices To") but there's no header
Content-Type: text/plain; charset=iso-8859-2

These are headers that i see when i view this notice in Thunderbird:

X-UIDL:
X-Mozilla-Status:
X-Mozilla-Status2:
Return-Path:
Received:
Message-Id:
X-MailScanner:
X-MailScanner-From:

Do i miss something?

> Note that some of the report files in the supplied setup already contain
> all the headers, so you can just edit those reports.
yes - but everything that's included in postmaster's notices is in
languages.conf (NoticeVirusInfected, NoticeFilenameInfected, NoticePrefix
etc.) or is generated so i can't put my own headers as i can do eg. in
sender.virus.report.txt. Or can i?

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Fri Aug 27 11:29:28 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1161.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 04:46 PM 27/8/2004, you wrote:
----------
Also I check for valid email addresses on the inbound MTA. If it's not
from/to a valid address it gets rejected (this stops around 2/3's of
spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
---------
Can you elaborate further on this? How do you do that? Do you have to add
the addresses manually to the list?

Thanks in advance.


>Hi
>
>load looks a little high for that spec of machine...
>
>make sure you have a caching DNS server on the machine - it makes alot
>of difference to SURBL, easy to setup, I'd do that first.
>
>As to RBL's I run only the spamcop combined list, known virus list and
>ORB, all others are turned off...my spam.assassin.prefs.conf has this in
>it..
>
>############################################
>header  RCVD_SPAMHAUS_XBL
>rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
>describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL
>tflags RCVD_SPAMHAUS_XBL net
>score RCVD_SPAMHAUS_XBL 1.5
>
>header RCVD_IN_VIRBL
>eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
>describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
>tflags RCVD_IN_VIRBL net
>score RCVD_IN_VIRBL 0 3.0 0 3.0
>
># habeas getting totally abused by the spammers
>score HABEAS_SWE 0.0
>
># don't do all the RBL's just orb and spamhause XBL - above
>score RCVD_IN_NJABL 0.0
>score RCVD_IN_NJABL_DIALUP 0.0
>score RCVD_IN_NJABL_MULTI 0.0
>score RCVD_IN_NJABL_PROXY 0.0
>score RCVD_IN_NJABL_RELAY 0.0
>score RCVD_IN_NJABL_SPAM 0.0
>score RCVD_IN_DYNABLOCK 0.0
>score RCVD_IN_OPM 0.0
>score RCVD_IN_OPM_WINGATE 0.0
>score RCVD_IN_OPM_SOCKS 0.0
>score RCVD_IN_OPM_HTTP 0.0
>score RCVD_IN_OPM_ROUTER 0.0
>score RCVD_IN_SORBS_BLOCK 0.0
>score RCVD_IN_DSBL 0.0
>score RCVD_IN_RFCI 0.0
>score DNS_FROM_RFCI_DSN 0.0
>#score RCVD_IN_SBL 0.0
>score HABEAS_VIOLATOR 0.0
>score RCVD_IN_BSP_TRUSTED 0.0
>score RCVD_IN_BSP_OTHER 0.0
>#######################################################################
>
>Doing it this way means you don't take the RBL as a complete blacklist,
>just adds to the score, which helps prevent FPs.
>
>I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
>tempory files...
>
>Also I check for valid email addresses on the inbound MTA. If it's not
>from/to a valid address it gets rejected (this stops around 2/3's of
>spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
>
>Adding RAM will always help..
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>
>kfliong wrote:
>>Thanks for the replies guys. I can learn a lot from all your comments.
>>
>>Anyway, here are more info on my system.
>>
>>Around 50,000 mails per day of which 95% are SPAMS. I am currently using
>>list.dsbl.org on my sendmail.cf to which is helping a little to kill off
>>mails before they can come into my server. But it have false identification
>>which is causing some users unable to send mail using SMTP, that's why I
>>need to rely on SURBL and remove dsbl on MTA.
>>
>>I was using only bigevil previously and since SURBL will replace bigevil, I
>>have removed bigevil.
>>
>>A recap of my system specs :
>>
>>Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav (all
>>latest stable version)
>>
>>And I do not run any DNS server. But will do that once I upgraded my box to
>>fedora core 1 and ensim pro 4.0.1.
>>
>>For now, I want to know if I should upgrade to 1GB RAM.
><snip>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Fri Aug 27 11:43:38 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1162.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Lots of info for this on the web, esp if sendmail is your MTA...


Also some stuff on the list archives/FAQ about synchronising with Active
directory/LDAP based systems...again for sendmail based MTA's

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html

and more I guess for live LDAP lookups..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> At 04:46 PM 27/8/2004, you wrote:
> ----------
> Also I check for valid email addresses on the inbound MTA. If it's not
> from/to a valid address it gets rejected (this stops around 2/3's of
> spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
> ---------
> Can you elaborate further on this? How do you do that? Do you have to add
> the addresses manually to the list?
>
> Thanks in advance.
>
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hamster at KORENWOLF.NET  Fri Aug 27 11:47:33 2004
From: hamster at KORENWOLF.NET (Mark Lowes)
Date: Thu Jan 12 21:26:39 2006
Subject: Quarantine ponderings
Message-ID: <mailman.1163.1137101199.24926.mailscanner@lists.mailscanner.info>

I'm looking at the quarantine facility in MailScanner at the moment,
however there are a couple of things which I can't see which I'll need
to allow it to interact with other systems I'm planning / performance
needs.

Hashing the directory structure, the current

        $spool-dir/quarantine/date/spoolid/

format will hit some performance issues on the sorts of numbers of files
I'm going to be seeing through the system, is there a way of using the
rules system to break this down further into something like

        $spool-dir/quarantine/date/spoolid/<something>/<something>/

or
        $spool-dir/quarantine/date/<hour>/<minute>/spoolid/


The other problem is that unless I use the actual postfix spool file
there appears to be no mechanism for keeping the smtp envelope
information.  Any ideas?

        thanks
            Mark

--
Mark Lowes <hamster@korenwolf.net>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alexn at teleserv.ru  Fri Aug 27 12:25:53 2004
From: alexn at teleserv.ru (XXXXXXXXX XXXXXXXXX XXXXXXXXX)
Date: Thu Jan 12 21:26:39 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1164.1137101199.24926.mailscanner@lists.mailscanner.info>

Çäðàâñòâóéòå, greyhair.

Âû ïèñàëè 27 àâãóñòà 2004 ã., 8:24:33:

g> I'm no expert put the error is coming from MailScanner/PFDiskStore.pm

g> [--snip--]
g> MailScanner::Log::WarnLog("In Start didn't find a C record when I ".
g>                                "wanted one %s %s", $type, $data)
g>        unless $type eq 'C';
g> [--snip--]

g> Is there any additional info after "Aug 24 13:21:38 mail 
g> MailScanner[17800]: In Start didn't find a C record when I wanted 
g> one"?  ie. What is the next line.
nothing. :(

g> This to me (again no expert) looks to be an IO type failure.

g> How many emails are going thru this server?
50-60 mails in day, maby
g> Did you have the same problem with earlier versions of MailScanner?
No, i had not. Most likely this problem in last version???
g> What is the space available in the queue area? (var/spool area(df 
g> command?))
There is a lot of space.
g> Just trying to help.

g> greyhair


g> Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷ wrote:
>> Hi. Íîâîæåíèí.
>> 
>> 
>>>>Can you give some additional information?
>> 
>> of course
>> 
>>>>What Operating System? Linux, BSD, Sun, etc.
>> 
>> Linux RH.7.3
>> 
>>>>What is the Mail Transport Agent? Sendmail, Qmail, etc.
>> 
>> Postfix -  last version.
>> 
>>>>What version of MailScanner?
>> 
>> 4.32.5
>> 
>>>>Had MailScanner worked at any time?
>> 
>> Yea, MailScanner is stoped when somebody send message without some "C
>> record". What is this???
>> 
>> 
>>>>greyhair.
>> 
>> 
>>>Hello!
>>>
>>>Please help, whats happend, MailScanner is starvation, and then do
>>>it nothing.
>>>
>>>---cut here log---
>>>Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
>>>Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
>>>Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
>>>---cut here log---
>>>
>>>Thanks.
>>>

g> ------------------------ MailScanner list ------------------------
g> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
g> 'leave mailscanner' in the body of the email.
g> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
g> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



-- 
Ñ óâàæåíèåì,
 Íîâîæåíèí                          mailto:alexn@teleserv.ru

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Aug 27 13:50:29 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1165.1137101199.24926.mailscanner@lists.mailscanner.info>

What is this:

header RCVD_IN_VIRBL
eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host tflags
RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0

I can't find anything on Google pertaining to virbl.dnsbl.bit.nl

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Martin Hepworth
Sent: Friday, August 27, 2004 3:46 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailscanner and server load

Hi

load looks a little high for that spec of machine...

make sure you have a caching DNS server on the machine - it makes alot of
difference to SURBL, easy to setup, I'd do that first.

As to RBL's I run only the spamcop combined list, known virus list and ORB,
all others are turned off...my spam.assassin.prefs.conf has this in it..

############################################
header  RCVD_SPAMHAUS_XBL
rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL tflags RCVD_SPAMHAUS_XBL
net score RCVD_SPAMHAUS_XBL 1.5

header RCVD_IN_VIRBL
eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host tflags
RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0

# habeas getting totally abused by the spammers score HABEAS_SWE 0.0

# don't do all the RBL's just orb and spamhause XBL - above score
RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DIALUP 0.0 score RCVD_IN_NJABL_MULTI
0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score
RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_DYNABLOCK 0.0 score RCVD_IN_OPM 0.0
score RCVD_IN_OPM_WINGATE 0.0 score RCVD_IN_OPM_SOCKS 0.0 score
RCVD_IN_OPM_HTTP 0.0 score RCVD_IN_OPM_ROUTER 0.0 score RCVD_IN_SORBS_BLOCK
0.0 score RCVD_IN_DSBL 0.0 score RCVD_IN_RFCI 0.0 score DNS_FROM_RFCI_DSN
0.0 #score RCVD_IN_SBL 0.0 score HABEAS_VIOLATOR 0.0 score
RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0
#######################################################################

Doing it this way means you don't take the RBL as a complete blacklist, just
adds to the score, which helps prevent FPs.

I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
tempory files...

Also I check for valid email addresses on the inbound MTA. If it's not
from/to a valid address it gets rejected (this stops around 2/3's of spam
before it hits MS, yes 2/3's!!!), and thus reduces load on MS.

Adding RAM will always help..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> Thanks for the replies guys. I can learn a lot from all your comments.
>
> Anyway, here are more info on my system.
>
> Around 50,000 mails per day of which 95% are SPAMS. I am currently
> using list.dsbl.org on my sendmail.cf to which is helping a little to
> kill off mails before they can come into my server. But it have false
> identification which is causing some users unable to send mail using
> SMTP, that's why I need to rely on SURBL and remove dsbl on MTA.
>
> I was using only bigevil previously and since SURBL will replace
> bigevil, I have removed bigevil.
>
> A recap of my system specs :
>
> Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav
> (all latest stable version)
>
> And I do not run any DNS server. But will do that once I upgraded my
> box to fedora core 1 and ensim pro 4.0.1.
>
> For now, I want to know if I should upgrade to 1GB RAM.
>
<snip>

**********************************************************************

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the
presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From philippe.amiot at cirad.fr  Fri Aug 27 13:53:16 2004
From: philippe.amiot at cirad.fr (Philippe AMIOT)
Date: Thu Jan 12 21:26:39 2006
Subject: Spam List Problems : SORBS-DNSBL SORBS-DUL
Message-ID: <mailman.1166.1137101199.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have some probleme with my Spam List on MailScanner (with SpamAssassin)

When I add this 2 lists (SORBS-DNSBL & SORBS-DUL) on my Spam List in 
MailScanner.conf, all the mails is marked as SPAM with no report and a 0 
score !!!!

Here is an header :
The symptomes is the same else if the mail come from inside or outside of the 
domain !

Return-Path: <user@xxxx.xx>
Received: from userpc.xxxxx.xx (xxxxx)
        by server.xxxxx.xx (8.12.8/8.11.0) with ESMTP id i7RCcXqj025740;
        for <user2@xxxxx.xx>; Fri, 27 Aug 2004 16:38:43 +0400;
        Fri, 27 Aug 2004 16:38:33 +0400
From: Philippe AMIOT <user1@xxxxx.xx>
To: user2@xxxxx.xx
Subject: *****Spam***** test
Date: Fri, 27 Aug 2004 16:28:56 +0400
User-Agent: KMail/1.5.3
System: Linux Mandrake
MIME-Version: 1.0
Message-Id: <200408271628.57653.xxxxx@xxxxx.xx>
X-CIRAD-MailScanner: Found to be clean, Found to be clean
Content-type: multipart/report;
  boundary="======25714==88892======"
X-CIRAD-MailScanner-Information: Please contact your ISP for details
X-CIRAD-MailScanner-SpamCheck: polluriel (SPAM), SORBS-DNSBL, SORBS-DUL
X-MailScanner-From: user@cirad.fr
Status: R 
X-Status: N
X-KMail-EncryptionState:  
X-KMail-SignatureState:  
.....


Anyone have an idea ?

- -- 
Cordialement,

   _
  °v°   Philippe AMIOT
 /(_)\  DSI - Systemes et Reseaux
  ^ ^   Cirad (dg) / Delegation à l'Outremer Francais (domf)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBLy68Fn7DRVV13sERAi4hAKCKKhldjtt/CmWKoP8UufY5ZLkQnQCfXRAW
Fr7G+s595OMT+du0WKSN7N8=
=OlI7
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Fri Aug 27 14:03:12 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:39 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1167.1137101199.24926.mailscanner@lists.mailscanner.info>

Hi!

> eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
> describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host tflags
> RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0
>
> I can't find anything on Google pertaining to virbl.dnsbl.bit.nl

http://virbl.bit.nl/

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Aug 27 14:11:28 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:40 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1168.1137101199.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike

hmm darn RBL's - up, down, moved :-)

nearest I can find now is....

http://www.rbl.jp/virusrbl-e.html

I'll have a look at see of that rule is being triggered over the last 30
days in my MailWatch DB..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Mike Kercher wrote:
> What is this:
>
> header RCVD_IN_VIRBL
> eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
> describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host tflags
> RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0
>
> I can't find anything on Google pertaining to virbl.dnsbl.bit.nl
>
> Mike
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Martin Hepworth
> Sent: Friday, August 27, 2004 3:46 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Mailscanner and server load
>
> Hi
>
> load looks a little high for that spec of machine...
>
> make sure you have a caching DNS server on the machine - it makes alot of
> difference to SURBL, easy to setup, I'd do that first.
>
> As to RBL's I run only the spamcop combined list, known virus list and ORB,
> all others are turned off...my spam.assassin.prefs.conf has this in it..
>
> ############################################
> header  RCVD_SPAMHAUS_XBL
> rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
> describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL tflags RCVD_SPAMHAUS_XBL
> net score RCVD_SPAMHAUS_XBL 1.5
>
> header RCVD_IN_VIRBL
> eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
> describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host tflags
> RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0
>
> # habeas getting totally abused by the spammers score HABEAS_SWE 0.0
>
> # don't do all the RBL's just orb and spamhause XBL - above score
> RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DIALUP 0.0 score RCVD_IN_NJABL_MULTI
> 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score
> RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_DYNABLOCK 0.0 score RCVD_IN_OPM 0.0
> score RCVD_IN_OPM_WINGATE 0.0 score RCVD_IN_OPM_SOCKS 0.0 score
> RCVD_IN_OPM_HTTP 0.0 score RCVD_IN_OPM_ROUTER 0.0 score RCVD_IN_SORBS_BLOCK
> 0.0 score RCVD_IN_DSBL 0.0 score RCVD_IN_RFCI 0.0 score DNS_FROM_RFCI_DSN
> 0.0 #score RCVD_IN_SBL 0.0 score HABEAS_VIOLATOR 0.0 score
> RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0
> #######################################################################
>
> Doing it this way means you don't take the RBL as a complete blacklist, just
> adds to the score, which helps prevent FPs.
>
> I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
> tempory files...
>
> Also I check for valid email addresses on the inbound MTA. If it's not
> from/to a valid address it gets rejected (this stops around 2/3's of spam
> before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
>
> Adding RAM will always help..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> kfliong wrote:
>
>>Thanks for the replies guys. I can learn a lot from all your comments.
>>
>>Anyway, here are more info on my system.
>>
>>Around 50,000 mails per day of which 95% are SPAMS. I am currently
>>using list.dsbl.org on my sendmail.cf to which is helping a little to
>>kill off mails before they can come into my server. But it have false
>>identification which is causing some users unable to send mail using
>>SMTP, that's why I need to rely on SURBL and remove dsbl on MTA.
>>
>>I was using only bigevil previously and since SURBL will replace
>>bigevil, I have removed bigevil.
>>
>>A recap of my system specs :
>>
>>Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav
>>(all latest stable version)
>>
>>And I do not run any DNS server. But will do that once I upgraded my
>>box to fedora core 1 and ensim pro 4.0.1.
>>
>>For now, I want to know if I should upgrade to 1GB RAM.
>>
>
> <snip>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
>
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Fri Aug 27 14:15:22 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:40 2006
Subject: Mailscanner and server load
Message-ID: <mailman.1169.1137101200.24926.mailscanner@lists.mailscanner.info>

Raymond Dijkxhoorn wrote:
> Hi!
>
>> eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
>> describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
>> tflags RCVD_IN_VIRBL net score RCVD_IN_VIRBL 0 3.0 0 3.0
>>
>> I can't find anything on Google pertaining to virbl.dnsbl.bit.nl
>
> http://virbl.bit.nl/
>
> Bye,
> Raymond.
>

Thanks for that.  I could have sworn I tried that URL before posting.
*shrug*

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Fri Aug 27 14:44:08 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:40 2006
Subject: Spam List Problems : SORBS-DNSBL SORBS-DUL
Message-ID: <mailman.1170.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Philippe AMIOT wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> I have some probleme with my Spam List on MailScanner (with SpamAssassin)
>
> When I add this 2 lists (SORBS-DNSBL & SORBS-DUL) on my Spam List in
> MailScanner.conf, all the mails is marked as SPAM with no report and a 0
> score !!!!
>
> Here is an header :
> The symptomes is the same else if the mail come from inside or outside of the
> domain !
>
> Return-Path: <user@xxxx.xx>
> Received: from userpc.xxxxx.xx (xxxxx)
>         by server.xxxxx.xx (8.12.8/8.11.0) with ESMTP id i7RCcXqj025740;
>         for <user2@xxxxx.xx>; Fri, 27 Aug 2004 16:38:43 +0400;
>         Fri, 27 Aug 2004 16:38:33 +0400
> From: Philippe AMIOT <user1@xxxxx.xx>
> To: user2@xxxxx.xx
> Subject: *****Spam***** test
> Date: Fri, 27 Aug 2004 16:28:56 +0400
> User-Agent: KMail/1.5.3
> System: Linux Mandrake
> MIME-Version: 1.0
> Message-Id: <200408271628.57653.xxxxx@xxxxx.xx>
> X-CIRAD-MailScanner: Found to be clean, Found to be clean
> Content-type: multipart/report;
>   boundary="======25714==88892======"
> X-CIRAD-MailScanner-Information: Please contact your ISP for details
> X-CIRAD-MailScanner-SpamCheck: polluriel (SPAM), SORBS-DNSBL, SORBS-DUL
> X-MailScanner-From: user@cirad.fr
> Status: R
> X-Status: N
> X-KMail-EncryptionState:
> X-KMail-SignatureState:
> .....
>
>
> Anyone have an idea ?

Have you done lookup on those lists for the IPs that are considered as
spam ?

It is normal that you get a score zero if you have the setting not to
use spamasssasin if on spam list.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dave at DIFFERENCE.COM.AU  Fri Aug 27 15:05:52 2004
From: dave at DIFFERENCE.COM.AU (David Cake)
Date: Thu Jan 12 21:26:40 2006
Subject: mail staying in mqueue.in
Message-ID: <mailman.1171.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 8:40 PM -0500 26/8/04, Lewis Bergman wrote:
>Nathan Bird said:
>>  Hi,
>>
>>  Im hoping someone can help me. My sendmail delivers my incoming mail to my
>>  mqueue.in directory, but it never leaves this directory. I had this
>problem recently. I was getting a core dump in the mqueue.in dir. I
>traced it back to multilevel zip errors that was causing an error with
>f-prot or clamav. After setting the zip level to 0 it starting
>processing again. I can't remember the exact variable name though.

        My problem with this same setup seemed to be the mqueue.in
permissions. Mine were
-rw-r-----  1 root smmsp
        What are yours?
        My temporary solution - a cron job that chowns the files.
        My long term solution - postfix.
        But if anyone can suggest a medium term solution, probably
involving some obscure sendmail security setting, that would be great
:-)
        Cheers
                David

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Aug 27 16:42:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1172.1137101200.24926.mailscanner@lists.mailscanner.info>

Okay, I misunderstood where you needed the character set. I thought you
meant notices apparently coming *from* the postmaster, not the "notices to"
messages.

Try the attached patch instead of the previous one.

At 11:26 27/08/2004, you wrote:
>On Thu, 26 Aug 2004, Julian Field wrote:
>
> > Try the attached patch and let me know if it solves the problem for you.
>
>I did apply the patch and restart mailscanner. Now i send an Eicar
>test file to myself. Mailscanner catch this and sends notice to me
>(option "Notices To") but there's no header
>Content-Type: text/plain; charset=iso-8859-2
>
>These are headers that i see when i view this notice in Thunderbird:
>
>X-UIDL:
>X-Mozilla-Status:
>X-Mozilla-Status2:
>Return-Path:
>Received:
>Message-Id:
>X-MailScanner:
>X-MailScanner-From:
>
>Do i miss something?
>
> > Note that some of the report files in the supplied setup already contain
> > all the headers, so you can just edit those reports.
>yes - but everything that's included in postmaster's notices is in
>languages.conf (NoticeVirusInfected, NoticeFilenameInfected, NoticePrefix
>etc.) or is generated so i can't put my own headers as i can do eg. in
>sender.virus.report.txt. Or can i?
>
>Regards,
>Marcin
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: ]
    [ "Message.pm.charset2.patch")  2.9KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From marcin.rozek at IOS.EDU.PL  Fri Aug 27 18:06:16 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:40 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1173.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> Okay, I misunderstood where you needed the character set. I thought you
> meant notices apparently coming *from* the postmaster, not the "notices to"
> messages.
> Try the attached patch instead of the previous one.
Now it works just fine.
Thank you very much :)

btw. what does the previous patch do?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greyhair at GREYHAIR.NET  Fri Aug 27 19:37:17 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner is starvation
Message-ID: <mailman.1174.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi again!

What other updates have you performed around the time MailScanner had 
problems?
Perl? postfix? Perl packages?

If you start MailScanner, how many messages go through before 
MailScanner Stops?



Sounds like you may want to Roll back to a previous version of 
MailScanner. If you used the RPM's, you could un-install then 
re-install a previous version.

If that does not fix your problem, then you may have to Roll back to a 
previous version of PostFix? or other updated software.


Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷ wrote:
> Çäðàâñòâóéòå, greyhair.
> 
> Âû ïèñàëè 27 àâãóñòà 2004 ã., 8:24:33:
> 
> g> I'm no expert put the error is coming from MailScanner/PFDiskStore.pm
> 
> g> [--snip--]
> g> MailScanner::Log::WarnLog("In Start didn't find a C record when I ".
> g>                                "wanted one %s %s", $type, $data)
> g>        unless $type eq 'C';
> g> [--snip--]
> 
> g> Is there any additional info after "Aug 24 13:21:38 mail 
> g> MailScanner[17800]: In Start didn't find a C record when I wanted 
> g> one"?  ie. What is the next line.
> nothing. :(
> 
> g> This to me (again no expert) looks to be an IO type failure.
> 
> g> How many emails are going thru this server?
> 50-60 mails in day, maby
> g> Did you have the same problem with earlier versions of MailScanner?
> No, i had not. Most likely this problem in last version???
> g> What is the space available in the queue area? (var/spool area(df 
> g> command?))
> There is a lot of space.
> g> Just trying to help.
> 
> g> greyhair
> 
> 
> g> Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷ wrote:
> 
>>>Hi. Íîâîæåíèí.
>>>
>>>
>>>
>>>>>Can you give some additional information?
>>>
>>>of course
>>>
>>>
>>>>>What Operating System? Linux, BSD, Sun, etc.
>>>
>>>Linux RH.7.3
>>>
>>>
>>>>>What is the Mail Transport Agent? Sendmail, Qmail, etc.
>>>
>>>Postfix -  last version.
>>>
>>>
>>>>>What version of MailScanner?
>>>
>>>4.32.5
>>>
>>>
>>>>>Had MailScanner worked at any time?
>>>
>>>Yea, MailScanner is stoped when somebody send message without some "C
>>>record". What is this???
>>>
>>>
>>>
>>>>>greyhair.
>>>
>>>
>>>>Hello!
>>>>
>>>>Please help, whats happend, MailScanner is starvation, and then do
>>>>it nothing.
>>>>
>>>>---cut here log---
>>>>Aug 24 13:21:37 mail MailScanner[17800]: Spam Checks: Found 1 spam messages
>>>>Aug 24 13:21:38 mail MailScanner[17800]: Requeue: 7DD1F27BEC to 79596379DB
>>>>Aug 24 13:21:38 mail MailScanner[17800]: In Start didn't find a C record when I wanted one
>>>>---cut here log---
>>>>
>>>>Thanks.
>>>>
> 
> 
> g> ------------------------ MailScanner list ------------------------
> g> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> g> 'leave mailscanner' in the body of the email.
> g> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> g> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From greyhair at GREYHAIR.NET  Fri Aug 27 19:42:04 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:40 2006
Subject: Short explanation please
Message-ID: <mailman.1175.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian (or anyone that knows the answer to the following)

Could you explain what the C record is in PFDiskStore.pm
and what should be displayed after "wanted one".  Is this part of a
file's IO info?

[--snip--]
MailScanner::Log::WarnLog("In Start didn't find a C record when I ".
                                 "wanted one %s %s", $type, $data)
         unless $type eq 'C';
[--snip--]

Thanks

greyhair

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Fri Aug 27 20:48:37 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:40 2006
Subject: Spam List Problems : SORBS-DNSBL SORBS-DUL
Message-ID: <mailman.1176.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:53 AM 8/27/2004, Philippe AMIOT wrote:
>When I add this 2 lists (SORBS-DNSBL & SORBS-DUL) on my Spam List in
>MailScanner.conf, all the mails is marked as SPAM with no report and a 0
>score !!!!

The tagged-as-spam with 0 score is normal. The "Spam List" in
Mailscanner.conf will cause the message to be marked as spam if it's IP is
in that RBL. This happens no matter what spamassassin has to say about it.

If you don't want this to happen, let SA handle your RBLs for you.

My guess is that one of the IPs involved in most of your mail is a dialup
or dynamic IP, and listed in sorbs-dul, but you'd have to check for
yourself. Since you opted to xx out all the IP addresses, I can't check
them for you.

If you don't know how to do it manually, www.openrbl.org has an easy-to-use
web interface to check many RBLs, as does www.dnsstuff.com.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Fri Aug 27 22:32:29 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:40 2006
Subject: Cool SpamAss hold and deliver feature,
     can we implement that in MailScanner
Message-ID: <mailman.1177.1137101200.24926.mailscanner@lists.mailscanner.info>

Garry Glendown wrote on         Thu, 26 Aug 2004 16:57:09 +0200:

> OK; just noticed the "store" option in the MS config ... So I guess all
> that we need is the frontend then ... of course it doesn't make sense to
> inform the recipient of every single email ... ;)
>

Ok, then I misunderstood you. I think you overlooked the word "MailWatch" 
in my mails. Have a look at mailwatch.sf.net, there's your interface and 
your release via web. And it puts almost all necessary information for 
report mails in a SQL DB.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jakes at LEET.ORG  Fri Aug 27 23:02:42 2004
From: jakes at LEET.ORG (David Jacobson)
Date: Thu Jan 12 21:26:40 2006
Subject: autolearn missing
Message-ID: <mailman.1178.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi All,

New Install running:

MailScanner 4.32.5
SpamAssassin 3.0.0rc1

I have noticed on some e-mails the autolearn keyword is missing eg:

Aug 26 21:49:50 securemx1 MailScanner[7060]: Message 1C0QFE-00026b-9z from
127.0.0.1 (root@securemx1.domain.com) to domain.com is spam, Sp
amAssassin (score=22.26, required 6, autolearn=, BAYES_99 1.89, EXCUSE_23
2.40, EXCUSE_24 2.08, EXCUSE_3 0.12, FORGED_HOTMAIL_RCVD2 1.18,
FRONTPAGE 2.08, HTML_80_90 0.15, HTML_FONT_BIG 0.14, HTML_MESSAGE 0.00,
HTML_SHOUTING3 0.02, INVALID_DATE_TZ_ABSURD 0.96, MIME_HTML_ONLY 0
.18, MIME_QP_LONG_LINE 0.04, MSGID_DOLLARS 2.66, MSGID_SPAM_ZEROES 1.86,
NO_REAL_NAME 0.01, RCVD_IN_DSBL 3.81, REMOVE_PAGE 0.19, SUBJ_HAS_
SPACES 1.18, SUBJ_HAS_UNIQ_ID 1.34)
Aug 26 21:49:51 securemx1 MailScanner[7066]: Message 1C0QFh-000278-Hq from
127.0.0.1 (root@securemx1.domain.com) to domain.com is spam, Sp
amAssassin (score=21.705, required 6, autolearn=, BAYES_99 1.89,
CLICK_BELOW_CAPS 0.11, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63,
 FORGED_YAHOO_RCVD 2.70, HTML_IMAGE_ONLY_16 1.05, HTML_IMAGE_RATIO_06 0.13,
HTML_MESSAGE 0.00, HTML_TEXT_AFTER_BODY 0.06, HTML_TEXT_AFTER_
HTML 0.03, HTTP_ESCAPED_HOST 0.48, HTTP_EXCESSIVE_ESCAPES 0.15, MIME_HTML_ONLY
0.18, RATWARE_RCVD_LC_ESMTP 2.08, RCVD_AM_PM 1.93, RCVD_HEL
O_IP_MISMATCH 2.18, RCVD_NUMERIC_HELO 1.25, REMOVE_PAGE 0.19, TRACKER_ID 0.56,
WITH_LC_SMTP 2.20)

Any suggestions?
Thanks.

Kind Regards,
David Jacobson

This is Perl version 5.008003
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.35    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.122   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.07    POSIX
1.76    Socket
0.04    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
3.000000        Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From William.Burns at AEROFLEX.COM  Sat Aug 28 00:09:05 2004
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:26:40 2006
Subject: Custom Warning Messages
Message-ID: <mailman.1179.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Is there a way to (how would I) put in a different warning message for
certain banned file types.

I've got users sitting behind a mailscanner gateway, and they say that
(today) a virus is getting through that includes some active-x HTML
stuff, and a ".GIF" attachment. At their request I am blocking all
".GIF" file attachments until they can get their desktop antivirus
signatures up to date.
It'd be nice to change the warning that replaces the ".GIF" files w/
something that explains that this is a temporary measure, which will
only be in place until such-and-such date.

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jakes at LEET.ORG  Sat Aug 28 00:21:17 2004
From: jakes at LEET.ORG (David Jacobson)
Date: Thu Jan 12 21:26:40 2006
Subject: possible bug in MailScanner 4.32.5 in debug mode with bitdefender
Message-ID: <mailman.1180.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi All,

MS 4.32.5
Bitdefender: 7.0

Just want to confirm if anyone else can reproduce this :

When using

Virus Scanners = bitdefender clamav
Debug = yes

I get the following:

/usr/lib/MailScanner/bitdefender-wrapper: line 52: 17512 Segmentation fault
   ${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1
cat: /tmp/log.bdc.17511: No such file or directory
rm: cannot remove `/tmp/log.bdc.17511': No such file or directory
Stopping now as you are debugging me.
                                                           [  OK  ]

It seems to work perfectly without debug mode enabled.

Kind regards,

David Jacobson

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sat Aug 28 01:06:20 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:40 2006
Subject: Custom Warning Messages
Message-ID: <mailman.1181.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
William Burns wrote:
> Is there a way to (how would I) put in a different warning message for
> certain banned file types.

You can write whatever you want in filename.rules.conf. The last field
is the one that is printed in the user report. Something like this:

deny    \.gif$          GIF picture file
                         GIF picture files are temporarily blocked due
to virus risk

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Sat Aug 28 07:30:54 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:40 2006
Subject: Custom Warning Messages
Message-ID: <mailman.1182.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
And don't hijack threads! ;)

Peter Bonivart wrote:
> William Burns wrote:
>
>> Is there a way to (how would I) put in a different warning message for
>> certain banned file types.
>
>
> You can write whatever you want in filename.rules.conf. The last field
> is the one that is printed in the user report. Something like this:
>
> deny    \.gif$          GIF picture file
>                         GIF picture files are temporarily blocked due
> to virus risk
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Sat Aug 28 08:53:51 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:40 2006
Subject: Mailscanner doesn't add charset when adding signature
Message-ID: <mailman.1183.1137101200.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailscanner@ECS.SOTON.AC.UK> wrote:
>
> So when I sign a clean message, I need to add
>
> MIME-Version: 1.0
> Content-type: text/plain; charset=<whatever_MS_conf_says>
>
> to the headers in the message if they aren't already both there?

I think you are right here.

> What other situations do I need to do this in?

I believe that whenever you add a MIME-Version, you need to have the charset
too.
>
> I've not actually experienced this problem myself, so I am going
> completely on what you tell me. Please be sure to explain it to me
> precisely, don't assume anything.
> Exactly what situations require this change?

I've only experienced the problem with signing plain text messages.

The other option is NOT to add the MIME-header when the message is only
plain text.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 11:38:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: new header in e-mails from postmaster?
Message-ID: <mailman.1184.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:06 27/08/2004, you wrote:
>Julian Field wrote:
>>Okay, I misunderstood where you needed the character set. I thought you
>>meant notices apparently coming *from* the postmaster, not the "notices to"
>>messages.
>>Try the attached patch instead of the previous one.
>Now it works just fine.
>Thank you very much :)

Great.


>btw. what does the previous patch do?

When it signs a message, it will add the content-type header is there was
no content-type or MIME-Version header. That shouldn't do any harm, so I
will leave it in I think.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 12:33:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1185.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released version 4.33.1.
This is the basis for the next stable release due on 1st September, and I
would appreciate feedback on it. Hopefully everything is okay, but let me
know what you think.

Download it as usual from
        www.mailscanner.info

Note there is a new version of Archive::Zip so you should ensure you run
the whole install.sh script.


The ChangeLog is this:

* New Features and Improvements *
- When converting an HTML message to plain text, HTML comments are removed.
- Now prints more realistic Perl version with -v, and includes Net::DNS.
- Custom Functions can now take parameters. These are passed to the Init
   and End functions corresponding to each Custom Function.
- Updated Czech translations.
- McAfee -autoupdate script improved to handle situation where McAfee upgrade
   was manually installed and previous installation was not removed first.
- Added all the MCP settings to the shipped MailScanner.conf file.
- Added support for the "Symantec Scan Engine" scanner.
- Non-RPM installer never opts for RPM install.
- Upgraded Archive::Zip to 1.13.
- Improved "MailScanner -v" output so it gives kernel and OS release
   information if it can find any. Also now logs version of MIME::Base64.
- Added setting to SpamAssassin so that Version 3.0 will use fast non-NFS
   file locking, as most MailScanner users don't access Bayes across NFS.

* Fixes *
- AntiVir is now forced to run in English.
- RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
   now handled properly.
- Couple of minor fixes to ZMailer support.
- Added a space in the Postmaster report to improve formatting.
- Fixed bug in spam score number formatting.
- Now set the charset in messages that are "notices to".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 12:33:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1186.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released version 4.33.1.
This is the basis for the next stable release due on 1st September, and I
would appreciate feedback on it. Hopefully everything is okay, but let me
know what you think.

Download it as usual from
        www.mailscanner.info

Note there is a new version of Archive::Zip so you should ensure you run
the whole install.sh script.


The ChangeLog is this:

* New Features and Improvements *
- When converting an HTML message to plain text, HTML comments are removed.
- Now prints more realistic Perl version with -v, and includes Net::DNS.
- Custom Functions can now take parameters. These are passed to the Init
   and End functions corresponding to each Custom Function.
- Updated Czech translations.
- McAfee -autoupdate script improved to handle situation where McAfee upgrade
   was manually installed and previous installation was not removed first.
- Added all the MCP settings to the shipped MailScanner.conf file.
- Added support for the "Symantec Scan Engine" scanner.
- Non-RPM installer never opts for RPM install.
- Upgraded Archive::Zip to 1.13.
- Improved "MailScanner -v" output so it gives kernel and OS release
   information if it can find any. Also now logs version of MIME::Base64.
- Added setting to SpamAssassin so that Version 3.0 will use fast non-NFS
   file locking, as most MailScanner users don't access Bayes across NFS.

* Fixes *
- AntiVir is now forced to run in English.
- RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
   now handled properly.
- Couple of minor fixes to ZMailer support.
- Added a space in the Postmaster report to improve formatting.
- Fixed bug in spam score number formatting.
- Now set the charset in messages that are "notices to".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sat Aug 28 12:51:02 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1187.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

> * Fixes *
> - AntiVir is now forced to run in English.
> - RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
>    now handled properly.
> - Couple of minor fixes to ZMailer support.
> - Added a space in the Postmaster report to improve formatting.
> - Fixed bug in spam score number formatting.
> - Now set the charset in messages that are "notices to".

Testing this on FC1 with SA3-RC1, and see:

Aug 28 13:48:18 vmx03 MailScanner[26702]: Message 1C11f3-0006t8-S9 from
222.1.145.125 (ymsykyb@hotmail.com) to xxx.com is spam, SpamAssassin
(score=43.813, required 5.5, autolearn=, BAYES_99 1.89, BIZ_TLD 2.29,
DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_HOTMAIL_RCVD2 1.18,
FORGED_MUA_AOL_FROM 1.52, HTML_80_90 0.15, HTML_IMAGE_ONLY_12 2.94,
HTML_MESSAGE 0.00, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18,
MIME_HTML_ONLY_MULTI 2.44, MISSING_MIMEOLE 0.01, MPART_ALT_DIFF 0.07,
MSGID_SPAM_CAPS 3.79, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51,
RCVD_BY_IP 0.07, RCVD_DOUBLE_IP_SPAM 4.10, RCVD_IN_NJABL_DUL 0.09,
RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21,
URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 4.26)

The autolearn= stuff still isnt solved i think.

Some get autolearn=spam, others get autolearn=

Any idea's ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Aug 28 13:02:52 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1188.1137101200.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-08-28 at 13:51 +0200, Raymond Dijkxhoorn wrote:
> Aug 28 13:48:18 vmx03 MailScanner[26702]: Message 1C11f3-0006t8-S9 from
> 222.1.145.125 (ymsykyb@hotmail.com) to xxx.com is spam, SpamAssassin
> (score=43.813, required 5.5, autolearn=, BAYES_99 1.89, BIZ_TLD 2.29,
> DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_HOTMAIL_RCVD2 1.18,
> FORGED_MUA_AOL_FROM 1.52, HTML_80_90 0.15, HTML_IMAGE_ONLY_12 2.94,
> HTML_MESSAGE 0.00, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18,
> MIME_HTML_ONLY_MULTI 2.44, MISSING_MIMEOLE 0.01, MPART_ALT_DIFF 0.07,
> MSGID_SPAM_CAPS 3.79, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51,
> RCVD_BY_IP 0.07, RCVD_DOUBLE_IP_SPAM 4.10, RCVD_IN_NJABL_DUL 0.09,
> RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21,
> URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 4.26)
>
> The autolearn= stuff still isnt solved i think.
>
> Some get autolearn=spam, others get autolearn=
>
There's an RC-2 of SA available now, which may address some of the
issues.
http://spamassassin.apache.org/downloads.html

Personally I've decided against using SA v3 until it is released.
--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sat Aug 28 13:34:51 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1189.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi!

> > The autolearn= stuff still isnt solved i think.
> > Some get autolearn=spam, others get autolearn=

> There's an RC-2 of SA available now, which may address some of the
> issues.
> http://spamassassin.apache.org/downloads.html
>
> Personally I've decided against using SA v3 until it is released.

Hey nice, will try that right away.

I also mailed Julian offlist, i saw a large peak in CPU when i upgraded to
the last beta, moved back to last stabil now and all seems just fine.

Will upgrade SA to rc2 now, thanks for the notice.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sat Aug 28 13:56:58 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1190.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi!

> There's an RC-2 of SA available now, which may address some of the
> issues. http://spamassassin.apache.org/downloads.html

Just a short one, RC2 seems to have fixed the autolearn= issue, dont see
them on my test server anymore.

Thanks Michele for the heads up.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Aug 28 14:00:16 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1191.1137101200.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-08-28 at 14:56 +0200, Raymond Dijkxhoorn wrote:

> Just a short one, RC2 seems to have fixed the autolearn= issue, dont see
> them on my test server anymore.
>
> Thanks Michele for the heads up.

Glad I could be of help :)

--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 15:07:07 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1192.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:34 28/08/2004, you wrote:
>I also mailed Julian offlist, i saw a large peak in CPU when i upgraded to
>the last beta, moved back to last stabil now and all seems just fine.

Anyone else seeing the same problem? If so, does SA 2.6x versus SA 3 make a
difference?

I have added the
         lock_method flock
line to the spam.assassin.prefs.conf which should speed up bayes locking in
SA 3.

Other than that, there really aren't any changes from the previous version
in code that is executed a lot, so I can't see what's happening.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sat Aug 28 15:25:24 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1193.1137101200.24926.mailscanner@lists.mailscanner.info>

Hi!

> >I also mailed Julian offlist, i saw a large peak in CPU when i upgraded to
> >the last beta, moved back to last stabil now and all seems just fine.
>
> Anyone else seeing the same problem? If so, does SA 2.6x versus SA 3 make a
> difference?
>
> I have added the
>          lock_method flock
> line to the spam.assassin.prefs.conf which should speed up bayes locking in
> SA 3.
>
> Other than that, there really aren't any changes from the previous version
> in code that is executed a lot, so I can't see what's happening.

I also noticed that even when i have the MCP Checks = no i get log entry's
like:

Aug 28 13:46:23 vmx03 MailScanner[26483]: MCP Checks: Starting
Aug 28 13:46:28 vmx03 MailScanner[26478]: MCP Checks: Starting

Is that ment to be ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 15:40:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:40 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1194.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:25 28/08/2004, you wrote:
>Hi!
>
> > >I also mailed Julian offlist, i saw a large peak in CPU when i upgraded to
> > >the last beta, moved back to last stabil now and all seems just fine.
> >
> > Anyone else seeing the same problem? If so, does SA 2.6x versus SA 3 make a
> > difference?
> >
> > I have added the
> >          lock_method flock
> > line to the spam.assassin.prefs.conf which should speed up bayes locking in
> > SA 3.
> >
> > Other than that, there really aren't any changes from the previous version
> > in code that is executed a lot, so I can't see what's happening.
>
>I also noticed that even when i have the MCP Checks = no i get log entry's
>like:
>
>Aug 28 13:46:23 vmx03 MailScanner[26483]: MCP Checks: Starting
>Aug 28 13:46:28 vmx03 MailScanner[26478]: MCP Checks: Starting

Yes, that's normal. All it is doing is logging where the MCP checks would
start. As you might be doing MCP checks on some messages and not on others,
it's not trivial to work out if MCP checks are happening at all.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 15:51:17 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1195.1137101200.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:40 28/08/2004, you wrote:
>At 15:25 28/08/2004, you wrote:
>>Hi!
>>
>> > >I also mailed Julian offlist, i saw a large peak in CPU when i
>> upgraded to
>> > >the last beta, moved back to last stabil now and all seems just fine.
>> >
>> > Anyone else seeing the same problem? If so, does SA 2.6x versus SA 3
>> make a
>> > difference?
>> >
>> > I have added the
>> >          lock_method flock
>> > line to the spam.assassin.prefs.conf which should speed up bayes
>> locking in
>> > SA 3.
>> >
>> > Other than that, there really aren't any changes from the previous version
>> > in code that is executed a lot, so I can't see what's happening.
>>
>>I also noticed that even when i have the MCP Checks = no i get log entry's
>>like:
>>
>>Aug 28 13:46:23 vmx03 MailScanner[26483]: MCP Checks: Starting
>>Aug 28 13:46:28 vmx03 MailScanner[26478]: MCP Checks: Starting
>
>Yes, that's normal. All it is doing is logging where the MCP checks would
>start. As you might be doing MCP checks on some messages and not on others,
>it's not trivial to work out if MCP checks are happening at all.

Set
Log MCP = no
and it will disappear. I'll change the default to that.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pz at CHRIST-NET.SK  Sat Aug 28 15:58:40 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1196.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Beta release dont work. Only alltime starting and starting and starting
(and scanning but not deliver)

Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sat Aug 28 16:05:01 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1197.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi Peter,

> Beta release dont work. Only alltime starting and starting and starting
> (and scanning but not deliver)

What does your maillog say ? Could you paste a little here ?

Seems you have the same problems as i have been seeing, what mailer are
you using ? What lock type ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Sat Aug 28 16:08:21 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1198.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Aug 28 16:29:09 cn02 MailScanner[26015]: MailScanner E-Mail Virus
Scanner version 4.33.1 starting...
Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI 3.84 (engine 2.20)
recognizing 93121 viruses
Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI using 116 IDE files
Aug 28 16:29:13 cn02 MailScanner[26015]: Using locktype = flock
Aug 28 16:29:13 cn02 MailScanner[26015]: New Batch: Scanning 17
messages, 544734 bytes
Aug 28 16:29:13 cn02 MailScanner[26015]: MCP Checks: Starting
Aug 28 16:29:13 cn02 MailScanner[26015]: Spam Checks: Starting
Aug 28 16:29:15 cn02 MailScanner[26015]: Message 3787A42BF4 from
130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
Aug 28 16:29:17 cn02 MailScanner[26015]: Message 9D4EA42BE7 from
130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
Aug 28 16:29:17 cn02 MailScanner[26015]: RBL checks: B60B342BED found
in spamcop.net
Aug 28 16:29:17 cn02 MailScanner[26015]: Message B60B342BED from
195.146.132.54 () to skmail.sk,mail.q7.sk is spam, spamcop.net
Aug 28 16:29:19 cn02 MailScanner[26015]: Message 85A7442BE4 from
212.89.236.101 (kmutlbi@hotmail.com) to q7.sk,mail.q7.sk is spam,
SpamAssassin (skore=8.901, vyzaduje 7.3, DOMAIN_RATIO 1.36,
FORGED_HOTMAIL_RCVD2 1.08, HTML_FONT_INVISIBLE 0.07,
HTML_FONT_LOW_CONTRAST 0.95, HTML_IMAGE_ONLY_08 1.97, HTML_MESSAGE
0.00, INFO_TLD 0.48, MIME_HTML_ONLY 1.16, RCVD_IN_BL_SPAMCOP_NET 1.83)



On 28.8.2004, at 17:05, Raymond Dijkxhoorn wrote:

> Hi Peter,
>
>> Beta release dont work. Only alltime starting and starting and
>> starting
>> (and scanning but not deliver)
>
> What does your maillog say ? Could you paste a little here ?
>
> Seems you have the same problems as i have been seeing, what mailer are
> you using ? What lock type ?
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>


__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pz at CHRIST-NET.SK  Sat Aug 28 16:08:52 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1199.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Aug 28 16:29:09 cn02 MailScanner[26015]: MailScanner E-Mail Virus
Scanner version 4.33.1 starting...
Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI 3.84 (engine 2.20)
recognizing 93121 viruses
Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI using 116 IDE files
Aug 28 16:29:13 cn02 MailScanner[26015]: Using locktype = flock
Aug 28 16:29:13 cn02 MailScanner[26015]: New Batch: Scanning 17
messages, 544734 bytes
Aug 28 16:29:13 cn02 MailScanner[26015]: MCP Checks: Starting
Aug 28 16:29:13 cn02 MailScanner[26015]: Spam Checks: Starting
Aug 28 16:29:15 cn02 MailScanner[26015]: Message 3787A42BF4 from
130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
Aug 28 16:29:17 cn02 MailScanner[26015]: Message 9D4EA42BE7 from
130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
Aug 28 16:29:17 cn02 MailScanner[26015]: RBL checks: B60B342BED found
in spamcop.net
Aug 28 16:29:17 cn02 MailScanner[26015]: Message B60B342BED from
195.146.132.54 () to skmail.sk,mail.q7.sk is spam, spamcop.net
Aug 28 16:29:19 cn02 MailScanner[26015]: Message 85A7442BE4 from
212.89.236.101 (kmutlbi@hotmail.com) to q7.sk,mail.q7.sk is spam,
SpamAssassin (skore=8.901, vyzaduje 7.3, DOMAIN_RATIO 1.36,
FORGED_HOTMAIL_RCVD2 1.08, HTML_FONT_INVISIBLE 0.07,
HTML_FONT_LOW_CONTRAST 0.95, HTML_IMAGE_ONLY_08 1.97, HTML_MESSAGE
0.00, INFO_TLD 0.48, MIME_HTML_ONLY 1.16, RCVD_IN_BL_SPAMCOP_NET 1.83)

Mailer Postfix.

On 28.8.2004, at 17:05, Raymond Dijkxhoorn wrote:

> Hi Peter,
>
>> Beta release dont work. Only alltime starting and starting and
>> starting
>> (and scanning but not deliver)
>
> What does your maillog say ? Could you paste a little here ?
>
> Seems you have the same problems as i have been seeing, what mailer are
> you using ? What lock type ?
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>


__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 16:20:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1200.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
That appears quite normal to me. It has picked up a batch of 17 messages
and has started spam-scanning them.

At 16:08 28/08/2004, you wrote:
>Aug 28 16:29:09 cn02 MailScanner[26015]: MailScanner E-Mail Virus
>Scanner version 4.33.1 starting...
>Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI 3.84 (engine 2.20)
>recognizing 93121 viruses
>Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI using 116 IDE files
>Aug 28 16:29:13 cn02 MailScanner[26015]: Using locktype = flock
>Aug 28 16:29:13 cn02 MailScanner[26015]: New Batch: Scanning 17
>messages, 544734 bytes
>Aug 28 16:29:13 cn02 MailScanner[26015]: MCP Checks: Starting
>Aug 28 16:29:13 cn02 MailScanner[26015]: Spam Checks: Starting
>Aug 28 16:29:15 cn02 MailScanner[26015]: Message 3787A42BF4 from
>130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>Aug 28 16:29:17 cn02 MailScanner[26015]: Message 9D4EA42BE7 from
>130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>Aug 28 16:29:17 cn02 MailScanner[26015]: RBL checks: B60B342BED found
>in spamcop.net
>Aug 28 16:29:17 cn02 MailScanner[26015]: Message B60B342BED from
>195.146.132.54 () to skmail.sk,mail.q7.sk is spam, spamcop.net
>Aug 28 16:29:19 cn02 MailScanner[26015]: Message 85A7442BE4 from
>212.89.236.101 (kmutlbi@hotmail.com) to q7.sk,mail.q7.sk is spam,
>SpamAssassin (skore=8.901, vyzaduje 7.3, DOMAIN_RATIO 1.36,
>FORGED_HOTMAIL_RCVD2 1.08, HTML_FONT_INVISIBLE 0.07,
>HTML_FONT_LOW_CONTRAST 0.95, HTML_IMAGE_ONLY_08 1.97, HTML_MESSAGE
>0.00, INFO_TLD 0.48, MIME_HTML_ONLY 1.16, RCVD_IN_BL_SPAMCOP_NET 1.83)
>
>Mailer Postfix.
>
>On 28.8.2004, at 17:05, Raymond Dijkxhoorn wrote:
>
>>Hi Peter,
>>
>>>Beta release dont work. Only alltime starting and starting and
>>>starting
>>>(and scanning but not deliver)
>>
>>What does your maillog say ? Could you paste a little here ?
>>
>>Seems you have the same problems as i have been seeing, what mailer are
>>you using ? What lock type ?
>>
>>Bye,
>>Raymond.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>
>__
>
>S pozdravom
>
>Peter Zimen
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jakes at LEET.ORG  Sat Aug 28 16:21:05 2004
From: jakes at LEET.ORG (David Jacobson)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1201.1137101201.24926.mailscanner@lists.mailscanner.info>

Hmm, is RC2 officially released?

I notice on the site they still only have the link pointing to
Current Pre-Release Development Version (3.0.0-rc1):

unless you explicitly view the tree in www.spamassassin.org/released/

It doesn't seem to fix the autolearn=, keyword here..

On Sat, 28 Aug 2004 14:56:58 +0200, Raymond Dijkxhoorn wrote
> Hi!
>
> > There's an RC-2 of SA available now, which may address some of the
> > issues. http://spamassassin.apache.org/downloads.html
>
> Just a short one, RC2 seems to have fixed the autolearn= issue, dont
> see them on my test server anymore.
>
> Thanks Michele for the heads up.
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


Kind regards,

David Jacobson

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Aug 28 16:25:36 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1202.1137101201.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-08-28 at 17:21 +0200, David Jacobson wrote:
> Hmm, is RC2 officially released?

Yes. It may not have made it to all the mirrors yet, but it was
announced sometime yesterday.

--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sat Aug 28 16:26:52 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1203.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi!

> Hmm, is RC2 officially released?

Yes.

> I notice on the site they still only have the link pointing to
> Current Pre-Release Development Version (3.0.0-rc1):

Not here, mentioning rc2 on the download page.

> It doesn't seem to fix the autolearn=, keyword here..

No, but working with Julian to get that fixed, the patch i applied seems
to work just fine. Most likely inside 4.33.2

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 16:32:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1204.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Okay, I've found it. What a cockup. I put a devel version of the main
MailScanner script into the CVS tree.
Excuse me while I take myself out the back and give myself a good kicking :-)

Edit /usr/sbin/MailScanner and remove line 517. It's the line immediately
after the call to $batch->Explode() and should not of course say "exit;".

Guess that is what beta releases are for :-)

At 16:05 28/08/2004, you wrote:
>Hi Peter,
>
> > Beta release dont work. Only alltime starting and starting and starting
> > (and scanning but not deliver)
>
>What does your maillog say ? Could you paste a little here ?
>
>Seems you have the same problems as i have been seeing, what mailer are
>you using ? What lock type ?
>
>Bye,
>Raymond.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sat Aug 28 16:34:58 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1205.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi!

> Okay, I've found it. What a cockup. I put a devel version of the main
> MailScanner script into the CVS tree.
> Excuse me while I take myself out the back and give myself a good kicking :-)
>
> Edit /usr/sbin/MailScanner and remove line 517. It's the line immediately
> after the call to $batch->Explode() and should not of course say "exit;".

Ohw well ;)

> Guess that is what beta releases are for :-)

Lets wait for a 4.33.2 then, then people can also test the autolearn=
stuff.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 16:43:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1206.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:34 28/08/2004, you wrote:
>Hi!
>
> > Okay, I've found it. What a cockup. I put a devel version of the main
> > MailScanner script into the CVS tree.
> > Excuse me while I take myself out the back and give myself a good
> kicking :-)
> >
> > Edit /usr/sbin/MailScanner and remove line 517. It's the line immediately
> > after the call to $batch->Explode() and should not of course say "exit;".
>
>Ohw well ;)
>
> > Guess that is what beta releases are for :-)
>
>Lets wait for a 4.33.2 then, then people can also test the autolearn=
>stuff.

It's already there.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sat Aug 28 17:02:38 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1207.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi!

> >Ohw well ;)

> > > Guess that is what beta releases are for :-)

> >Lets wait for a 4.33.2 then, then people can also test the autolearn=
> >stuff.
>
> It's already there.

Ok, installed, and running nicely. It even processes mail now ;)

Thanks,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Sat Aug 28 18:25:13 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1208.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
No, this process will repeat and not release to postfix...


On 28.8.2004, at 17:20, Julian Field wrote:

> That appears quite normal to me. It has picked up a batch of 17
> messages
> and has started spam-scanning them.
>
> At 16:08 28/08/2004, you wrote:
>> Aug 28 16:29:09 cn02 MailScanner[26015]: MailScanner E-Mail Virus
>> Scanner version 4.33.1 starting...
>> Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI 3.84 (engine 2.20)
>> recognizing 93121 viruses
>> Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI using 116 IDE
>> files
>> Aug 28 16:29:13 cn02 MailScanner[26015]: Using locktype = flock
>> Aug 28 16:29:13 cn02 MailScanner[26015]: New Batch: Scanning 17
>> messages, 544734 bytes
>> Aug 28 16:29:13 cn02 MailScanner[26015]: MCP Checks: Starting
>> Aug 28 16:29:13 cn02 MailScanner[26015]: Spam Checks: Starting
>> Aug 28 16:29:15 cn02 MailScanner[26015]: Message 3787A42BF4 from
>> 130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>> Aug 28 16:29:17 cn02 MailScanner[26015]: Message 9D4EA42BE7 from
>> 130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>> Aug 28 16:29:17 cn02 MailScanner[26015]: RBL checks: B60B342BED found
>> in spamcop.net
>> Aug 28 16:29:17 cn02 MailScanner[26015]: Message B60B342BED from
>> 195.146.132.54 () to skmail.sk,mail.q7.sk is spam, spamcop.net
>> Aug 28 16:29:19 cn02 MailScanner[26015]: Message 85A7442BE4 from
>> 212.89.236.101 (kmutlbi@hotmail.com) to q7.sk,mail.q7.sk is spam,
>> SpamAssassin (skore=8.901, vyzaduje 7.3, DOMAIN_RATIO 1.36,
>> FORGED_HOTMAIL_RCVD2 1.08, HTML_FONT_INVISIBLE 0.07,
>> HTML_FONT_LOW_CONTRAST 0.95, HTML_IMAGE_ONLY_08 1.97, HTML_MESSAGE
>> 0.00, INFO_TLD 0.48, MIME_HTML_ONLY 1.16, RCVD_IN_BL_SPAMCOP_NET 1.83)
>>
>> Mailer Postfix.
>>
>> On 28.8.2004, at 17:05, Raymond Dijkxhoorn wrote:
>>
>>> Hi Peter,
>>>
>>>> Beta release dont work. Only alltime starting and starting and
>>>> starting
>>>> (and scanning but not deliver)
>>>
>>> What does your maillog say ? Could you paste a little here ?
>>>
>>> Seems you have the same problems as i have been seeing, what mailer
>>> are
>>> you using ? What lock type ?
>>>
>>> Bye,
>>> Raymond.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>>
>> __
>>
>> S pozdravom
>>
>> Peter Zimen
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>


__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 19:15:26 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1209.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you tried 4.33.2?

At 18:25 28/08/2004, you wrote:
>No, this process will repeat and not release to postfix...
>
>
>On 28.8.2004, at 17:20, Julian Field wrote:
>
>>That appears quite normal to me. It has picked up a batch of 17
>>messages
>>and has started spam-scanning them.
>>
>>At 16:08 28/08/2004, you wrote:
>>>Aug 28 16:29:09 cn02 MailScanner[26015]: MailScanner E-Mail Virus
>>>Scanner version 4.33.1 starting...
>>>Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI 3.84 (engine 2.20)
>>>recognizing 93121 viruses
>>>Aug 28 16:29:11 cn02 MailScanner[26015]: SophosSAVI using 116 IDE
>>>files
>>>Aug 28 16:29:13 cn02 MailScanner[26015]: Using locktype = flock
>>>Aug 28 16:29:13 cn02 MailScanner[26015]: New Batch: Scanning 17
>>>messages, 544734 bytes
>>>Aug 28 16:29:13 cn02 MailScanner[26015]: MCP Checks: Starting
>>>Aug 28 16:29:13 cn02 MailScanner[26015]: Spam Checks: Starting
>>>Aug 28 16:29:15 cn02 MailScanner[26015]: Message 3787A42BF4 from
>>>130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>>>Aug 28 16:29:17 cn02 MailScanner[26015]: Message 9D4EA42BE7 from
>>>130.246.192.55 (owner-mailscanner@jiscmail.ac.uk) is whitelisted
>>>Aug 28 16:29:17 cn02 MailScanner[26015]: RBL checks: B60B342BED found
>>>in spamcop.net
>>>Aug 28 16:29:17 cn02 MailScanner[26015]: Message B60B342BED from
>>>195.146.132.54 () to skmail.sk,mail.q7.sk is spam, spamcop.net
>>>Aug 28 16:29:19 cn02 MailScanner[26015]: Message 85A7442BE4 from
>>>212.89.236.101 (kmutlbi@hotmail.com) to q7.sk,mail.q7.sk is spam,
>>>SpamAssassin (skore=8.901, vyzaduje 7.3, DOMAIN_RATIO 1.36,
>>>FORGED_HOTMAIL_RCVD2 1.08, HTML_FONT_INVISIBLE 0.07,
>>>HTML_FONT_LOW_CONTRAST 0.95, HTML_IMAGE_ONLY_08 1.97, HTML_MESSAGE
>>>0.00, INFO_TLD 0.48, MIME_HTML_ONLY 1.16, RCVD_IN_BL_SPAMCOP_NET 1.83)
>>>
>>>Mailer Postfix.
>>>
>>>On 28.8.2004, at 17:05, Raymond Dijkxhoorn wrote:
>>>
>>>>Hi Peter,
>>>>
>>>>>Beta release dont work. Only alltime starting and starting and
>>>>>starting
>>>>>(and scanning but not deliver)
>>>>
>>>>What does your maillog say ? Could you paste a little here ?
>>>>
>>>>Seems you have the same problems as i have been seeing, what mailer
>>>>are
>>>>you using ? What lock type ?
>>>>
>>>>Bye,
>>>>Raymond.
>>>>
>>>>------------------------ MailScanner list ------------------------
>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>>'leave mailscanner' in the body of the email.
>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>
>>>__
>>>
>>>S pozdravom
>>>
>>>Peter Zimen
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>
>__
>
>S pozdravom
>
>Peter Zimen
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gdoris at ROGERS.COM  Sat Aug 28 20:13:09 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:26:41 2006
Subject: MCP?
Message-ID: <mailman.1210.1137101201.24926.mailscanner@lists.mailscanner.info>

OK, I guess I'll have to fall in line and understand MCP.  Where's the
best place to read up on it?

--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Sat Aug 28 21:38:26 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1211.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Aug 28, 2004, at 4:33 AM, Julian Field wrote:
- Added setting to SpamAssassin so that Version 3.0 will use fast
non-NFS
>   file locking, as most MailScanner users don't access Bayes across
> NFS.

For those of us who are (actually, will, not doing it yet), is there a
simple and straight forward way (mentioned somewhere in the config
files) to go back to NFS file locking?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 22:02:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MCP?
Message-ID: <mailman.1212.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:13 28/08/2004, you wrote:
>OK, I guess I'll have to fall in line and understand MCP.  Where's the
>best place to read up on it?

www.sng.ecs.soton.ac.uk/mailscanner/install/mcp

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Aug 28 22:03:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1213.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:38 28/08/2004, you wrote:
>On Aug 28, 2004, at 4:33 AM, Julian Field wrote:
>- Added setting to SpamAssassin so that Version 3.0 will use fast
>non-NFS
>>   file locking, as most MailScanner users don't access Bayes across
>>NFS.
>
>For those of us who are (actually, will, not doing it yet), is there a
>simple and straight forward way (mentioned somewhere in the config
>files) to go back to NFS file locking?

Remove the last line of spam.assassin.prefs.conf

I did write a brief comment above the non-NFS locking setting.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pz at CHRIST-NET.SK  Sat Aug 28 22:22:39 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: New version 4.33.2-1
Message-ID: <mailman.1214.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes :) now it works fine :))



__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From idan at SECURENET.CO.IL  Sun Aug 29 13:48:37 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1215.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns0="urn:schemas-microsoft-com:office:smarttags">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        text-align:right;
        direction:rtl;
        unicode-bidi:embed;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1 dir=RTL>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Hello,<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>I
bumped into a strange behavior of my MailScanner</span></font> <font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>-4.32.5-1 and SA<a
name="Released_version_relversion"> 2.64</a>.<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>You
can see that the require score is 7 and the real score is less then 7 and anyway
the MR identified those mails as SPAM.<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><span dir=RTL></span><font size=2 face=Arial><span lang=HE dir=RTL
style='font-size:10.0pt;font-family:Arial'><span dir=RTL></span>(</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>score=0.484,
required 7, HTML_50_60 0.18, HTML_FONTCOLOR_BLUE 0.10, HTML_FONTCOLOR_RED 0.10,
HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00</span></font><span dir=RTL></span><font
size=2 face=Arial><span lang=HE dir=RTL style='font-size:10.0pt;font-family:
Arial'><span dir=RTL></span>)</span></font><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug
29 11:18:40 MailRelay MailScanner[5673]: Spam Checks: Found 1 spam messages<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Aug
29 11:18:41 MailRelay MailScanner[5673]: Spam Actions: message i7T8HJM0011842 actions
are spam@xxx.co.il,forward<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>X-yoursite-MailScanner-SpamCheck:
spam, SBL+XBL, SpamAssassin (score=6.482,required 7, HTML_90_100 1.07, HTML_IMAGE_ONLY_02<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span lang=HE dir=RTL style='font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;2.24,</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>HTML_MESSAGE
0.00, MIME_HTML_ONLY 0.10, RCVD_IN_BL_SPAMCOP_NET 2.25,RCVD_IN_SBL 0.81</span></font><span
dir=RTL></span><font size=2 face=Arial><span lang=HE dir=RTL style='font-size:
10.0pt;font-family:Arial'><span dir=RTL></span>)</span></font><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>X-yoursite-MailScanner-SpamScore:
6<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Anyone
have an idea ?<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Thanks
a lot.<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 14:01:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1216.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:48 29/08/2004, you wrote:
>Hello,
>
>I bumped into a strange behavior of my MailScanner -4.32.5-1 and SA 2.64.
>You can see that the require score is 7 and the real score is less then 7
>and anyway the MR identified those mails as SPAM.
>
>(score=0.484, required 7, HTML_50_60 0.18, HTML_FONTCOLOR_BLUE 0.10,
>HTML_FONTCOLOR_RED 0.10, HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00)
>Aug 29 11:18:40 MailRelay MailScanner[5673]: Spam Checks: Found 1 spam
>messages
>Aug 29 11:18:41 MailRelay MailScanner[5673]: Spam Actions: message
>i7T8HJM0011842 actions are spam@xxx.co.il,forward
>
>
>X-yoursite-MailScanner-SpamCheck: spam, SBL+XBL

It hit one of your "Spam List" blacklists, so was marked as spam. The
message will be marked as spam even if SpamAssassin doesn't think it was
spam, if it hits any of the "Spam List" blacklists.

>, SpamAssassin (score=6.482,required 7, HTML_90_100 1.07, HTML_IMAGE_ONLY_02
>              2.24,HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.10,
> RCVD_IN_BL_SPAMCOP_NET 2.25,RCVD_IN_SBL 0.81)
>X-yoursite-MailScanner-SpamScore: 6
>
>
>Anyone have an idea ?
>
>Thanks a lot.
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 29 14:16:55 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1217.1137101201.24926.mailscanner@lists.mailscanner.info>

> >Anyone have an idea ?
Don't block using SBL+XBL - you will get bitten.

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 14:37:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1218.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:16 29/08/2004, you wrote:
> > >Anyone have an idea ?
>Don't block using SBL+XBL - you will get bitten.

How often do you think it is a problem? I tag based on SBL+XBL and have
never had any complaints.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 29 14:50:46 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1219.1137101201.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-29 at 14:37 +0100, Julian Field wrote:
> At 14:16 29/08/2004, you wrote:
> > > >Anyone have an idea ?
> >Don't block using SBL+XBL - you will get bitten.
>
> How often do you think it is a problem? I tag based on SBL+XBL and have
> never had any complaints.

A LOT of Irish and UK ISP ranges get in there on a regular basis, so we
had to stop blocking on it a few months ago - digging emails out of
quarantines can get to be tedious - and now score based on it, which
gives much more accurate results.

We are primarily a hosting company, but also offer email filtering
services to 3rd parties. It is unlikely that a corporate IP range will
be listed, but as a large proportion of both our clients and our
clients' clients are not using fixed IPs we see a lot of issues with
Esat, Eircom and other ISPs.
>From our point of view one false positive is one too many.
The Spamhaus listing criteria is not at fault, blocking based on it is
unfortunately.
If you score based on XBL/SBL you will not see a drop in your success
rate, as no one rule is going to push an email over the limit (or keep
it under it)

M
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 15:01:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1220.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:50 29/08/2004, you wrote:
>On Sun, 2004-08-29 at 14:37 +0100, Julian Field wrote:
> > At 14:16 29/08/2004, you wrote:
> > > > >Anyone have an idea ?
> > >Don't block using SBL+XBL - you will get bitten.
> >
> > How often do you think it is a problem? I tag based on SBL+XBL and have
> > never had any complaints.
>
>A LOT of Irish and UK ISP ranges get in there on a regular basis, so we
>had to stop blocking on it a few months ago - digging emails out of
>quarantines can get to be tedious - and now score based on it, which
>gives much more accurate results.
>
>We are primarily a hosting company, but also offer email filtering
>services to 3rd parties. It is unlikely that a corporate IP range will
>be listed, but as a large proportion of both our clients and our
>clients' clients are not using fixed IPs we see a lot of issues with
>Esat, Eircom and other ISPs.
> >From our point of view one false positive is one too many.
>The Spamhaus listing criteria is not at fault, blocking based on it is
>unfortunately.
>If you score based on XBL/SBL you will not see a drop in your success
>rate, as no one rule is going to push an email over the limit (or keep
>it under it)

Fair enough. When I deploy SA3, I will consider making this change so that
we just score against it, rather than block on it.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Sun Aug 29 16:14:40 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1221.1137101201.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: Sunday, August 29, 2004 9:37 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: relay score less the the require and identified as spam
>
> At 14:16 29/08/2004, you wrote:
> > > >Anyone have an idea ?
> >Don't block using SBL+XBL - you will get bitten.
>
> How often do you think it is a problem? I tag based on SBL+XBL and have
> never had any complaints.
> --

Ditto at many of our sites. I have seen recent traffic which mentions that
the list has been catching some IP blocks that also have legitimate
addresses but I believe these have been  primarily in countries that our
clients do not receive legitimate email from, i.e. Brazil, Asia. At lest
we've never had a report of a FP because of these blocks.

My experience is that sites block on the sbl-xbl.spamhaus.org list
immediately see a +30% reduction in incoming email.

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Sun Aug 29 19:36:21 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:26:41 2006
Subject: X-MailScanner Spamscore
Message-ID: <mailman.1222.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please, may I setup MailScanner to automatically deleting mails with
header:

X-MailScanner-Spamscore: ssss


Thanks


__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 19:48:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: X-MailScanner Spamscore
Message-ID: <mailman.1223.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:36 29/08/2004, you wrote:
>Please, may I setup MailScanner to automatically deleting mails with
>header:
>
>X-MailScanner-Spamscore: ssss

Required SpamAssassin Score = 4
Spam Actions = delete

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Sun Aug 29 20:32:05 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1224.1137101201.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Sat, 28 Aug 2004 22:03:04 +0100:

> Remove the last line of spam.assassin.prefs.conf
> 
> I did write a brief comment above the non-NFS locking setting.
>

Not sure what to do now:

I set SA to use flock and I'm getting the occasional << No message 
collected >> thing. So, I searched the list and found the hint to set 
MailScanner to NOT use flock. So, if sendmail has no HASFLOCK, should I 
set *both* (MS and SA) to not use flock? I had the impression that only MS 
was interacting with sendmail, so I could use flock for SA.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Sun Aug 29 20:32:05 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:41 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1225.1137101201.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Sun, 29 Aug 2004 14:37:23 +0100:

> How often do you think it is a problem? I tag based on SBL+XBL and have
> never had any complaints.
>

We use SBL+XBL for blocking at MTA level. I've almost never seen problems 
with it. There must be something about the UK providers which makes them 
appear that often on the list ;-) When using RBLs I see that most problems 
come from lists which use spamtraps. F.i. SORBS puts such a list in their 
overall list. So each time someone manages to send a spam mail over an 
ISP's legitimate mail relay to that spamtrap that relay appears on the 
list. That results in a false positive rate of something like 0.001 % 
which can be a lot of messages if you get them by the millions.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 21:00:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1226.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:32 29/08/2004, you wrote:
>Julian Field wrote on         Sat, 28 Aug 2004 22:03:04 +0100:
>
> > Remove the last line of spam.assassin.prefs.conf
> >
> > I did write a brief comment above the non-NFS locking setting.
> >
>
>Not sure what to do now:
>
>I set SA to use flock and I'm getting the occasional << No message
>collected >> thing. So, I searched the list and found the hint to set
>MailScanner to NOT use flock. So, if sendmail has no HASFLOCK, should I
>set *both* (MS and SA) to not use flock? I had the impression that only MS
>was interacting with sendmail, so I could use flock for SA.

If sendmail is not using flock then set
Lock Type = posix
You can still use flock for SA, it is completely independent of the lock
method MS is using.

MS's locks are for locking messages in the queue.
SA's locks are for locking its shared databases (Bayes and auto-whitelist).
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From joakim at CEFALK.COM  Sun Aug 29 21:09:24 2004
From: joakim at CEFALK.COM (Joakim Cefalk)
Date: Thu Jan 12 21:26:41 2006
Subject: Test of mailscanner
Message-ID: <mailman.1227.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

I have run the test on http://www.testvirus.org and
http://www.declude.com/Articles.asp?ID=99 and a couple of the mail is
not stopped by the mailscanner. Is this a bug or have i not installed
mailscanner right?

Joakim

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 29 21:29:29 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: Test of mailscanner
Message-ID: <mailman.1228.1137101201.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-08-29 at 22:09 +0200, Joakim Cefalk wrote:
> Hi!
>
> I have run the test on http://www.testvirus.org and
> http://www.declude.com/Articles.asp?ID=99 and a couple of the mail is
> not stopped by the mailscanner. Is this a bug or have i not installed
> mailscanner right?
It would help if you could be more specific. What is getting through??
What is your setup?
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Aug 29 21:39:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: Test of mailscanner
Message-ID: <mailman.1229.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:09 29/08/2004, you wrote:
>Hi!
>
>I have run the test on http://www.testvirus.org and
>http://www.declude.com/Articles.asp?ID=99 and a couple of the mail is
>not stopped by the mailscanner. Is this a bug or have i not installed
>mailscanner right?

Three pieces of information:

One of the tests at testvirus.org is very artificial (in fact several of
them are) and relies on a horrifically broken message.
Don't think for a minute that testvirus.org is run by some well-meaning
individual. It is owned and run by Excedent (see www.excedent.com) who,
funnily enough, sell their own anti-virus email system. So this whole site
is engineered to make them look good and everyone else look bad. Check the
whois record at www.whois.org if you want to check for yourself.
The next version of MIME-tools, which is due out in the next month or two,
aims to pass these artificial tests.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From steve.swaney at FSL.COM  Sun Aug 29 21:40:09 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:26:41 2006
Subject: Test of mailscanner
Message-ID: <mailman.1230.1137101201.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Joakim Cefalk
> Sent: Sunday, August 29, 2004 4:09 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Test of mailscanner
>
> Hi!
>
> I have run the test on http://www.testvirus.org and
> http://www.declude.com/Articles.asp?ID=99 and a couple of the mail is
> not stopped by the mailscanner. Is this a bug or have i not installed
> mailscanner right?
>

Please check the list archives;

http://www.jiscmail.ac.uk/lists/mailscanner.html

Search for testvirus.org. This question pops up about once a month

Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com

> Joakim
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From joakim at CEFALK.COM  Sun Aug 29 21:44:39 2004
From: joakim at CEFALK.COM (Joakim Cefalk)
Date: Thu Jan 12 21:26:41 2006
Subject: Test of mailscanner
Message-ID: <mailman.1231.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks for the answer.
I use F-prot antivirus and thats the problem, it dosent find the virus.
I also have antivir installed and that catch the virus, now i scan my
mails with F-prot and antivir, and it works perfectly.

Joakim



Julian Field wrote:

> At 21:09 29/08/2004, you wrote:
>
>> Hi!
>>
>> I have run the test on http://www.testvirus.org and
>> http://www.declude.com/Articles.asp?ID=99 and a couple of the mail is
>> not stopped by the mailscanner. Is this a bug or have i not installed
>> mailscanner right?
>
>
> Three pieces of information:
>
> One of the tests at testvirus.org is very artificial (in fact several of
> them are) and relies on a horrifically broken message.
> Don't think for a minute that testvirus.org is run by some well-meaning
> individual. It is owned and run by Excedent (see www.excedent.com) who,
> funnily enough, sell their own anti-virus email system. So this whole
> site
> is engineered to make them look good and everyone else look bad. Check
> the
> whois record at www.whois.org if you want to check for yourself.
> The next version of MIME-tools, which is due out in the next month or
> two,
> aims to pass these artificial tests.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From idan at SECURENET.CO.IL  Sun Aug 29 22:12:03 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:41 2006
Subject: i want to understand something please
Message-ID: <mailman.1232.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns0="urn:schemas-microsoft-com:office:smarttags">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        text-align:right;
        direction:rtl;
        unicode-bidi:embed;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1 dir=RTL>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Hello,<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>1.
If I configure in my MailScanner.conf:<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Using
SA = yes <o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>And
I configure score = 7<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>And
in the local.cf I configure:<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>required_hits&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
7.5<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>what
is count between them?<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>2. I saw
some people copy the SA rules to /etc/mail/spamassassin and some not, they just
using the original rules in /usr/shard/spamassassin<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>What is
the different between those two locations ?<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>And what
really count ?<o:p></o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal dir=LTR style='text-align:left;direction:ltr;unicode-bidi:
embed'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Thanks
a lot. &nbsp;<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Aug 29 22:32:15 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: i want to understand something please
Message-ID: <mailman.1233.1137101201.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-08-30 at 00:12 +0300, Idan Plotnik wrote:

> 1. If I configure in my MailScanner.conf:
>
> Using SA = yes
>
> And I configure score = 7
>
> And in the local.cf I configure:
>
> required_hits           7.5
>
>
>
> what is count between them?
The score you set in MailScanner.donf is the one that matters
>
> 2. I saw some people copy the SA rules to /etc/mail/spamassassin and
> some not, they just using the original rules
> in /usr/shard/spamassassin
>
> What is the different between those two locations ?
>
> And what really count ?
Have a look through the archives for discussion of SA rules. They have
been discussed at length and in detail

Would you also please stop posting HTML emails to the list.

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Mon Aug 30 00:31:23 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:41 2006
Subject: MailScanner beta release 4.33.1
Message-ID: <mailman.1234.1137101201.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Sun, 29 Aug 2004 21:00:51 +0100:

> If sendmail is not using flock then set
> Lock Type = posix
> You can still use flock for SA, it is completely independent of the lock
> method MS is using.
>

That's what I originally thought, thanks!


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pete at EATATHOME.COM.AU  Mon Aug 30 02:25:34 2004
From: pete at EATATHOME.COM.AU (Pete)
Date: Thu Jan 12 21:26:41 2006
Subject: Postfix questions (OT)
Message-ID: <mailman.1235.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sadly our company has been given away and we are moving from Notes to
Exchange (no thats not a typo, TO exchange). They also have a CA anti
spam solution, hehe one which they must custom write from scratch a
complete set of spam ID rules, stupid stuff. Anyway my job is to provide
instructions on how to perform the migration - one of the tasks i need
to do is forward the email of users from sanedomain.com to insanedomain.com.

I have lobbied, almost successfully, to allow me to put our mailscanner
server in front of the CA server and let CA clean anything MS doesnt
catch - should be a good test and will hopefully show what a great
solution MS has been for th cost of a machine vs the $$$$ of the ca off
the shelf product.

Question:
I can work out how to get postfix to forward, but does anyone know if i
can get postfix to forward, AND to respond to the sender with some thing
like "$recipientname@sanedomain.com email addressed has changed, please
update your address book using the following address
$recipientname@insanedomain.com "

I know i can use the relocated_maps feature but this seems to reject
only? I need to forward and bounce.

Thanks in advance
Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Mon Aug 30 08:16:50 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: spam oneliners
Message-ID: <mailman.1236.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi!

> we are getting flooded with one line spam e-mails.
>
> the text in the body is always something offtopic like:
> http://uhcaoh.MUNGED-bbcefln.info/?NujAPBhLRRoK6Nhwddbfw
> cid:part1.06020902.07090004@wbgvncslsqmhk@yahoo.com
> Books Kid Rock Loft Story children are
> BACK TO learned of
>
> but the actual spam is in the gif file attached to it.
>
> Is anyone else seeing this, how can I stop it?
>
> I am using MailScanner, rules_du_jour (with every available list), DCC and
> SpamAss 2.63

Its listed in at least a couple of SURBL's, so if you start using that you
most likely wont see those againb...

bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From david.hooton at gmail.com  Mon Aug 30 08:53:54 2004
From: david.hooton at gmail.com (David Hooton)
Date: Thu Jan 12 21:26:41 2006
Subject: Postfix questions (OT)
Message-ID: <mailman.1237.1137101201.24926.mailscanner@lists.mailscanner.info>

On Mon, 30 Aug 2004 11:25:34 +1000, Pete <pete@eatathome.com.au> wrote:
> Question:
> I can work out how to get postfix to forward, but does anyone know if i
> can get postfix to forward, AND to respond to the sender with some thing
> like "$recipientname@sanedomain.com email addressed has changed, please
> update your address book using the following address
> $recipientname@insanedomain.com "

How about using vacation and a .forward?

We do this for sales emails etc it works nicely.

--
Regards,

David Hooton

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rhl-list at BRANTS.COM  Mon Aug 30 09:27:22 2004
From: rhl-list at BRANTS.COM (Frank C. Brants)
Date: Thu Jan 12 21:26:41 2006
Subject: OT: Getting SpamAssassin's MySQL database created - RHEL V 3.0
Message-ID: <mailman.1238.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please accept my apologies for this OT post...

I've searched high & low (for hours now) and I'm getting a more than a
little frazzed over what is surely a trivial issue.

I've never used MySQL before, but I would like to use it for Bayes and AWL
data, so DB Admins, please cover your eyes...

I'm running a fresh install of RHEL V. 3.0 with the following MySQL bits
installed...

[root@scan sql]# rpm -qa | grep -i mysql
php-mysql-4.3.2-11.ent
mysql-bench-3.23.58-1
mod_auth_mysql-20030510-1.ent
MySQL-python-0.9.1-6
perl-DBD-MySQL-2.1021-3
libdbi-dbd-mysql-0.6.5-5
qt-MySQL-3.1.2-13
mysql-server-3.23.58-1
mysql-3.23.58-1
mysql-devel-3.23.58-1

I'm following the Mail-SpamAssassin-3.0.0/sql/README...

"Creating A Database
-------------------

Here's the command to create a MySQL database, and user/password pair to access
it:

mysql -h <hostname> -u <adminusername> -p
Enter password: <adminpassword>
mysql> use mysql;
mysql> insert into user (Host, User, Password)
values('localhost','<username>', password('<pass
word>'));
mysql> insert into db (Host, Db, User, Select_priv)
values('localhost','<databasename>','<usern
ame>','Y');
mysql> create database <databasename>;
mysql> quit

NOTE: If you intend to use this database for Bayes and/or AWL data you
may need to grant additional privs (ie Insert_priv, Update_priv and
Delete_priv).  Please refer to the MySQL documentation for the proper
method of adding these privs.

...but when I try it...

[root@scan sql]# mysql -v -v -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 23 to server version: 3.23.58

Reading history-file /root/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> insert into user (Host, User, Password)
values('localhost','My_Real_Username',' password('My_Real_Password'));
     '> insert into db (Host, Db, User, Select_priv, Insert_priv,
Update_priv, Delete_priv)
values('localhost','spamassassin','spam','Y','Y','Y','Y');
     '> create database spamassassin;
     '> quit;
     '>
     '> quit;
(At this point, any additional commands (go;, ego;, \g; \G;) just give me a
new > line - all I can do is <CTRL> C to get out, which gives me...)
     '> Writing history-file /root/.mysql_history
Aborted
[root@scan sql]#

I know I'm close, I just can figure out what I'm doing wrong.

Anybody care to shed some light, I'm flying blind :)

Thanks!!

Franko

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Mon Aug 30 09:32:05 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:41 2006
Subject: No scores/reports in stored messages?
Message-ID: <mailman.1239.1137101201.24926.mailscanner@lists.mailscanner.info>

It seems there are no SA scores, reports, headers added to stored 
(quarantined) messages. Is this correct? The messages look like they were 
not touched at all. I looked in the documentation, MAQ, FAQ, it's not 
mentioned anywhere it seems.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris at SCORPION.NL  Mon Aug 30 09:50:15 2004
From: chris at SCORPION.NL (Christiaan den Besten)
Date: Thu Jan 12 21:26:41 2006
Subject: Getting SpamAssassin's MySQL database created - RHEL V 3.0
Message-ID: <mailman.1240.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> mysql> insert into user (Host, User, Password)
> values('localhost','<username>', password('<pass word>'));

that's ok.

> mysql> insert into user (Host, User, Password)
> values('localhost','My_Real_Username',' password('My_Real_Password'));

Skip the ' in front of the word password, this is messing it up. FYI: You
might also want to install "phpmyadmin", this will let you do this stuff
(and more) web-based.

bye,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From p.g.b.kruit at PL.HANZE.NL  Mon Aug 30 10:24:09 2004
From: p.g.b.kruit at PL.HANZE.NL (Peter Kruit)
Date: Thu Jan 12 21:26:41 2006
Subject: Spam thru secondary MX
Message-ID: <mailman.1241.1137101201.24926.mailscanner@lists.mailscanner.info>

Hello,

I've been running MailScanner/SpamAssassin and RBL checks in sendmail for 6
months now and the amount of spam has gone down quiet a bit. Recently I've
noticed that spam is being delivered thru my secondary MX. I don't have
access to the secondary MX because it's offsite and owned by another
company. They do not filter for spam. Can I somehow configure MailScanner
or SpamAssassin to check for example the first (or all) IP in the message
header against the RBLs I use?

Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rhl-list at BRANTS.COM  Mon Aug 30 10:24:13 2004
From: rhl-list at BRANTS.COM (Frank C. Brants)
Date: Thu Jan 12 21:26:41 2006
Subject: Getting SpamAssassin's MySQL database created - RHEL V 3.0
Message-ID: <mailman.1242.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Christian,

Thanks!!

I found another problem - I had changed my /etc/sysconfig/i18n to correct
some issues I was having with my ssh client...

LANG="en_US.UTF-8"
#LANG="en_US"
SUPPORTED="en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16"

I changed it back (as you see it above), and now mysql is a little more
responsive...

mysql> insert into db (Host, Db, User, Select_priv, Insert_priv,
Update_priv, Delete_priv)
values('localhost','spamassassin','spam','Y','Y','Y','Y');
--------------
insert into db (Host, Db, User, Select_priv, Insert_priv, Update_priv,
Delete_priv) values('localhost','spamassassin','spam','Y','Y','Y','Y')
--------------

Query OK, 1 row affected (0.00 sec)

Whew!!

Thanks for your help!!

Franko

At Monday 8/30/2004 03:50 AM, Christiaan den Besten wrote:

>>mysql> insert into user (Host, User, Password)
>>values('localhost','<username>', password('<pass word>'));
>
>that's ok.
>
>>mysql> insert into user (Host, User, Password)
>>values('localhost','My_Real_Username',' password('My_Real_Password'));
>
>Skip the ' in front of the word password, this is messing it up. FYI: You
>might also want to install "phpmyadmin", this will let you do this stuff
>(and more) web-based.
>
>bye,
>Chris
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Mon Aug 30 11:29:00 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:41 2006
Subject: Spam thru secondary MX
Message-ID: <mailman.1243.1137101201.24926.mailscanner@lists.mailscanner.info>

Hi!

> I've been running MailScanner/SpamAssassin and RBL checks in sendmail for 6
> months now and the amount of spam has gone down quiet a bit. Recently I've
> noticed that spam is being delivered thru my secondary MX. I don't have
> access to the secondary MX because it's offsite and owned by another
> company. They do not filter for spam. Can I somehow configure MailScanner
> or SpamAssassin to check for example the first (or all) IP in the message
> header against the RBLs I use?

Thats what SA does, so it will be checked automaticly if you do the RBL
checks within SA.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 11:46:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: No scores/reports in stored messages?
Message-ID: <mailman.1244.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:32 30/08/2004, you wrote:
>It seems there are no SA scores, reports, headers added to stored
>(quarantined) messages. Is this correct? The messages look like they were
>not touched at all. I looked in the documentation, MAQ, FAQ, it's not
>mentioned anywhere it seems.

This comes up every month :-)

The archive/quarantines are completely untouched messages, they are in
their original form. I intend to keep it that way, because if something
happened to that MailScanner started screwing up messages that it had
archived/quarantined and delivered, you wouldn't lose the originals. I work
on the paranoid basis that MailScanner may screw your entire email system,
and I want to keep away from anything that does any harm.

It's the same reason you folks don't get access to the CVS tree.
I don't want to be responsible for a company going under because it loses
all its mail, and it's my fault. Email is important and transient. Unless
you archive every message, there is no way of restoring a part of a
conversation from backups.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Mon Aug 30 15:11:54 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:41 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1245.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,
we're not using spamassasin, only Spam Lists (DNS blocklists). When a mail comes
and MailScanner finds that sender's IP is on 2 or more blacklists it deletes
that mail. When it appears only on 1 then store and forward it to me (not too
much...;) so i can check it. Unfortunately, some spammers puts these two headers
into spam:

X-Mozilla-Status:
X-Mozilla-Status2:

Because of this, my mail program (Thunderbird) shows new mail as already read
which is undesirable. Can mailscanner remove those two headers from all
processed e-mails?

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Mon Aug 30 15:42:07 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:41 2006
Subject: possible bug in MailScanner 4.32.5 in debug mode with
    bitdefender
Message-ID: <mailman.1246.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Jacobson wrote:

>Hi All,
>
>MS 4.32.5
>Bitdefender: 7.0
>
>Just want to confirm if anyone else can reproduce this :
>
>When using
>
>Virus Scanners = bitdefender clamav
>Debug = yes
>  
>
I have :
Virus Scanners = mcafee bitdefender
and everything is OK (no error message).

Denis

>I get the following:
>
>/usr/lib/MailScanner/bitdefender-wrapper: line 52: 17512 Segmentation fault
>   ${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1
>cat: /tmp/log.bdc.17511: No such file or directory
>rm: cannot remove `/tmp/log.bdc.17511': No such file or directory
>Stopping now as you are debugging me.
>                                                           [  OK  ]
>
>It seems to work perfectly without debug mode enabled.
>
>  
>

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mkettler at EVI-INC.COM  Mon Aug 30 16:29:06 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:41 2006
Subject: i want to understand something please
Message-ID: <mailman.1247.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 05:12 PM 8/29/2004, Idan Plotnik wrote:
>xmlns:ns0="urn:schemas-microsoft-com:office:smarttags">
>Hello,
>
>1. If I configure in my MailScanner.conf:
>Using SA = yes
>And I configure score = 7
>And in the local.cf I configure:
>required_hits           7.5
>
>what is count between them?

As someone else said, the option in MailScanner.conf is the one that will
matter. Mailscanner calls spamassassin, but it only pays attention to the
resulting score and does it's own message tagging.

the required_hits in local.cf will affect any test-runs you might do using
the command-line spamassassin, but it won't affect mail processed through
MailScanner.

>2. I saw some people copy the SA rules to /etc/mail/spamassassin and some
>not, they just using the original rules in /usr/shard/spamassassin
>What is the different between those two locations ?

There are actually three locations


/usr/share/spamassassin/*.cf - intended for the default rules that come
with spamassassin. This directory will get wiped out and replaced during SA
upgrades.

/etc/mail/spamassassin/*.cf  - intended for your site-wide customizations
and over-rides of the defaults. Not touched by the upgrade process.

MailScanner/spam.assassin.prefs.conf -  replaces the normal
"~/.spamassassin/user_prefs" file in SA, and allows you a place to
customize SA settings only when SA is invoked by MailScanner. Note: some
"administrative" settings won't be honored by SA here for security reasons.


>And what really count ?

All of them count..  They are parsed in order of most general to most
specific, starting with /usr/share, then /etc/, and the prefs are parsed
last. If there's a conflict SpamAssassin takes a 'last one parsed wins'
type approach.

This way, site-custom settings in /etc/mail/spamassassin/ can over-ride the
defaults in /usr/share.

Similarly the user-specific preferences can over-ride the site custom
settings in /etc/mail/spamassassin.

See man Mail::SpamAssassin::Conf for more details, but be aware that in
MailScanner spam.assassin.prefs.conf is equivalent to user_prefs, but
always acts as if allow_user_rules is set.

Also be aware that SA's subject_tag, add_header, required_hits, and other
message marking/encapsulation options don't matter, as MailScanner makes
it's own.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Mon Aug 30 16:36:32 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:41 2006
Subject: Add disclaimer notice to outbond email only
Message-ID: <mailman.1248.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi all,

Its been a challenge to get Mailscanner working correctly.  Was never able
to get Vexira antivirus working from the command line.  Had to implement
sendmail+milter+vexira.

Nice to see Mailscanner picking up more dangerous code -

Could not parse Outlook Rich Text attachment
Found a script in HTML message
Found dangerous IFrame tag in HTML message

Is there any way to attach disclaimer to outbound email only ?


BTW:  Thanks to Richard Lush for his exellant webmin modules.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Mon Aug 30 16:50:01 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:41 2006
Subject: Could not parse Outlook Rich Text attachment
Message-ID: <mailman.1249.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
What does this mean -

Could not parse Outlook Rich Text attachment

Is it a problem?. Is it being delivered?.

I see these on messages that are being sent from our domain.

btb

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Mon Aug 30 16:52:55 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:41 2006
Subject: possible bug in MailScanner 4.32.5 in debug mode with
    bitdefender
Message-ID: <mailman.1250.1137101201.24926.mailscanner@lists.mailscanner.info>

 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Jacobson
> Sent: Friday, August 27, 2004 4:21 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: possible bug in MailScanner 4.32.5 in debug mode 
> with bitdefender
> 
> Hi All,
> 
> MS 4.32.5
> Bitdefender: 7.0
> 
> Just want to confirm if anyone else can reproduce this :
> 
> When using
> 
> Virus Scanners = bitdefender clamav
> Debug = yes
> 
> I get the following:
> 
> /usr/lib/MailScanner/bitdefender-wrapper: line 52: 17512 
> Segmentation fault
>    ${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1
> cat: /tmp/log.bdc.17511: No such file or directory
> rm: cannot remove `/tmp/log.bdc.17511': No such file or 
> directory Stopping now as you are debugging me.
>                                                            [  OK  ]
> 
> It seems to work perfectly without debug mode enabled.
> 
> Kind regards,
> 
> David Jacobson

I Use bitdefender and clamav and if I can remember correctally I had to
change the path to Bitdefender in the virus.scanners.conf and also had
to change the Minimum Code Status = beta in Mailscanner.conf




> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From giulio.cervera at EDSPA.IT  Mon Aug 30 17:02:56 2004
From: giulio.cervera at EDSPA.IT (Giulio Cervera)
Date: Thu Jan 12 21:26:41 2006
Subject: Feature request ( different action for Mass Mailling Virus )
Message-ID: <mailman.1251.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Would be nice to have different action for the Mass Mailling Virus (@MM,
Worm).
The program can  automatically delete (or quarantine) the entire message
to avoid using server resources
to scan, quarantine, or otherwise process messages and files that have
no redeeming value.

This will be done by using virus name or portion of it.
some AV like mcafee or f-prot ad '@MM' or '@mm' at the end of virus
name, other AV clamAV, kaspersky  call it 'Worm'


<mailto:giulio.cervera@edspa.it>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 17:22:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:41 2006
Subject: Feature request ( different action for Mass Mailling Virus )
Message-ID: <mailman.1252.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you checked out the concept of "Silent Viruses"?
This can make it delete any mail containing things like worms, while
continuing to disinfect and deliver mail containing things like document
macro viruses.

At 17:02 30/08/2004, you wrote:
>Would be nice to have different action for the Mass Mailling Virus (@MM,
>Worm).
>The program can  automatically delete (or quarantine) the entire message
>to avoid using server resources
>to scan, quarantine, or otherwise process messages and files that have
>no redeeming value.
>
>This will be done by using virus name or portion of it.
>some AV like mcafee or f-prot ad '@MM' or '@mm' at the end of virus
>name, other AV clamAV, kaspersky  call it 'Worm'
>
>
><mailto:giulio.cervera@edspa.it>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Mon Aug 30 17:29:09 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:41 2006
Subject: Spam thru secondary MX
Message-ID: <mailman.1253.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 05:24 AM 8/30/2004, Peter Kruit wrote:
>I've been running MailScanner/SpamAssassin and RBL checks in sendmail for 6
>months now and the amount of spam has gone down quiet a bit. Recently I've
>noticed that spam is being delivered thru my secondary MX. I don't have
>access to the secondary MX because it's offsite and owned by another
>company. They do not filter for spam. Can I somehow configure MailScanner
>or SpamAssassin to check for example the first (or all) IP in the message
>header against the RBLs I use?

SpamAssassin checks all IP's in all Received: headers against RBL's by
default. No settings required.

One exception to this is dialup RBLs, which in 2.6x are only checked
against hosts dropping mail off to a machine listed in trusted_networks.

You can manually set your trusted networks, and in it include the secondary
MX, your primary MX, and any other mailservers that insert Received:
headers that are a part of your network which should not get mail directly
from dialups.


However don't make the common mistake of assuming "trusted" means
"whitelisted".

         Trusted in 2.6x means "mailserver in my home network, trusted to
not forge Received: headers, and should never receive mail directly from
dialup".

         3.0 behaves differently with separate settings for "trusted to not
forge" and "part of local network", and adds a new one for "whitelisted
from RBL checks".

  See man Mail::SpamAssassin::Conf for details on configuring this setting.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug 30 17:46:58 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:41 2006
Subject: Feature request ( different action for Mass Mailling Virus )
Message-ID: <mailman.1254.1137101201.24926.mailscanner@lists.mailscanner.info>

> Would be nice to have different action for the Mass Mailling Virus
> (@MM, Worm). The program can  automatically delete (or quarantine) the
> entire message to avoid using server resources to scan,
> quarantine, or otherwise process messages and files that have no
> redeeming value.
As Julian said there is the "silent viruses" option. Also worth noting is
the scanning order. At present it only scans for viruses _after_ the other
scans, so the AV won't kick in unless it has already been passed by the
other tests.

Julian - bumpity bump :)

M


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From giulio.cervera at EDSPA.IT  Mon Aug 30 17:50:07 2004
From: giulio.cervera at EDSPA.IT (Giulio Cervera)
Date: Thu Jan 12 21:26:42 2006
Subject: Feature request ( different action for Mass Mailling Virus )
Message-ID: <mailman.1255.1137101201.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
thank's<br>
<br>
Julian Field ha scritto:
<blockquote
 cite="mid6.1.2.0.2.20040830172135.0ccd3850@imap.ecs.soton.ac.uk"
 type="cite">Have you checked out the concept of "Silent Viruses"?
  <br>
This can make it delete any mail containing things like worms, while
  <br>
continuing to disinfect and deliver mail containing things like
document
  <br>
macro viruses.
  <br>
  <br>
At 17:02 30/08/2004, you wrote:
  <br>
  <blockquote type="cite">Would be nice to have different action for
the Mass Mailling Virus (@MM,
    <br>
Worm).
    <br>
The program can&nbsp; automatically delete (or quarantine) the entire
message
    <br>
to avoid using server resources
    <br>
to scan, quarantine, or otherwise process messages and files that have
    <br>
no redeeming value.
    <br>
    <br>
This will be done by using virus name or portion of it.
    <br>
some AV like mcafee or f-prot ad '@MM' or '@mm' at the end of virus
    <br>
name, other AV clamAV, kaspersky&nbsp; call it 'Worm'
    <br>
    <br>
    <br>
<a class="moz-txt-link-rfc2396E" href="mailto:giulio.cervera@edspa.it">&lt;mailto:giulio.cervera@edspa.it&gt;</a>
    <br>
    <br>
------------------------ MailScanner list ------------------------
    <br>
To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a> with the words:
    <br>
'leave mailscanner' in the body of the email.
    <br>
Before posting, read the MAQ (<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and
    <br>
the archives (<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
    <br>
  </blockquote>
  <br>
--
  <br>
Julian Field
  <br>
<a class="moz-txt-link-abbreviated" href="http://www.MailScanner.info">www.MailScanner.info</a>
  <br>
Professional Support Services at <a class="moz-txt-link-abbreviated" href="http://www.MailScanner.biz">www.MailScanner.biz</a>
  <br>
MailScanner thanks transtec Computers for their support
  <br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
  <br>
  <br>
------------------------ MailScanner list ------------------------
  <br>
To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a> with the words:
  <br>
'leave mailscanner' in the body of the email.
  <br>
Before posting, read the MAQ (<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and
  <br>
the archives (<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
  <br>
  <br>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 10">
<meta name="Originator" content="Microsoft Word 10">
<link rel="File-List" href="sign_file/filelist.xml">
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>Giulio Cervera</o:Author>
  <o:LastAuthor>Giulio Cervera</o:LastAuthor>
  <o:Revision>8</o:Revision>
  <o:TotalTime>3</o:TotalTime>
  <o:Created>2003-07-18T14:08:00Z</o:Created>
  <o:LastSaved>2003-07-18T14:11:00Z</o:LastSaved>
  <o:Pages>1</o:Pages>
  <o:Words>29</o:Words>
  <o:Characters>169</o:Characters>
  <o:Company>EDS</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>197</o:CharactersWithSpaces>
  <o:Version>10.4219</o:Version>
 </o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:HyphenationZone>14</w:HyphenationZone>
  <w:Compatibility>
   <w:ApplyBreakingRules/>
   <w:UseFELayout/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;
        mso-font-alt:\5B8B\4F53;
        mso-font-charset:134;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;
        mso-font-charset:134;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:3 135135232 16 0 262145 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:SimSun;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:SimSun;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 2.0cm 2.0cm 2.0cm;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
 /* Style Definitions */
 table.MsoNormalTable
        {mso-style-name:"Tabella normale";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
<meta name="CREATED" content="20030718;12453400">
<meta name="CHANGED" content="20030718;12462500">
<div class="Section1">
<p><b><span style="font-family: Arial; color: black;">Giulio Cervera</span></b><span
 style="font-family: Arial; color: black;"> <o:p></o:p></span></p>
<p><span class="GramE"><span
 style="font-size: 11pt; font-family: Arial; color: black;">EDS PA <span
 class="SpellE">SpA</span> <br>
Via Atanasio Soldati 80 <br>
00155 Roma (<span class="SpellE">Italy</span>) <br>
<span class="SpellE">tel</span>: +39 06 22739 270 <br>
fax: +39 06 22739 233 <br>
e-mail:</span><span style="font-size: 11pt; font-family: Arial;"> </span><span
 style="font-size: 11pt; font-family: Arial; color: blue;" lang="EN-US"><a
 href="mailto:giulio.cervera@edspa.it"><span style="" lang="IT">giulio.cervera@edspa.it</span></a></span></span><span
 style="font-size: 11pt; font-family: Arial;"><o:p></o:p></span></p>
</div>
</div>
</body>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From jwilliam at KCR.UKY.EDU  Mon Aug 30 17:53:35 2004
From: jwilliam at KCR.UKY.EDU (John Williams)
Date: Thu Jan 12 21:26:42 2006
Subject: Add disclaimer notice to outbond email only
Message-ID: <mailman.1256.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In MailScanner.conf   (where the inline.sig is your text)
.
.
# Set where to find the HTML and text versions that will be added to the
# end of all clean messages, if "Sign Clean Messages" is set.
# These can also be the filenames of rulesets.
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
.
.
# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
Sign Clean Messages = /opt/MailScanner/etc/rules/sign.clean.rules


Partial sign.clean.rules:
To:     *@jiscmail.ac.uk        no
From:        kcr.uky.edu                yes
FromTo:      default                 no


We use it to add the legal crap that managers seem to like.  ; )

Look at /opt/MailScanner/etc/rules/EXAMPLES for more info.

John

"Don't get educated beyond your intelligence..."  my grandfather.


At 11:36 AM 8/30/2004, you wrote:
>Hi all,
>
>Is there any way to attach disclaimer to outbound email only ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From newsgroup2 at SPACELINK.COM.AU  Mon Aug 30 18:00:12 2004
From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark)
Date: Thu Jan 12 21:26:42 2006
Subject: upgrade problems
Message-ID: <mailman.1257.1137101202.24926.mailscanner@lists.mailscanner.info>

Any help here?


Unpacked
./install.sh
Upgraded conf file
All looked fine
Restarted MailScanner and got this




[root@proxy subsys]# service MailScanner start
/etc/init.d/MailScanner: line 73: [: =: unary operator expected
Starting MailScanner daemons:
         incoming : /etc/init.d/MailScanner: line 92: [: =: unary operator
expected
/etc/init.d/MailScanner: line 104: [: =: unary operator expected
/etc/init.d/MailScanner: line 114: [: =: unary operator expected
/etc/init.d/MailScanner: line 134: [: =: unary operator expected
                                                           [FAILED]
Invalid MTA in /etc/sysconfig/MailScanner
         outgoing : /etc/init.d/MailScanner: line 153: [: =: unary operator
expected
/etc/init.d/MailScanner: line 163: [: =: unary operator expected
/etc/init.d/MailScanner: line 173: [: =: unary operator expected
/etc/init.d/MailScanner: line 178: [: =: unary operator expected
                                                           [FAILED]
Invalid MTA in /etc/sysconfig/MailScanner
         MailScanner:                                      [  OK  ]



Kind Regards

Stuart Clark RHCE
Director
Spacelink Communications Pty Ltd
Ph. 98570800 Fx. 98597577

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From d.santos at barcelohotels.com.do  Mon Aug 30 18:04:12 2004
From: d.santos at barcelohotels.com.do (Dywer Santos)
Date: Thu Jan 12 21:26:42 2006
Subject: dcc problem
Message-ID: <mailman.1258.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN 
class=123280217-30082004>Hi.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=123280217-30082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=123280217-30082004>After installing DCC 
all I can see in the maillog is the following</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Aug 30 12:58:33 outside sendmail[28147]: NOQUEUE: 
36sdl30m7.codetel.net.do [66.98.40.36] did not issue MAIL/EXPN/VRFY/ETRN during 
connection to MTA<BR>Aug 30 12:58:36 outside dccifd[28148]: continue not asking 
DCC 8 seconds after failure<BR>Aug 30 12:58:36 outside dccifd[28148]: write(MTA 
socket,5): Broken pipe<BR>Aug 30 12:58:36 outside dccifd[28149]: continue not 
asking DCC 8 seconds after failure<BR>Aug 30 12:58:36 outside dccifd[28150]: 
continue not asking DCC 8 seconds after failure<BR>Aug 30 12:58:36 outside 
dccifd[28151]: continue not asking DCC 8 seconds after failure<BR></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT><SPAN class=123280217-30082004><FONT face=Arial size=2>any 
idea?</FONT></SPAN></FONT></DIV>
<DIV><FONT><SPAN class=123280217-30082004><FONT face=Arial 
size=2></FONT></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT><SPAN class=123280217-30082004><FONT face=Arial 
size=2>thanks</FONT></SPAN></DIV></FONT></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From brentbolin at HOTMAIL.COM  Mon Aug 30 18:16:41 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:42 2006
Subject: Add disclaimer notice to outbond email only
Message-ID: <mailman.1259.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
tku

>From: John Williams <jwilliam@KCR.UKY.EDU>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Add disclaimer notice to outbond email only
>Date: Mon, 30 Aug 2004 12:53:35 -0400
>
>In MailScanner.conf   (where the inline.sig is your text)
>.
>.
># Set where to find the HTML and text versions that will be added to the
># end of all clean messages, if "Sign Clean Messages" is set.
># These can also be the filenames of rulesets.
>Inline HTML Signature = %report-dir%/inline.sig.html
>Inline Text Signature = %report-dir%/inline.sig.txt
>.
>.
># Add the "Inline HTML Signature" or "Inline Text Signature" to the end
># of uninfected messages?
># This can also be the filename of a ruleset.
>Sign Clean Messages = /opt/MailScanner/etc/rules/sign.clean.rules
>
>
>Partial sign.clean.rules:
>To:     *@jiscmail.ac.uk        no
>From:        kcr.uky.edu                yes
>FromTo:      default                 no
>
>
>We use it to add the legal crap that managers seem to like.  ; )
>
>Look at /opt/MailScanner/etc/rules/EXAMPLES for more info.
>
>John
>
>"Don't get educated beyond your intelligence..."  my grandfather.
>
>
>At 11:36 AM 8/30/2004, you wrote:
>>Hi all,
>>
>>Is there any way to attach disclaimer to outbound email only ?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Aug 30 18:27:38 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:42 2006
Subject: upgrade problems
Message-ID: <mailman.1260.1137101202.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-31 at 03:00 +1000, Stuart Clark wrote:

What do you get if you turn on debugging?
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tristan at LINUX.WITENKO.COM  Mon Aug 30 18:38:27 2004
From: tristan at LINUX.WITENKO.COM (Tristan Rhodes)
Date: Thu Jan 12 21:26:42 2006
Subject: upgrade problems
Message-ID: <mailman.1261.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Looks like a syntax error.

Can you send us these lines from your /etc/init.d/Mailscanner file?
Lines: 92 104 114 134 153 163 173 178

Just copy and paste the lines, and we should be able to see what went wrong.

Tristan Rhodes

Stuart Clark wrote:

> Any help here?
>
>
> Unpacked
> ./install.sh
> Upgraded conf file
> All looked fine
> Restarted MailScanner and got this
>
>
>
>
> [root@proxy subsys]# service MailScanner start
> /etc/init.d/MailScanner: line 73: [: =: unary operator expected
> Starting MailScanner daemons:
>          incoming : /etc/init.d/MailScanner: line 92: [: =: unary operator
> expected
> /etc/init.d/MailScanner: line 104: [: =: unary operator expected
> /etc/init.d/MailScanner: line 114: [: =: unary operator expected
> /etc/init.d/MailScanner: line 134: [: =: unary operator expected
>                                                            [FAILED]
> Invalid MTA in /etc/sysconfig/MailScanner
>          outgoing : /etc/init.d/MailScanner: line 153: [: =: unary operator
> expected
> /etc/init.d/MailScanner: line 163: [: =: unary operator expected
> /etc/init.d/MailScanner: line 173: [: =: unary operator expected
> /etc/init.d/MailScanner: line 178: [: =: unary operator expected
>                                                            [FAILED]
> Invalid MTA in /etc/sysconfig/MailScanner
>          MailScanner:                                      [  OK  ]
>
>
>
> Kind Regards
>
> Stuart Clark RHCE
> Director
> Spacelink Communications Pty Ltd
> Ph. 98570800 Fx. 98597577


--
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jd at BENTECMED.COM  Mon Aug 30 18:50:39 2004
From: jd at BENTECMED.COM (JD)
Date: Thu Jan 12 21:26:42 2006
Subject: ClamAV
Message-ID: <mailman.1262.1137101202.24926.mailscanner@lists.mailscanner.info>

For some reason ClamAV's install package isn't whats in the faq. Is there
another package im supposed to install from? I downloaded the 0.75 version
from the website. Or is there a seperate set of commands to install now? I
noticed an install-sh but it's not really doing anything. Im running redhat
7

-Jason

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Mon Aug 30 18:57:42 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:42 2006
Subject: dcc problem
Message-ID: <mailman.1263.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dywer Santos wrote:
> After installing DCC all I can see in the maillog is the following
>
> Aug 30 12:58:33 outside sendmail[28147]: NOQUEUE:
> 36sdl30m7.codetel.net.do [66.98.40.36] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA

This is just a dropped connection to Sendmail and has nothing to do with
DCC.

> Aug 30 12:58:36 outside dccifd[28148]: continue not asking DCC 8 seconds
> after failure

How did you install DCC? Some package? If you followed the instructions
from the INSTALL file that comes with SpamAssassin you wouldn't have
dccifd running. Please look at those instructions first. They also
explain which port should be open in your firewall and so on.

If you can get it working with dccproc you can enable dccifd later on.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Mon Aug 30 19:01:39 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:42 2006
Subject: ClamAV
Message-ID: <mailman.1264.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JD wrote:
> For some reason ClamAV's install package isn't whats in the faq. Is there
> another package im supposed to install from? I downloaded the 0.75 version
> from the website. Or is there a seperate set of commands to install now? I
> noticed an install-sh but it's not really doing anything. Im running redhat
> 7

Could you please clarify a little? What FAQ and what web site? 0.75 is
not current, 0.75.1 is.

A good site for Red Hat packages is:

http://dag.wieers.com/packages/clamav

The best thing is to build from the source package but there was a bug
in it this time so I had to settle for the binary, luckily he provides
lots of them.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Mon Aug 30 19:02:47 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:42 2006
Subject: ClamAV
Message-ID: <mailman.1265.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 01:50 PM 8/30/2004, JD wrote:
>For some reason ClamAV's install package isn't whats in the faq. Is there
>another package im supposed to install from? I downloaded the 0.75 version
>from the website. Or is there a seperate set of commands to install now? I
>noticed an install-sh but it's not really doing anything. Im running redhat

If you read the INSTALL instructions in the tarball, it's your standard
autoconf tarball type install.. ./configure, make, make install

$cd clamav-0.75/

$more INSTALL
...

The simplest way to compile this package is:

   1. `cd' to the directory containing the package's source code and type
      `./configure' to configure the package for your system.  If you're
      using `csh' on an old version of System V, you might need to type
      `sh ./configure' instead to prevent `csh' from trying to execute
      `configure' itself.

      Running `configure' takes awhile.  While running, it prints some
      messages telling which features it is checking for.

   2. Type `make' to compile the package.

   3. Optionally, type `make check' to run any self-tests that come with
      the package.

   4. Type `make install' to install the programs and any data files and
      documentation.

   5. You can remove the program binaries and object files from the
      source code directory by typing `make clean'.  To also remove the
      files that `configure' created (so you can compile the package for
      a different kind of computer), type `make distclean'.  There is
      also a `make maintainer-clean' target, but that is intended mainly
      for the package's developers.  If you use it, you may have to get
      all sorts of other programs in order to regenerate files that came
      with the distribution.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 19:37:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: upgrade problems
Message-ID: <mailman.1266.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:00 30/08/2004, you wrote:
>Any help here?
>
>
>Unpacked
>./install.sh
>Upgraded conf file
>All looked fine
>Restarted MailScanner and got this

Check you don't have a /etc/sysconfig/MailScanner.rpmnew. If so, merge the
old settings into the new one. The new one auto-detects the MTA from
/etc/MailScanner/MailScanner.conf. What does the line in MailScanner.conf
that sets your MTA look like? It should just be like
MTA = sendmail
or similar.

I think that is where the problem is, as shown by the "Invalid MTA" error
in your output.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 20:01:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: MailScanner: Clam and SA3 installer
Message-ID: <mailman.1267.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just put a package on the web site that will install
        - the ClamAV module
        - ClamAV itself
        - SpamAssassin-3.0.0-RC2
        - SpamAssassin's SPF checker
along with all their dependencies.

They aren't wrapped up as RPM's so this is mainly for the benefit of
non-RPM systems, but there's nothing to stop you installing this on RPM
systems anyway. I hope to have an RPM version of this available soon.

It's in the "Other stuff" section of the downloads page at
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml

I hope you find this useful.

The next release of MailScanner should be out tomorrow...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 20:01:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: MailScanner: Clam and SA3 installer
Message-ID: <mailman.1268.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just put a package on the web site that will install
        - the ClamAV module
        - ClamAV itself
        - SpamAssassin-3.0.0-RC2
        - SpamAssassin's SPF checker
along with all their dependencies.

They aren't wrapped up as RPM's so this is mainly for the benefit of
non-RPM systems, but there's nothing to stop you installing this on RPM
systems anyway. I hope to have an RPM version of this available soon.

It's in the "Other stuff" section of the downloads page at
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml

I hope you find this useful.

The next release of MailScanner should be out tomorrow...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From d.santos at barcelohotels.com.do  Mon Aug 30 20:52:11 2004
From: d.santos at barcelohotels.com.do (Dywer Santos)
Date: Thu Jan 12 21:26:42 2006
Subject: dcc problem
Message-ID: <mailman.1269.1137101202.24926.mailscanner@lists.mailscanner.info>

thanks, it was a firewall problem

-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
nombre de Peter Bonivart
Enviado el: Monday, August 30, 2004 1:58 PM
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: dcc problem


Dywer Santos wrote:
> After installing DCC all I can see in the maillog is the following
>
> Aug 30 12:58:33 outside sendmail[28147]: NOQUEUE:
> 36sdl30m7.codetel.net.do [66.98.40.36] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA

This is just a dropped connection to Sendmail and has nothing to do with
DCC.

> Aug 30 12:58:36 outside dccifd[28148]: continue not asking DCC 8 seconds
> after failure

How did you install DCC? Some package? If you followed the instructions
from the INSTALL file that comes with SpamAssassin you wouldn't have
dccifd running. Please look at those instructions first. They also
explain which port should be open in your firewall and so on.

If you can get it working with dccproc you can enable dccifd later on.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pparsons at COLUMBIAFUELS.COM  Mon Aug 30 21:31:20 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:42 2006
Subject: Release attachments from quarantine
Message-ID: <mailman.1270.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>Release attachments from quarantine</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P><FONT SIZE=2 FACE="Arial">I am using Mailscanner-4.32.5-1 /SA Bitdefender and clamav on a Redhat 9 box.</FONT>
</P>

<P><FONT SIZE=2 FACE="Arial">I have everything setup so that the quarantined messages are in mailq format etc etc&#8230;</FONT>

<BR><FONT SIZE=2 FACE="Arial">So if I get a message that gets quarantined that has an attachment how would I send that message on if I know it is good. I know to mv the df* and qf* files to the mqueue but what do I do with the attachment&#8230;</FONT></P>

<P><FONT SIZE=2 FACE="Arial">I have search the MAQ and FAQ but only found forwarding of the message part not the hole thing...</FONT>
</P>

<P><FONT SIZE=2 FACE="Arial">&nbsp;</FONT>

<BR><FONT SIZE=2 FACE="Arial">Thank you.</FONT>

<BR><FONT SIZE=2 FACE="Arial">Philip Parsons </FONT>

<BR><FONT SIZE=2 FACE="Arial">Network Engineer</FONT>

<BR><FONT SIZE=2 FACE="Arial">&nbsp;</FONT>

<BR><FONT SIZE=2 FACE="Arial">Columbia Fuels Inc.</FONT>

<BR><FONT SIZE=2 FACE="Arial">2669 Wilfert Rd., Victoria BC, V9B 5Z3</FONT>

<BR><FONT SIZE=2 FACE="Arial">Phone: (250) 391-3638</FONT>

<BR><FONT SIZE=2 FACE="Arial">Cell: (250) 883-5972</FONT>

<BR><A HREF="http://www.columbiafuels.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiafuels.com</FONT></U></A>

<BR><A HREF="http://www.columbiaenergy.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiaenergy.com</FONT></U></A>

<BR><A HREF="http://www.columbiaice.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiaice.com</FONT></U></A>

<BR><FONT SIZE=2 FACE="Arial">pparsons@columbiafuels.com</FONT>

<BR><FONT SIZE=2 FACE="Arial">E-mail protection by Mailscanner/SA</FONT>

<BR><FONT SIZE=2 FACE="Arial">Virus protection by Bitdefender</FONT>
</P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Aug 30 21:34:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: Release attachments from quarantine
Message-ID: <mailman.1271.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:31 30/08/2004, you wrote:

>I am using Mailscanner-4.32.5-1 /SA Bitdefender and clamav on a Redhat 9 box.
>
>I have everything setup so that the quarantined messages are in mailq 
>format etc etc^Å
>So if I get a message that gets quarantined that has an attachment how 
>would I send that message on if I know it is good. I know to mv the df* 
>and qf* files to the mqueue but what do I do with the attachment^Å

All attachments are included in the df file, so in your case you don't need 
to do anything with the attachment file at all.
-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From rurqueta at MUNILASERENA.CL  Mon Aug 30 22:06:19 2004
From: rurqueta at MUNILASERENA.CL (Raul Urqueta S)
Date: Thu Jan 12 21:26:42 2006
Subject: in redhat 9
Message-ID: <mailman.1272.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C48EB3.AB015D20">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
span.EstiloCorreo17
        {mso-style-type:personal-compose;
        mso-style-noshow:yes;
        mso-ansi-font-size:12.0pt;
        mso-bidi-font-size:12.0pt;
        font-family:Tahoma;
        mso-ascii-font-family:Tahoma;
        mso-hansi-font-family:Tahoma;
        mso-bidi-font-family:Tahoma;
        color:navy;
        font-weight:bold;
        font-style:normal;
        text-decoration:none;
        text-underline:none;
        text-decoration:none;
        text-line-through:none;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 3.0cm 70.85pt 3.0cm;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Tabla normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=ES link=blue vlink=purple style='tab-interval:35.4pt'>

<div class=Section1>

<p class=MsoNormal><span class=GramE><b><font size=3 color=navy face=Tahoma><span
lang=EN-US style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:
EN-US;font-weight:bold'>somebody</span></font></b></span><b><font color=navy
face=Tahoma><span lang=EN-US style='font-family:Tahoma;color:navy;mso-ansi-language:
EN-US;font-weight:bold'> can help me to configure the <span class=SpellE>MailScanner</span>
with <span class=SpellE>RedHat</span> 9, and <span class=SpellE>Uvscan</span>? Step
by step (in Spanish better)<o:p></o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'>I <span class=GramE>cant</span> do it work.<o:p></o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'>I follow the steps in the page <a
href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml</a>,
but don&#8217;t work<o:p></o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'>Thanks<o:p></o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoNormal><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;font-family:Tahoma;color:navy;mso-ansi-language:EN-US;
font-weight:bold'>Raul.-<o:p></o:p></span></font></b></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From krausem at gmail.com  Mon Aug 30 22:11:10 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:42 2006
Subject: MCP not forwarding messages
Message-ID: <mailman.1273.1137101202.24926.mailscanner@lists.mailscanner.info>

So I figured out the fix to this problem. I had to put in a deliver in
the MCP portion of MailScanner.conf

I changed:

MCP Actions = store forward review@example.com sarge@example.com
High Scoring MCP Actions = store forward review@example.com sarge@example.com

to:

MCP Actions = store deliver forward review@example.com sarge@example.com
High Scoring MCP Actions = store deliver forward review@example.com
sarge@example.com

which isn't the way it is supposed to work, but it fixes my issue.  So
basically the deliver does what the forward review@example.com should
do.  So that means if I wanted to deliver MCP messages to the original
To: user it wouldn't work.

Any ideas how this happend?

On Thu, 5 Aug 2004 13:33:34 -0700, Matt Krause <krausem@gmail.com> wrote:
> Yep, everything else is fine. The log states it is store forward but
> then it never requeues the message after that like in a working
> example. Maybe it is a postfix issue, but I'm not sure.  I upgraded to
> Postfix 2.1.3 yesterday hoping it would fix it, but it didn't.
>
> I have attached a working box log and a log from the non-working box.
> Everything looks the same except the non working box doesn't requeue
> the message to forward it on.
>
> Thanks a lot.
>
> Matt
>
>
>
> On Thu, 5 Aug 2004 12:14:29 -0300, Mariano Absatz <el.baby@gmail.com> wrote:
> > On Thu, 5 Aug 2004 08:03:56 -0700, Matt Krause <krausem@gmail.com> wrote:
> > > # Configuration directory containing files related to MCP
> > > # (Message Content Protection)
> > > %mcp-dir% = /opt/MailScanner/etc/mcp
> > ....
> > <SNIP>
> > Strange... everything seems just fine... and you say the log states
> > that actions are 'store forward'...
> >
> > Sorry 'bout really stupid questions, but is the forwarded address
> > correctly spelled? can you send a message from within the mailscanner
> > server to the forwarded address and is it delivered?
> >
> > Sorry, but I can't think of what can be wrong...
> >
> >
> >
> > --
> > Mariano Absatz - El Baby
> > el (dot) baby (AT) gmail (dot) com
> > el (punto) baby (ARROBA:@) gmail (punto) com
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
>
> --
> Matt Krause
> krausem@gmail.com
> http://www.mattkrause.net
>
>
>


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pparsons at COLUMBIAFUELS.COM  Mon Aug 30 22:19:01 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:42 2006
Subject: Release attachments from quarantine
Message-ID: <mailman.1274.1137101202.24926.mailscanner@lists.mailscanner.info>

 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Monday, August 30, 2004 1:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Release attachments from quarantine
> 
> At 21:31 30/08/2004, you wrote:
> 
> >I am using Mailscanner-4.32.5-1 /SA Bitdefender and clamav 
> on a Redhat 9 box.
> >
> >I have everything setup so that the quarantined messages are 
> in mailq 
> >format etc etc... So if I get a message that gets quarantined 
> that has an 
> >attachment how would I send that message on if I know it is good. I 
> >know to mv the df* and qf* files to the mqueue but what do I do with 
> >the attachment...
> 
> All attachments are included in the df file, so in your case 
> you don't need to do anything with the attachment file at all.

DUH !!!!!!! 
Thanks works great...

> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz 
> MailScanner thanks transtec Computers for their support PGP 
> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Mon Aug 30 22:32:00 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:42 2006
Subject: No scores/reports in stored messages?
Message-ID: <mailman.1275.1137101202.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Mon, 30 Aug 2004 11:46:24 +0100:

> This comes up every month :-)

Maybe because it's not in the documentation, MAQ etc.? I admit I haven't been 
following the list for quite a while since there was no need to do that, but 
I looked again thru all the documentation (*) I could find. I also knew that 
stored mail is not virus-scanned (and, actually, my name appears on the same 
page this is mentioned in the FAQ), but I didn't know that you don't touch 
the files "by principle". I've always used Mailwatch for checking scores in 
the past.

(*) (BTW: 
http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html lists 
an option which either doesn't exist anymore or was introduced only in 4.33.1 
(I haven't installed that yet). It contains a typo, so I suspect it's a 
rather old option?). "Always Include SpamAssasin Report".)

> 
> The archive/quarantines are completely untouched messages, they are in
> their original form. I intend to keep it that way, because if something
> happened to that MailScanner started screwing up messages that it had
> archived/quarantined and delivered, you wouldn't lose the originals. I work
> on the paranoid basis that MailScanner may screw your entire email system,
> and I want to keep away from anything that does any harm.

I understand the reason behind this, but it can create problems sometimes. 
F.i. if all spam is stored the messages which are released from quarantine 
will not have any spam reports in them, so the user can't determine why the 
message was found to be spam. Another problem, which I currently face, is you 
can't determine the exact spam report data at the time the message came in. I 
suspect that on my new MailScanner setup the figures shown in Mailwatch are 
sometimes not correct, so I wanted to check against the scores found in the 
stored mails - but there aren't any. And obviously rerunning the message thru 
SA is not the same.



Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From d99-jbe at NADA.KTH.SE  Tue Aug 31 00:23:25 2004
From: d99-jbe at NADA.KTH.SE (John Bergbom)
Date: Thu Jan 12 21:26:42 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1276.1137101202.24926.mailscanner@lists.mailscanner.info>

Hi!

I'm running a server with many domains, and one of our customers wants to
allow exe-attachments. I followed the steps in the FAQ, but it still
doesn't work for me. This is what I did:

In MailScanner.conf:
Filename Rules = %etc-dir%/rules/filename.rules
Filetype Rules = %etc-dir%/rules.filetype.rules

In rules/filename.rules:
To: *@domain.se    %etc-dir%/filename.exeok.rules.conf
FromOrTo: default %etc-dir%/filename.rules.conf

In rules/filetype.rules:
To: *@domain.se    %etc-dir%/filetype.exeok.rules.conf
FromOrTo: default %etc-dir%/filetype.rules.conf

In %etc-dir%/filename.rules.conf:
deny     \.exe$    Windows/DOS Executable

In %etc-dir%/filename.exeok.rules.conf:
allow     \.exe$    Windows/DOS Executable

In %etc-dir%/filetype.rules.conf:
deny     executable    No executables      No programs allowed

In %etc-dir%/filename.exeok.rules.conf:
allow     executable    No executables      No programs allowed

This has worked for others, but not for me. When I try to send an email to
test@domain.se I get this in return:

From: Mail Delivery System
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

test@domain.se
  This message has been rejected because it has
  a potentially executable attachment "temp.exe"
  This for of attachment has been used by recent
  viruses or other malware. If you meant to send
  this file then please package it up as a zip
  file and resend it.

SOMETHING is working though, because in the returned header there is a
line:
X-yoursite-MailScanner: Not scanned: please contact your Internet E-Mail
Service Provider for details

So my problem is (from what I understand): The Filename Rules and Filetype
Rules lets the exe-attachment get through, but then there is something
else that stops the file from getting through, and I can't figure out what
it is. I tried to set Virus Scanning for all domains except the domain in
question, but the same error occurred.

Before I made any changes to the MailSCanner.conf-file I got the usual
yoursite-Attachment-Warning.txt message, saying the the attachment has
been replaced with a warning message.

Please help me with this, it's important for us, and I can't figure out
what is wrong, and I haven't been able to find an answer to this in the
FAQ or in the mailing list archives.

Regards
John

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at NKPANAMA.COM  Tue Aug 31 00:44:32 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:42 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1277.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Are you sure you're not using spaces instead of tabs?

John Bergbom wrote:
> Hi!
>
> I'm running a server with many domains, and one of our customers wants to
> allow exe-attachments. I followed the steps in the FAQ, but it still
> doesn't work for me. This is what I did:
>
> In MailScanner.conf:
> Filename Rules = %etc-dir%/rules/filename.rules
> Filetype Rules = %etc-dir%/rules.filetype.rules
>
> In rules/filename.rules:
> To: *@domain.se    %etc-dir%/filename.exeok.rules.conf
> FromOrTo: default %etc-dir%/filename.rules.conf
>
> In rules/filetype.rules:
> To: *@domain.se    %etc-dir%/filetype.exeok.rules.conf
> FromOrTo: default %etc-dir%/filetype.rules.conf
>
> In %etc-dir%/filename.rules.conf:
> deny     \.exe$    Windows/DOS Executable
>
> In %etc-dir%/filename.exeok.rules.conf:
> allow     \.exe$    Windows/DOS Executable
>
> In %etc-dir%/filetype.rules.conf:
> deny     executable    No executables      No programs allowed
>
> In %etc-dir%/filename.exeok.rules.conf:
> allow     executable    No executables      No programs allowed
>
> This has worked for others, but not for me. When I try to send an email to
> test@domain.se I get this in return:
>
> From: Mail Delivery System
> Subject: Mail delivery failed: returning message to sender
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> test@domain.se
>   This message has been rejected because it has
>   a potentially executable attachment "temp.exe"
>   This for of attachment has been used by recent
>   viruses or other malware. If you meant to send
>   this file then please package it up as a zip
>   file and resend it.
>
> SOMETHING is working though, because in the returned header there is a
> line:
> X-yoursite-MailScanner: Not scanned: please contact your Internet E-Mail
> Service Provider for details
>
> So my problem is (from what I understand): The Filename Rules and Filetype
> Rules lets the exe-attachment get through, but then there is something
> else that stops the file from getting through, and I can't figure out what
> it is. I tried to set Virus Scanning for all domains except the domain in
> question, but the same error occurred.
>
> Before I made any changes to the MailSCanner.conf-file I got the usual
> yoursite-Attachment-Warning.txt message, saying the the attachment has
> been replaced with a warning message.
>
> Please help me with this, it's important for us, and I can't figure out
> what is wrong, and I haven't been able to find an answer to this in the
> FAQ or in the mailing list archives.
>
> Regards
> John
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From newsgroup2 at SPACELINK.COM.AU  Tue Aug 31 02:26:20 2004
From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark)
Date: Thu Jan 12 21:26:42 2006
Subject: upgrade problems cont.
Message-ID: <mailman.1278.1137101202.24926.mailscanner@lists.mailscanner.info>

When upgrading I accidentally did this (notice the MailScanner.)

cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew >
MailScanner.
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf




Also I can't find my MailScanner.conf.rpmnew anymore.
MailScanner. is empty

And when I copied the old conf file from backups I get this



[root@proxy MailScanner]# tail /var/log/maillog -f
Aug 31 11:01:01 proxy update.virus.scanners: Delaying cron job up to 600
seconds
Aug 31 11:17:02 proxy sendmail[15505]: alias database /etc/aliases rebuilt
by root
Aug 31 11:17:02 proxy sendmail[15505]: /etc/aliases: 63 aliases, longest 10
bytes, 625 bytes total
Aug 31 11:17:02 proxy sendmail[15514]: starting daemon (8.12.8): SMTP
Aug 31 11:17:03 proxy sm-msp-queue[15519]: starting daemon (8.12.8):
queueing@00:15:00
Aug 31 11:17:03 proxy sendmail[15526]: starting daemon (8.12.8):
queueing@00:15:00
Aug 31 11:17:04 proxy sendmail[15522]: i7V1H3vr015522:
from=<root@host@whatever.com>, size=123705, class=0, nrcpts=1,
msgid=<200408301802.i7UI2LTf002876@host@whatever.com>, proto=ESMTP,
daemon=MTA, relay=host@whatever.com [127.0.0.1]
Aug 31 11:17:04 proxy sm-msp-queue[15521]: i7UI2LTf002876: to=root,
ctladdr=root (0/0), delay=07:14:43, xdelay=00:00:01, mailer=relay,
pri=120055, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent
(i7V1H3vr015522 Message accepted for delivery)
Aug 31 11:17:09 proxy sendmail[15527]: i7UGITqR029660:
to=<carlod@whatever.com.au>, delay=08:58:38, xdelay=00:00:00, mailer=esmtp,
pri=120501, relay=XXXXX.whatever.com.au. [xxx.xxx.xxx.xxx], dsn=5.1.1,
stat=User unknown
Aug 31 11:17:09 proxy sendmail[15527]: i7UGITqR029660: i7V1H37p015527: DSN:
User unknown
Aug 31 11:17:45 proxy sendmail[15551]: i7V1H3vr015522:
to=<root@host@whatever.com>, ctladdr=<root@host@whatever.com> (0/0),
delay=00:00:42, xdelay=00:00:01, mailer=local, pri=120365, dsn=2.0.0,
stat=Sent
Aug 31 11:17:48 proxy MailScanner[15553]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 31 11:17:48 proxy MailScanner[15553]: Could not read Custom Functions
directory
Aug 31 11:17:50 proxy MailScanner[15553]: Could not read file
/var/run/MailScanner.pid
Aug 31 11:17:50 proxy MailScanner[15553]: Error in line 116, file
"/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
Aug 31 11:17:57 proxy MailScanner[15554]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 31 11:17:57 proxy MailScanner[15554]: Could not read Custom Functions
directory
Aug 31 11:17:57 proxy MailScanner[15554]: Could not read file
/var/run/MailScanner.pid
Aug 31 11:17:57 proxy MailScanner[15554]: Error in line 116, file
"/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
Aug 31 11:18:07 proxy MailScanner[15555]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 31 11:18:07 proxy MailScanner[15555]: Could not read Custom Functions
directory
Aug 31 11:18:07 proxy MailScanner[15555]: Could not read file
/var/run/MailScanner.pid
Aug 31 11:18:07 proxy MailScanner[15555]: Error in line 116, file
"/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
Aug 31 11:18:10 proxy sendmail[15527]: i7V1H37p015527:
to=<OJJPBTPNDGO@ameritrade.com>, delay=00:01:01, xdelay=00:01:00,
mailer=esmtp, pri=32522, relay=smtp.ameritrade.com. [199.200.9.140],
dsn=4.0.0, stat=Deferred: Connection timed out with smtp.ameritrade.com.
Aug 31 11:18:11 proxy sendmail[15527]: i7UGJHXB029716:
to=<OJJPBTPNDGO@ameritrade.com>, delay=08:58:54, xdelay=00:00:00,
mailer=esmtp, pri=122522, relay=smtp.ameritrade.com., dsn=4.0.0,
stat=Deferred: Connection timed out with smtp.ameritrade.com.
Aug 31 11:18:17 proxy MailScanner[15556]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 31 11:18:17 proxy MailScanner[15556]: Could not read Custom Functions
directory
Aug 31 11:18:17 proxy MailScanner[15556]: Could not read file
/var/run/MailScanner.pid
Aug 31 11:18:17 proxy MailScanner[15556]: Error in line 116, file
"/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, 31 August 2004 4:37 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: upgrade problems

At 18:00 30/08/2004, you wrote:
>Any help here?
>
>
>Unpacked
>./install.sh
>Upgraded conf file
>All looked fine
>Restarted MailScanner and got this

Check you don't have a /etc/sysconfig/MailScanner.rpmnew. If so, merge the
old settings into the new one. The new one auto-detects the MTA from
/etc/MailScanner/MailScanner.conf. What does the line in MailScanner.conf
that sets your MTA look like? It should just be like
MTA = sendmail
or similar.

I think that is where the problem is, as shown by the "Invalid MTA" error
in your output.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greyhair at GREYHAIR.NET  Tue Aug 31 04:40:53 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:26:42 2006
Subject: in redhat 9
Message-ID: <mailman.1279.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raul,

Did you see this?
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/121.html
It directly relates to RedHat 9!

Sorry, hablo solamente inglés.
Google trys to translate,(http://translate.google.com/translate_t)

http://translate.google.com/translate?u=http%3A%2F%2Fwww.sng.ecs.soton.ac.uk%2Fmailscanner%2Fserve%2Fcache%2F121.html&langpair=en%7Ces&hl=en&ie=UTF8&oe=UTF8



Raul Urqueta S wrote:
> *somebody** can help me to configure the MailScanner with RedHat 9, and 
> Uvscan? Step by step (in Spanish better)*
> 
> *I cant do it work.*
> 
> *I follow the steps in the page 
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
> don^Òt work*
> 
> * *
> 
> *Thanks*
> 
> * *
> 
> *Raul.-*
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From lists at ListOwners.Net  Tue Aug 31 04:44:39 2004
From: lists at ListOwners.Net (Mailing List Subscriber)
Date: Thu Jan 12 21:26:42 2006
Subject: Scanning and Re-Scanning
Message-ID: <mailman.1280.1137101202.24926.mailscanner@lists.mailscanner.info>

I run a mailing list service (majordomo/mailman/etc) for a bunch of opt-in
discussion lists (pet lovers, knitting fans, etc).  I use the current release
of MailScanner along with ClamAV and Sophos and they work perfectly.
MailScanner is the BEST utility I've ever seen.  Thank you Julian.

I do have an issue, tho, and I'm not sure how to fix it.

When messages come into the server for a particular list, MailScanner picks
it up, scans it, and hands it off to the next alias which is usually
majordomo.   Majordomo then processes the mail and hands it off to a batcher
called TLB which handles the envelope batching a little more efficiently.  It
will group the new outbound messages into envelopes of no more than ten
recepients, and will batch them by domains.  So one message to 10 yahoo.com,
one message to 10 aol.com, and so on.  So far so good.

But when these messages are handed back to sendmail for delivery going out of
the server, they are placed back into mqueue.in and scanned by MailScanner.
This is a redundant action as the inbound message was already scanned by
MailScanner and found to be clean.  One already scanned message then becomes
50 or 200 messages to be scanned again.

TLB has in it's configuration the ability for me to define the mailer host
and SMTP port.  It's currently defined as port 25.  I don't pretend to fully
understand how MailScanner works, but I'm guessing that anything that comes
in on port 25 is queued to mqueue.in and processed by MailScanner.

Do I need to configure in sendmail.mc another daemon to listen on another
port just for outbound emails and teach TLB to send to that port instead?  If
so, and this is my most important part of the question, how do I add this
into sendmail.mc?

I currently have...

DAEMON_OPTIONS(`Port=smtp, Name=MSA, M=E')dnl

can I create another entry as

DAEMON_OPTIONS(`Port=smtp, Name=MSA, M=E')dnl
DAEMON_OPTIONS(`Port=26,   Name=MSA1, M=E')dnl

and tell TLB to deliver to port 26 in order to avoid a second scan by
MailScanner?  Or am I totally misunderstanding something.

My sendmail version is 8.11.6 but I am NOT a sendmail guru.

Thanks for any suggestions.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Tue Aug 31 08:46:17 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:26:42 2006
Subject: relay score less the the require and identified as spam
Message-ID: <mailman.1281.1137101202.24926.mailscanner@lists.mailscanner.info>

 >-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 29 August 2004 15:01
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: relay score less the the require and identified as spam
>
[snip]
>> >From our point of view one false positive is one too many.
>>The Spamhaus listing criteria is not at fault, blocking based on it is
>>unfortunately.
>>If you score based on XBL/SBL you will not see a drop in your success
>>rate, as no one rule is going to push an email over the limit (or keep
>>it under it)
>
>Fair enough. When I deploy SA3, I will consider making this 
>change so that
>we just score against it, rather than block on it.
>--

If you REJECT messages based on XBL-SBL at the MTA level then the sender
should get feedback via the SMTP channel. This could include some
helpful info from you if you have configured things properly. This would
enable the sender to take appropriate action and in this situation use
of XBL-SBL seems quite reasonable.

If you BLOCK or QUARANTINE based on any DNS BL then as far as the sender
is concerned the message has gone into a black hole.

I carried out a survey recently and 20 of the 23 UK.AC sites that
responded do mail REJECTION at the MTA level using SBL-XBL & MAPS+ (the
free JANET mirror of MAPS-RBL).

Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 09:16:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: Scanning and Re-Scanning
Message-ID: <mailman.1282.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sounds like you need to read up about rulesets, it's in the MAQ
(www.mailscanner.biz/maq). If you stop mail from 127.0.0.1 being scanned,
it won't scan mail generated on the local host.

At 04:44 31/08/2004, you wrote:
>I run a mailing list service (majordomo/mailman/etc) for a bunch of opt-in
>discussion lists (pet lovers, knitting fans, etc).  I use the current release
>of MailScanner along with ClamAV and Sophos and they work perfectly.
>MailScanner is the BEST utility I've ever seen.  Thank you Julian.
>
>I do have an issue, tho, and I'm not sure how to fix it.
>
>When messages come into the server for a particular list, MailScanner picks
>it up, scans it, and hands it off to the next alias which is usually
>majordomo.   Majordomo then processes the mail and hands it off to a batcher
>called TLB which handles the envelope batching a little more efficiently.  It
>will group the new outbound messages into envelopes of no more than ten
>recepients, and will batch them by domains.  So one message to 10 yahoo.com,
>one message to 10 aol.com, and so on.  So far so good.
>
>But when these messages are handed back to sendmail for delivery going out of
>the server, they are placed back into mqueue.in and scanned by MailScanner.
>This is a redundant action as the inbound message was already scanned by
>MailScanner and found to be clean.  One already scanned message then becomes
>50 or 200 messages to be scanned again.
>
>TLB has in it's configuration the ability for me to define the mailer host
>and SMTP port.  It's currently defined as port 25.  I don't pretend to fully
>understand how MailScanner works, but I'm guessing that anything that comes
>in on port 25 is queued to mqueue.in and processed by MailScanner.
>
>Do I need to configure in sendmail.mc another daemon to listen on another
>port just for outbound emails and teach TLB to send to that port instead?  If
>so, and this is my most important part of the question, how do I add this
>into sendmail.mc?
>
>I currently have...
>
>DAEMON_OPTIONS(`Port=smtp, Name=MSA, M=E')dnl
>
>can I create another entry as
>
>DAEMON_OPTIONS(`Port=smtp, Name=MSA, M=E')dnl
>DAEMON_OPTIONS(`Port=26,   Name=MSA1, M=E')dnl
>
>and tell TLB to deliver to port 26 in order to avoid a second scan by
>MailScanner?  Or am I totally misunderstanding something.
>
>My sendmail version is 8.11.6 but I am NOT a sendmail guru.
>
>Thanks for any suggestions.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From darren at TORSION.CO.UK  Tue Aug 31 09:22:12 2004
From: darren at TORSION.CO.UK (Darren Walker)
Date: Thu Jan 12 21:26:42 2006
Subject: Problem with Mailscanner install on Raq4
Message-ID: <mailman.1283.1137101202.24926.mailscanner@lists.mailscanner.info>


I am having problems installing Mailscanner on to a Raq4. It is
completely reformatted and fully patched. I am running perl 5.005_03.

 

The installer fails at  perl-MIME-tools-5.411-pl4.3.src.rpm stating that
it is not installed. I have tried to manually install it but it still
fails. I have tried to run the installer with -nodeps as stated in the
README file, but when I try to run MailScanner I get the following
message.

 

[root spool]# /etc/rc.d/init.d/MailScanner start

Starting MailScanner daemons:

         incoming sendmail: ok

         outgoing sendmail: ok

         MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC
contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux
/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux
/usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at
/usr/lib/MailScanner/MailScanner/Config.pm line 34.

BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/Config.pm line 34.

BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 42.

Ok

 

 

Any help much appreciated

 

Regards

 

Darren Walker

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 10:07:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1284.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Morning all,

I have just released the new stable release 4.33.3.
No major changes this month, just some tidying up and a few minor new
features and adjustments.

Note there is a new version of Archive::Zip included, so you should run the
install.sh script and not just upgrade the MailScanner rpm itself.

Download as usual from
         www.mailscanner.info

The full Changelog is here:

* New Features and Improvements *
- When converting an HTML message to plain text, HTML comments are removed.
- Now prints more realistic Perl version with -v, and includes Net::DNS.
- Custom Functions can now take parameters. These are passed to the Init
   and End functions corresponding to each Custom Function.
- Updated Czech translations.
- McAfee -autoupdate script improved to handle situation where McAfee upgrade
   was manually installed and previous installation was not removed first.
- Added all the MCP settings to the shipped MailScanner.conf file.
- Added support for the "Symantec Scan Engine" scanner.
- Non-RPM installer never opts for RPM install.
- Upgraded Archive::Zip to 1.13.
- Improved "MailScanner -v" output so it gives kernel and OS release
   information if it can find any. Also now logs version of MIME::Base64.
- Added setting to SpamAssassin so that Version 3.0 will use fast non-NFS
   file locking, as most MailScanner users don't access Bayes across NFS.
- Configuration compiler much more tolerant of errors and missing files.

* Fixes *
- AntiVir is now forced to run in English.
- RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
   now handled properly.
- Couple of minor fixes to ZMailer support.
- Added a space in the Postmaster report to improve formatting.
- Fixed bug in spam score number formatting.
- Now set the charset in messages that are "notices to".
- Now catch the case where SpamAssassin fails to set the autolearn status.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 10:07:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1285.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Morning all,

I have just released the new stable release 4.33.3.
No major changes this month, just some tidying up and a few minor new
features and adjustments.

Note there is a new version of Archive::Zip included, so you should run the
install.sh script and not just upgrade the MailScanner rpm itself.

Download as usual from
         www.mailscanner.info

The full Changelog is here:

* New Features and Improvements *
- When converting an HTML message to plain text, HTML comments are removed.
- Now prints more realistic Perl version with -v, and includes Net::DNS.
- Custom Functions can now take parameters. These are passed to the Init
   and End functions corresponding to each Custom Function.
- Updated Czech translations.
- McAfee -autoupdate script improved to handle situation where McAfee upgrade
   was manually installed and previous installation was not removed first.
- Added all the MCP settings to the shipped MailScanner.conf file.
- Added support for the "Symantec Scan Engine" scanner.
- Non-RPM installer never opts for RPM install.
- Upgraded Archive::Zip to 1.13.
- Improved "MailScanner -v" output so it gives kernel and OS release
   information if it can find any. Also now logs version of MIME::Base64.
- Added setting to SpamAssassin so that Version 3.0 will use fast non-NFS
   file locking, as most MailScanner users don't access Bayes across NFS.
- Configuration compiler much more tolerant of errors and missing files.

* Fixes *
- AntiVir is now forced to run in English.
- RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
   now handled properly.
- Couple of minor fixes to ZMailer support.
- Added a space in the Postmaster report to improve formatting.
- Fixed bug in spam score number formatting.
- Now set the charset in messages that are "notices to".
- Now catch the case where SpamAssassin fails to set the autolearn status.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Aug 31 11:31:10 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:42 2006
Subject: in redhat 9
Message-ID: <mailman.1286.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Raul Urqueta S wrote:

> *somebody** can help me to configure the MailScanner with RedHat 9, and 
> Uvscan? Step by step (in Spanish better)*
> 
> *I cant do it work.*
> 
> *I follow the steps in the page 
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
> don^Òt work*

Please tell us what doesn't work.  Vamos a ayudar.

> 
> * *
> 
> *Thanks*
> 
> * *
> 
> *Raul.-*
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From dot at DOTAT.AT  Tue Aug 31 11:53:48 2004
From: dot at DOTAT.AT (Tony Finch)
Date: Thu Jan 12 21:26:42 2006
Subject: A bug in mcafee-autoupdate ?
Message-ID: <mailman.1287.1137101202.24926.mailscanner@lists.mailscanner.info>

Kai Wang <kwang@UCALGARY.CA> wrote:
>
>May I suggest that you add the 'run logger -p mail.info
>"McAfee-autoupdate[]: McAfee updated to version $VERSION" 2>/dev/null'
>to the new version?  I feel it's important to know when the new version
>is installed.

I run `uvscan-update -d` from cron which causes email to be sent whenever
an update happens (or when something goes wrong). I used to use the -r
option as well, but McAfee don't seem to include the list of new viruses
any more. The version below has a -l option.

Tony.
--
f.a.n.finch  <dot@dotat.at>  http://dotat.at/
THE WASH TO NORTH FORELAND: NORTHWEST 3 OR 4 BECOMING VARIABLE3 OR LESS.
SHOWERS DYING OUT. GOOD. MODERATE BECOMING SLIGHT.



#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/conf/build/bin/uvscan-update,v 1.53 2004/08/31 10:48:37 fanf2 Exp $

# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.

# defaults
OPTS=""
PREFIX=/opt/uvscan
FTPDIR=http://download.nai.com/products/datfiles/4.x/nai
RETRIES=1
INTERVAL=300

# handle the command line
usage () {
        echo "usage: $0 [-dflrtv] [-Rnnn] [-Innn] [proxy] [prefix]"
        echo "  -d      delete old files"
        echo "  -e      get extra.dat"
        echo "  -f      force update"
        echo "  -l      syslog updates"
        echo "  -r      show README"
        echo "  -t      timestamp output"
        echo "  -v      verbose"
        echo "  -R      number of retries"
        echo "  -I      retry interval"
        echo "  proxy   URL of FTP/HTTP proxy server"
        echo "  prefix  uvscan installation directory"
        exit 1
}
case $# in
[012345])
        : ok
        ;;
*)      usage
        ;;
esac
for arg in "$@"
do
        case $arg in
        -I*)    INTERVAL=${arg#-I}
                ;;
        -R*)    RETRIES=${arg#-R}
                ;;
        -*)     OPTS=$arg
                ;;
        /*)     PREFIX=$arg
                ;;
        http:)  ftp_proxy=$arg
                http_proxy=$arg
                export ftp_proxy
                export http_proxy
                ;;
        *)      usage
                ;;
        esac
done
case $OPTS in
*[!-dfrltv]*)
        usage
esac
option () {
        case $OPTS in
        -*$1*)  eval $2=yes
                ;;
        *)      eval $2=no
                ;;
        esac
}
option d DELETE
option e EXTRA
option f FORCE
option l SYSLOG
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes)    VERBOSE=yes
esac

# look for binaries and libraris in plausible places
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
# this is only necessary for broken setups
LD_LIBRARY_PATH=$PREFIX
export PATH LD_LIBRARY_PATH

# where this script finds things
DATDIR=$PREFIX/datfiles
DATFILES="clean.dat extra.dat internet.dat names.dat scan.dat"
LINKNAME=current
LINKREL=datfiles/$LINKNAME

# wrapper functions for echo etc.
timestamp () {
        case $TIME in
        yes)    date "+%Y-%m-%d %H:%M:%S "
        esac
}
say () {
        case $VERBOSE in
        yes)    echo "`timestamp`$*"
        esac
}
run () {
        say "> $*"
        "$@"
}
testeval () {
        # ugly workaround
        say "> $*"
        set +e
        eval "$*"
        ret=$?
        set -e
        return $ret
}
is () {
        test "$@" 2>/dev/null
}
say Starting $0
say DELETE=$DELETE
say FORCE=$FORCE
say README=$README
say TIME=$TIME
say VERBOSE=$VERBOSE
say RETRIES=$RETRIES
say INTERVAL=$INTERVAL
say PROXY=$ftp_proxy
say PREFIX=$PREFIX

# check directory setup is correct
for link in $LINKREL $DATFILES
do
        if ! is -h $PREFIX/$link
        then
                say $PREFIX/$link is not set up
                INIT=yes
        fi
done
if ! is -d $DATDIR
then
        say $DATDIR is not set up
        INIT=yes
fi
case $INIT in
yes)
        VERBOSE=yes
        say Doing initial setup of $0
        run mkdir -p $DATDIR
esac
run cd $DATDIR

getver () {
        match="[0-9][0-9][0-9][0-9]"
        err="version.err"
        cmd="$1" out="$2" txt="$3"
        if testeval "$cmd 2>$err 1>&2"
        then
                VER=`cat $out | sed "/^$txt\($match\).*$/!d;s//\1/;q"`
                case $VER in
                $match) run rm -f $out $err
                        return
                esac
        fi
        cat $err
        VER=UNKNOWN
        run rm -f $out $err
}

# work out latest dat version
try=$RETRIES
while :
do      getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion="
        VERSION=$VER
        case $VERSION in
        UNKNOWN)
                if ! try=`expr $try - 1`
                then break
                fi
                say Problem with McAfee datfile update from $FTPDIR
                say Sleeping for $INTERVAL seconds before retrying
                sleep $INTERVAL
                ;;
        *)      break
                ;;
        esac
done

# work out installed dat version
getver "uvscan --version" version.err "Virus data file v"
PREVIOUS=$VER

case $FORCE in
yes)    say Forced update from $PREVIOUS
        PREVIOUS=0000
        ;;
*)      if is $VERSION -eq $PREVIOUS
        then    say Already have $VERSION
                run exit 0
        fi
esac

VERBOSE=yes

say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION

if is $VERSION = UNKNOWN
then    say Problem with McAfee datfile update from $FTPDIR
        run exit 1
elif is $VERSION -lt $PREVIOUS
then    say Remote version $VERSION older than installed version $PREVIOUS
        run exit 1
elif is -d $VERSION
then    say Cleaning away $VERSION directory
        run rm -rf $VERSION
fi

retry () {
        echo "$OUT"
        say Fetch or test failed -- removing bad McAfee data files
        run cd $DATDIR
        run rm -rf $VERSION
        if ! try=`expr $try - 1`
        then    say Giving up
                run exit 1
        fi
        say Sleeping for $INTERVAL seconds before retrying
        sleep $INTERVAL
        continue
}

try=$RETRIES
while :
do
        # fetch and extract dat files
        TARFILE=dat-$VERSION.tar
        run mkdir $VERSION
        run cd $VERSION
        run chmod 700 .
        if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
        then retry
        fi
        run tar xvf $TARFILE
        run chmod 644 *
        run chmod 755 .

        # verify the contents
        CMD="uvscan --version --dat ."
        say "> $CMD"
        if ! OUT=`$CMD 2>&1`
        then    retry
        else    break
        fi
done

echo "$OUT"
say Update OK

# show information on this update?
case $SYSLOG in
yes)    run logger -p mail.info "McAfee uvscan dat file updated to $VERSION"
esac
case $README in
yes)    run sed 's/[[:cntrl:]]//g
                s/^/# /;/@MM/s/$/ <--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt

# do remaining part of initial setup
case $INIT in
yes)    for file in $DATFILES
        do
                run rm -f $PREFIX/$file
                run ln -s $LINKREL/$file $PREFIX/$file
        done
esac

# update the current version link
run cd $DATDIR
run ln -s $VERSION $VERSION/$LINKNAME
run mv $VERSION/$LINKNAME .

# maybe delete old dat files
case $DELETE in
yes)    run cd $DATDIR
        run rm -rf $PREVIOUS
esac

say Completed OK
run exit 0

# done

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Tue Aug 31 13:21:11 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:42 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1288.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<STYLE>BODY {
        BACKGROUND-POSITION: left top; MARGIN-TOP: 7em; FONT-WEIGHT: normal; FONT-SIZE: 8pt; MARGIN-BOTTOM: 0em; MARGIN-LEFT: 1em; COLOR: #000000; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: "Verdana"; BACKGROUND-COLOR: #ffffff
}
</STYLE>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY background=cid:890353311@31082004-200e>
<DIV><SPAN class=890353311-31082004><FONT size=1>First sorry for my English and 
thanks in advanced.</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=890353311-31082004><FONT size=1>Hi Friends,<BR>Lately, I try to 
optimize my MailSacanner setting up some rules for spamassassin downloading from 
<A 
href="http://wiki.apache.org/spamassassin/CustomRulesets">http://wiki.apache.org/spamassassin/CustomRulesets</A> 
and copying them into /etc/mail/spamassassin/, first the system works well, 
fine, fantastic!! stop all the spam, but .. after 24 hours of good work, more or 
less, mailscanner doesn't process the messages of the inbound queue and the 
logging shows some messages like these:</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=890353311-31082004><FONT size=1>servnozar MailScanner[15301]: 
SpamAssassin timed out and was killed, consecutive failure 5 of 20 <BR>servnozar 
MailScanner[15301]: RBL Check ORDB-RBL timed out and was killed, consecutive 
failure 1 of 7 </FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=890353311-31082004><FONT size=1>I'm try to set up little value 
in "Max SpamAssassin Size" to try to load the less possible and&nbsp; more time 
out for spamassassin in MailScanner.conf, but doesn't work.</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=890353311-31082004><FONT size=1>Thanks for all your 
support.</FONT></SPAN></DIV>
<DIV><FONT size=1><SPAN class=890353311-31082004></SPAN></FONT>&nbsp;</DIV>
<DIV><BR><BR></DIV>
<DIV>
<TABLE cellSpacing=0 cellPadding=0 width=400 border=0>
  <TBODY>
  <TR>
    <TD vAlign=top align=left width=1><FONT size=1>&nbsp;</FONT></TD>
    <TD vAlign=top align=left width=290>
      <P><FONT size=1><!--  CAMBIAR EL NOMBRE DEL USUARIO  --><!-- Si existen Acentos sustituir & acute; por la letra acentuada
        La letra que lleva el acento va entre el & y acute; --><STRONG>Ricardo 
      Luis Cañavate García</STRONG><BR></FONT><FONT size=1><!--  CAMBIAR EL CARGO DEL USUARIO  -->Dpto. de 
      Informática<BR><FONT color=#a90034><STRONG>NOZAR</STRONG><I>&nbsp;Grupo 
      Inmobiliario</I></FONT><BR><!--  CAMBIAR EL NUMERO DE TELEFONO Y FAX  --><FONT 
      color=#666666>Tel: 91 758 96 30 | Fax: 91 559 83 39</FONT><BR><A 
      href="http://www.nozar.es/" target=_blank><FONT 
      color=#a90034><STRONG>www.nozar.es</STRONG></FONT></A></FONT></P></TD></TR></TBODY></TABLE></DIV>
<DIV>&nbsp;</DIV></BODY><br />=========================================================<br />
<font size="2" face="Arial, Helvetica, sans-serif" justify="justify">Usted recibe este mensaje porque su dirección e-mail se encuentra en<br /> 
nuestra base de datos al haber tenido contactos anteriores con nosotros,<br /> 
por lo que entendemos que contamos con su autorización para enviarle<br /> 
información profesional. No obstante, si no desea seguir recibiéndola<br /> 
basta con hacérnoslo saber.<br />
Este mensaje se dirige exclusivamente a su destinatario y puede contener<br /> 
información privilegiada o confidencial. Si no es vd. el destinatario<br /> 
indicado, queda notificado de que la utilización, divulgación y/o copia<br /> 
sin autorización está prohibida en virtud de la legislación vigente.<br />
Si ha recibido este mensaje por error, le rogamos que nos lo comunique<br /> 
inmediatamente por esta misma vía y proceda a su destrucción.<br /><br />
You are receiving this message because your e-mail address is listed in<br /> 
our database due to previous communications with us,<br />
so we have assumed that we have your permission to send you professional<br />
information. However, if you do not wish to continue to receive such<br />
information then please let us know.<br />
This message is intended exclusively for its addressee and may contain<br />
information that is CONFIDENTIAL and protected by professional privilege.<br />
If you are not the intended recipient you are hereby notified that any<br />
dissemination, copy or disclosure of this communication is strictly<br />
prohibited by law. If this message has been received in error, please<br />
immediately notify us via e-mail and delete it.</font><br />
==========================================================<br />
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>
Embedded Content: Corporativo.gif: 00000001,22e8ee51,00000000,00000000

From rurqueta at MUNILASERENA.CL  Tue Aug 31 13:30:26 2004
From: rurqueta at MUNILASERENA.CL (Raul Urqueta S)
Date: Thu Jan 12 21:26:42 2006
Subject: in redhat 9
Message-ID: <mailman.1289.1137101202.24926.mailscanner@lists.mailscanner.info>

No se porque motivo, todo correo que envío y que recibo lo interpreta
como si fuera virus, y me bloque el cuerpo del mensaje, tengo redhat 9,
con el sendmail que trae por defecto, realice la instalación tal cual
como sale en el instructivo, y no entiendo que pasará.

En todo caso soy novato en el tema, pero con muchas ganas de aprender.

Gracias

Raul.-


-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En
nombre de Ugo Bellavance
Enviado el: Martes, 31 de Agosto de 2004 6:31
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: in redhat 9

Raul Urqueta S wrote:

> *somebody** can help me to configure the MailScanner with RedHat 9,
and 
> Uvscan? Step by step (in Spanish better)*
> 
> *I cant do it work.*
> 
> *I follow the steps in the page 
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
> don^Òt work*

Please tell us what doesn't work.  Vamos a ayudar.

> 
> * *
> 
> *Thanks*
> 
> * *
> 
> *Raul.-*
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Aug 31 13:41:06 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:42 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1290.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ricardo

normally timeouts are a result of the RBL's not getting their 
information quickly enought.

I turn most of them off by giving them a zero score in my 
spam.assassin.prefs.conf (see a post last week from me on this).

BUT if you are using bigevil.cf and the sa-blacklist's you'll be 
increasing the processing requireed by a huge amount as they are massive 
files. You'd be better off using the www.sorbl.org alternatives via the 
spamcop-uri plug-in.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ricardo Luis Cañavate wrote:
> First sorry for my English and thanks in advanced.
>  
> Hi Friends,
> Lately, I try to optimize my MailSacanner setting up some rules for 
> spamassassin downloading from 
> http://wiki.apache.org/spamassassin/CustomRulesets and copying them into 
> /etc/mail/spamassassin/, first the system works well, fine, fantastic!! 
> stop all the spam, but .. after 24 hours of good work, more or less, 
> mailscanner doesn't process the messages of the inbound queue and the 
> logging shows some messages like these:
>  
> servnozar MailScanner[15301]: SpamAssassin timed out and was killed, 
> consecutive failure 5 of 20
> servnozar MailScanner[15301]: RBL Check ORDB-RBL timed out and was 
> killed, consecutive failure 1 of 7
>  
> I'm try to set up little value in "Max SpamAssassin Size" to try to load 
> the less possible and  more time out for spamassassin in 
> MailScanner.conf, but doesn't work.
>  
> Thanks for all your support.
>  
> 
> 
>   	
> 
> *Ricardo Luis Cañavate García*
> Dpto. de Informática
> *NOZAR*/ Grupo Inmobiliario/
> Tel: 91 758 96 30 | Fax: 91 559 83 39
> *www.nozar.es* <http://www.nozar.es/>
> 
>  

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From suporte at SETINET.COM.BR  Tue Aug 31 13:50:04 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:42 2006
Subject: Qmail ?
Message-ID: <mailman.1291.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>How i can install Mailscanner with Qmail 
??</FONT></DIV>
<DIV><FONT face=Arial size=2>I try to search a FAQ and/or How-to.. but nothing 
about...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>only the same thing... Added Qmail.... (you need 
the qmail/qmail-queue.zip file)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Please help</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 13:50:08 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:42 2006
Subject: in redhat 9
Message-ID: <mailman.1292.1137101202.24926.mailscanner@lists.mailscanner.info>

> No se porque motivo, todo correo que envío y que recibo lo
> interpreta como si fuera virus, y me bloque el cuerpo del
> mensaje, tengo redhat 9, con el sendmail que trae por
> defecto, realice la instalación tal cual como sale en el
> instructivo, y no entiendo que pasará.

Si podria ver algunas lineas de /var/log/maillog seria mas facil entender lo
que pasa.

Has probado enviar mensajes de texto solo (sin HTML) ?




Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From newsgroup2 at SPACELINK.COM.AU  Tue Aug 31 14:07:03 2004
From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark)
Date: Thu Jan 12 21:26:42 2006
Subject: Help me Please
Message-ID: <mailman.1293.1137101202.24926.mailscanner@lists.mailscanner.info>

When upgrading I accidentally did this (notice the MailScanner.)

cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew >
MailScanner.
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf




Also I can't find my MailScanner.conf.rpmnew anymore.
MailScanner. is empty

And when I copied the old conf file from backups I get this



[root@proxy MailScanner]# tail /var/log/maillog -f Aug 31 11:01:01 proxy
update.virus.scanners: Delaying cron job up to 600 seconds Aug 31 11:17:02
proxy sendmail[15505]: alias database /etc/aliases rebuilt by root Aug 31
11:17:02 proxy sendmail[15505]: /etc/aliases: 63 aliases, longest 10 bytes,
625 bytes total Aug 31 11:17:02 proxy sendmail[15514]: starting daemon
(8.12.8): SMTP Aug 31 11:17:03 proxy sm-msp-queue[15519]: starting daemon
(8.12.8):
queueing@00:15:00
Aug 31 11:17:03 proxy sendmail[15526]: starting daemon (8.12.8):
queueing@00:15:00
Aug 31 11:17:04 proxy sendmail[15522]: i7V1H3vr015522:
from=<root@host@whatever.com>, size=123705, class=0, nrcpts=1,
msgid=<200408301802.i7UI2LTf002876@host@whatever.com>, proto=ESMTP,
daemon=MTA, relay=host@whatever.com [127.0.0.1] Aug 31 11:17:04 proxy
sm-msp-queue[15521]: i7UI2LTf002876: to=root, ctladdr=root (0/0),
delay=07:14:43, xdelay=00:00:01, mailer=relay, pri=120055, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent
(i7V1H3vr015522 Message accepted for delivery) Aug 31 11:17:09 proxy
sendmail[15527]: i7UGITqR029660:
to=<carlod@whatever.com.au>, delay=08:58:38, xdelay=00:00:00, mailer=esmtp,
pri=120501, relay=XXXXX.whatever.com.au. [xxx.xxx.xxx.xxx], dsn=5.1.1,
stat=User unknown Aug 31 11:17:09 proxy sendmail[15527]: i7UGITqR029660:
i7V1H37p015527: DSN:
User unknown
Aug 31 11:17:45 proxy sendmail[15551]: i7V1H3vr015522:
to=<root@host@whatever.com>, ctladdr=<root@host@whatever.com> (0/0),
delay=00:00:42, xdelay=00:00:01, mailer=local, pri=120365, dsn=2.0.0,
stat=Sent Aug 31 11:17:48 proxy MailScanner[15553]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 31 11:17:48 proxy MailScanner[15553]: Could not read Custom Functions
directory Aug 31 11:17:50 proxy MailScanner[15553]: Could not read file
/var/run/MailScanner.pid Aug 31 11:17:50 proxy MailScanner[15553]: Error in
line 116, file "/var/run/MailScanner.pid" for pidfile does not exist (or can
not be read) Aug 31 11:17:57 proxy MailScanner[15554]: MailScanner E-Mail
Virus Scanner version 4.32.5 starting...
Aug 31 11:17:57 proxy MailScanner[15554]: Could not read Custom Functions
directory Aug 31 11:17:57 proxy MailScanner[15554]: Could not read file
/var/run/MailScanner.pid Aug 31 11:17:57 proxy MailScanner[15554]: Error in
line 116, file "/var/run/MailScanner.pid" for pidfile does not exist (or can
not be read) Aug 31 11:18:07 proxy MailScanner[15555]: MailScanner E-Mail
Virus Scanner version 4.32.5 starting...
Aug 31 11:18:07 proxy MailScanner[15555]: Could not read Custom Functions
directory Aug 31 11:18:07 proxy MailScanner[15555]: Could not read file
/var/run/MailScanner.pid Aug 31 11:18:07 proxy MailScanner[15555]: Error in
line 116, file "/var/run/MailScanner.pid" for pidfile does not exist (or can
not be read) Aug 31 11:18:10 proxy sendmail[15527]: i7V1H37p015527:
to=<OJJPBTPNDGO@ameritrade.com>, delay=00:01:01, xdelay=00:01:00,
mailer=esmtp, pri=32522, relay=smtp.ameritrade.com. [199.200.9.140],
dsn=4.0.0, stat=Deferred: Connection timed out with smtp.ameritrade.com.
Aug 31 11:18:11 proxy sendmail[15527]: i7UGJHXB029716:
to=<OJJPBTPNDGO@ameritrade.com>, delay=08:58:54, xdelay=00:00:00,
mailer=esmtp, pri=122522, relay=smtp.ameritrade.com., dsn=4.0.0,
stat=Deferred: Connection timed out with smtp.ameritrade.com.
Aug 31 11:18:17 proxy MailScanner[15556]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Aug 31 11:18:17 proxy MailScanner[15556]: Could not read Custom Functions
directory Aug 31 11:18:17 proxy MailScanner[15556]: Could not read file
/var/run/MailScanner.pid Aug 31 11:18:17 proxy MailScanner[15556]: Error in
line 116, file "/var/run/MailScanner.pid" for pidfile does not exist (or can
not be read)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, 31 August 2004 4:37 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: upgrade problems

At 18:00 30/08/2004, you wrote:
>Any help here?
>
>
>Unpacked
>./install.sh
>Upgraded conf file
>All looked fine
>Restarted MailScanner and got this

Check you don't have a /etc/sysconfig/MailScanner.rpmnew. If so, merge the
old settings into the new one. The new one auto-detects the MTA from
/etc/MailScanner/MailScanner.conf. What does the line in MailScanner.conf
that sets your MTA look like? It should just be like MTA = sendmail or
similar.

I think that is where the problem is, as shown by the "Invalid MTA" error in
your output.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC
7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 14:13:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:42 2006
Subject: Qmail ?
Message-ID: <mailman.1294.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please see opencomputing.sf.net.

At 13:50 31/08/2004, you wrote:
>How i can install Mailscanner with Qmail ??
>I try to search a FAQ and/or How-to.. but nothing about...
>
>only the same thing... Added Qmail.... (you need the qmail/qmail-queue.zip
>file)
>
>Please help
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From a.eijkhoudt at HVA.NL  Tue Aug 31 14:16:46 2004
From: a.eijkhoudt at HVA.NL (A. Eijkhoudt)
Date: Thu Jan 12 21:26:42 2006
Subject: Qmail ?
Message-ID: <mailman.1295.1137101202.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=255420613-31082004>Hi 
there,</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=255420613-31082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=255420613-31082004>There 
is a separate program for that, called qmail-scanner. You should be able to 
Google it up ;-)</SPAN></FONT></DIV><!-- Converted from text/plain format -->
<P><SPAN class=255420613-31082004></SPAN><FONT size=2><FONT face=Arial><FONT 
color=#0000ff>K<SPAN class=255420613-31082004>ind 
regards,</SPAN></FONT></FONT></FONT></P>
<P><FONT face=Tahoma><FONT size=2><SPAN class=255420613-31082004><FONT 
face=Arial color=#0000ff>A. Eijkhoudt&nbsp;</FONT></SPAN></FONT></FONT></P>
<P><FONT face=Tahoma><FONT size=2><SPAN 
class=255420613-31082004>&nbsp;</SPAN>-----Original Message-----<BR><B>From:</B> 
MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of 
</B>Dennis Robert Kelbert<BR><B>Sent:</B> dinsdag 31 augustus 2004 
14:50<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Qmail 
?<BR><BR></P></FONT></FONT>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
  <DIV><FONT face=Arial size=2>How i can install Mailscanner with Qmail 
  ??</FONT></DIV>
  <DIV><FONT face=Arial size=2>I try to search a FAQ and/or How-to.. but nothing 
  about...</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>only the same thing... Added Qmail.... (you need 
  the qmail/qmail-queue.zip file)</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Please help</FONT></DIV><BR>-- <BR>This message 
  has been scanned for viruses and <BR>dangerous HTML content by Valethosting. 
  <BR>Dit bericht is gecontroleerd op virussen en gevaarlijke <BR>HTML door 
  Valethosting's MailScanner. ------------------------ MailScanner list 
  ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From apaterno at DSNSECURITY.COM  Tue Aug 31 14:21:23 2004
From: apaterno at DSNSECURITY.COM (Hector A. Paterno)
Date: Thu Jan 12 21:26:42 2006
Subject: Spamassassin timed out and was killed
Message-ID: <mailman.1296.1137101202.24926.mailscanner@lists.mailscanner.info>

Rsync RBL zones ?, seems to be a great idea, how do you do that ?

Tnks in advance.



-----Original Message-----
From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] 
Sent: Viernes, 30 de Julio de 2004 06:11 p.m.
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Spamassassin timed out and was killed

Hi!

> I see a large number of these messages in my server's log files. My
> server shows available memory and no significant swapping is going on.
> Has anyone else experienced this?

Do you have large rulesets ? BigEvil ?
Do you have local caching DNS servers.
Do you rsync RBL zones locally for fast lookups ?

Bye,
Raymond.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html




-------------------------------------------------
CONFIDENTIALITY NOTE / NOTA DE CONFIDENCIALIDAD
This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake please let us know by e-mail immediately and 
delete it from your system; you should also not copy the message nor 
disclose its contents to anyone. Thank you.

Este mensaje es confidencial y puede contener informacion amparada 
por el secreto profesional. Si usted ha recibido este e-mail por error, por
favor comuniquelo inmediatamente via e-mail y tenga la amabilidad de
destruirlo; no debera copiar el mensaje ni divulgar su contenido a 
ninguna persona. Muchas Gracias.
---------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 14:24:20 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1297.1137101202.24926.mailscanner@lists.mailscanner.info>

Dennis Robert Kelbert wrote:


http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Aug 31 14:25:20 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1298.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dennis Robert Kelbert wrote:

> How i can install Mailscanner with Qmail ??
> I try to search a FAQ and/or How-to.. but nothing about...
>
> only the same thing... Added Qmail.... (you need the
> qmail/qmail-queue.zip file)

See the openprotect project on sourceforge.net.

>
> Please help
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 14:26:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1299.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
qmail-scanner is in no way connected to MailScanner at all, it is a totally
different package.
If you (quite sensibly) wish to run MailScanner on Qmail, then see
opencomputing.sourceforge.net.

At 14:16 31/08/2004, you wrote:
>Hi there,
>
>There is a separate program for that, called qmail-scanner. You should be
>able to Google it up ;-)
>
>Kind regards,
>
>A. Eijkhoudt
>
>  -----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Dennis Robert Kelbert
>Sent: dinsdag 31 augustus 2004 14:50
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Qmail ?
>
>How i can install Mailscanner with Qmail ??
>I try to search a FAQ and/or How-to.. but nothing about...
>
>only the same thing... Added Qmail.... (you need the qmail/qmail-queue.zip
>file)
>
>Please help
>
>--
>This message has been scanned for viruses and
>dangerous HTML content by Valethosting.
>Dit bericht is gecontroleerd op virussen en gevaarlijke
>HTML door Valethosting's MailScanner. ------------------------ MailScanner
>list ------------------------ To unsubscribe, email
><jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From suporte at SETINET.COM.BR  Tue Aug 31 14:27:04 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1300.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>But i dont want to use qmail-scanner.</FONT></DIV>
<DIV><FONT face=Arial size=2>I&nbsp;need MailScanner. (much more 
features)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<BLOCKQUOTE 
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A title=a.eijkhoudt@HVA.NL href="mailto:a.eijkhoudt@HVA.NL">A. Eijkhoudt</A> 
  </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A title=MAILSCANNER@JISCMAIL.AC.UK 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, August 31, 2004 10:16 
  AM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: Qmail ?</DIV>
  <DIV><BR></DIV>
  <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=255420613-31082004>Hi 
  there,</SPAN></FONT></DIV>
  <DIV><FONT face=Arial color=#0000ff size=2><SPAN 
  class=255420613-31082004></SPAN></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial color=#0000ff size=2><SPAN 
  class=255420613-31082004>There is a separate program for that, called 
  qmail-scanner. You should be able to Google it up ;-)</SPAN></FONT></DIV><!-- Converted from text/plain format -->
  <P><SPAN class=255420613-31082004></SPAN><FONT size=2><FONT face=Arial><FONT 
  color=#0000ff>K<SPAN class=255420613-31082004>ind 
  regards,</SPAN></FONT></FONT></FONT></P>
  <P><FONT face=Tahoma><FONT size=2><SPAN class=255420613-31082004><FONT 
  face=Arial color=#0000ff>A. Eijkhoudt&nbsp;</FONT></SPAN></FONT></FONT></P>
  <P><FONT face=Tahoma><FONT size=2><SPAN 
  class=255420613-31082004>&nbsp;</SPAN>-----Original 
  Message-----<BR><B>From:</B> MailScanner mailing list 
  [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of </B>Dennis Robert 
  Kelbert<BR><B>Sent:</B> dinsdag 31 augustus 2004 14:50<BR><B>To:</B> <A 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A><BR><B>Subject:</B> 
  Qmail ?<BR><BR></P></FONT></FONT>
  <BLOCKQUOTE style="MARGIN-RIGHT: 0px">
    <DIV><FONT face=Arial size=2>How i can install Mailscanner with Qmail 
    ??</FONT></DIV>
    <DIV><FONT face=Arial size=2>I try to search a FAQ and/or How-to.. but 
    nothing about...</FONT></DIV>
    <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
    <DIV><FONT face=Arial size=2>only the same thing... Added Qmail.... (you 
    need the qmail/qmail-queue.zip file)</FONT></DIV>
    <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
    <DIV><FONT face=Arial size=2>Please help</FONT></DIV><BR>-- <BR>This message 
    has been scanned for viruses and <BR>dangerous HTML content by Valethosting. 
    <BR>Dit bericht is gecontroleerd op virussen en gevaarlijke <BR>HTML door 
    Valethosting's MailScanner. ------------------------ MailScanner list 
    ------------------------ To unsubscribe, email <A 
    href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
    words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
    read the MAQ (<A 
    href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
    the archives (<A 
    href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
  </BLOCKQUOTE>------------------------ MailScanner list 
  ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From suporte at SETINET.COM.BR  Tue Aug 31 14:31:03 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1301.1137101203.24926.mailscanner@lists.mailscanner.info>

I have read at all..and configuring too.. but nothing happens the emails
going to queue.in/messand dont leave...

but i´m trying to see the opencomputing.sourceforge.net.
perhapsthis helps...i think...

=P Thanks


----- Original Message ----- 
From: "Michele Neylon :: Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, August 31, 2004 10:24 AM
Subject: Re: Qmail ?


> Dennis Robert Kelbert wrote:
>
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at seceidos.de  Tue Aug 31 14:36:44 2004
From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1302.1137101203.24926.mailscanner@lists.mailscanner.info>


> I have just released the new stable release 4.33.3.

I just submitted the FreeBSD port version 4.33.3 as well. Let's see when
this gets committed to the ports-tree...

Regards,
  JP

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 31 14:36:44 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1303.1137101203.24926.mailscanner@lists.mailscanner.info>

> I have just released the new stable release 4.33.3.

I just submitted the FreeBSD port version 4.33.3 as well. Let's see when
this gets committed to the ports-tree...

Regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rurqueta at MUNILASERENA.CL  Tue Aug 31 14:52:09 2004
From: rurqueta at MUNILASERENA.CL (Raul Urqueta S)
Date: Thu Jan 12 21:26:43 2006
Subject: in redhat 9
Message-ID: <mailman.1304.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C48F40.2E530C50">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="time"/>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:Tahoma;
        mso-fareast-font-family:"Times New Roman";
        mso-bidi-font-family:"Times New Roman";
        color:navy;
        font-weight:bold;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 22.0pt 70.85pt 22.0pt;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Tabla normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=ES link=blue vlink=purple style='tab-interval:35.4pt'>

<div class=Section1>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Acá van unas de las <span class=GramE>ultimas</span> líneas
del <span class=SpellE>maillog</span>: (tal ves sean muchas, pero no sabia
cuantas enviar)<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="54"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:54:16</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>13708]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="54"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:54:16</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>13708]:
New Batch: Found 5 messages waiting <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="54"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:54:16</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>13708]:
New Batch: Scanning 1 messages, 1402 bytes <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="54"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:54:16</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>13708]:
Virus and Content Scanning: Starting <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Commercial scanner <span class=SpellE>mcafee</span> timed out! <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Virus Scanning: Denial Of Service attack is in message i7VDjVa4014869 <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Infected message i7VDjVa4014869 came from 127.0.0.1 <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Saved entire message to var/spool/MailScanner/quarantine/20040831/i7VDjVa4014869
<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Silent: Delivered 1 messages containing silent viruses <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>14949]:
i7VDtfJG014949: from=postmaster, size=513, class=0, <span class=SpellE>nrcpts</span>=1,
msgid=&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;, relay=<span
class=SpellE>root@localhost</span><o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>14952]:
i7VDtfa4014952: from=&lt;postmaster@server2.festivaldelaserena.cl&gt;,
size=824, class=0, <span class=SpellE>nrcpts</span>=1,
msgid=&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;, proto=<span
class=SpellE>ESMTP</span>, daemon=<span class=SpellE>MTA</span>, relay=<span
class=SpellE>localhost.localdomain</span> [127.0.0.1]<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>14951]:
i7VDjVa4014869: to=root, delay=</span></font><st1:time Hour="0" Minute="10"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:10:10</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, <span
class=SpellE>xdelay</span>=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>,
mailer=local, <span class=SpellE>pri</span>=120427, <span class=SpellE>dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>14949]:
i7VDtfJG014949: to=postmaster, delay=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, <span
class=SpellE>xdelay</span>=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, mailer=relay,
<span class=SpellE>pri</span>=30116, relay=[127.0.0.1] [127.0.0.1], <span
class=SpellE>dsn</span>=2.0.0, stat=Sent (i7VDtfa4014952 Message accepted for
delivery)<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:41</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:42</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
New Batch: Found 5 messages waiting <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:42</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
New Batch: Scanning 1 messages, 1402 bytes <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:42</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14392]:
Virus and Content Scanning: Starting <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:56</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14318]:
Commercial scanner <span class=SpellE>mcafee</span> timed out! <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="55"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:55:57</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14318]:
Virus Scanning: Denial Of Service attack detected! <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="56"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:56:37</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15048]:
alias database /etc/aliases rebuilt by root<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="56"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:56:39</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15048]:
/etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="56"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:56:42</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15060]:
starting daemon (8.12.8): SMTP+queueing@01:00:00<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="56"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:56:42</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE>sm-msp-<span class=GramE>queue</span></span><span class=GramE>[</span>15069]:
starting daemon (8.12.8): queueing@01:00:00<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Commercial scanner <span class=SpellE>mcafee</span> timed out! <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Virus Scanning: Denial Of Service attack is in message i7VDmZa4014883 <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Infected message i7VDmZa4014883 came from 127.0.0.1 <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Saved entire message to
/var/spool/MailScanner/quarantine/20040831/i7VDmZa4014883 <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Silent: Delivered 1 messages containing silent viruses <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:45</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15157]:
i7VDwjQp015157: from=postmaster, size=513, class=0, <span class=SpellE>nrcpts</span>=1,
msgid=&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;, relay=<span
class=SpellE>root@localhost</span><o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:46</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15159]:
i7VDmZa4014883: to=root, delay=</span></font><st1:time Hour="0" Minute="10"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:10:11</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, <span
class=SpellE>xdelay</span>=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>,
mailer=local, <span class=SpellE>pri</span>=120427, <span class=SpellE>dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:46</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15160]:
i7VDwjg0015160: from=&lt;postmaster@server2.festivaldelaserena.cl&gt;,
size=824, class=0, <span class=SpellE>nrcpts</span>=1,
msgid=&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;, proto=<span
class=SpellE>ESMTP</span>, daemon=<span class=SpellE>MTA</span>, relay=<span
class=SpellE>localhost.localdomain</span> [127.0.0.1]<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:46</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15157]:
i7VDwjQp015157: to=postmaster, delay=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:01</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, <span
class=SpellE>xdelay</span>=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:01</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>,
mailer=relay, <span class=SpellE>pri</span>=30116, relay=[127.0.0.1]
[127.0.0.1], <span class=SpellE>dsn</span>=2.0.0, stat=Sent (i7VDwjg0015160
Message accepted for delivery)<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:46</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>MailScanner</span></span><span class=GramE>[</span>14411]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=1 color=navy face=Tahoma><span lang=EN-US
style='font-size:8.0pt;mso-ansi-language:EN-US'>Aug 31 </span></font></b><st1:time
Hour="9" Minute="58"><font size=1><span lang=EN-US style='font-size:8.0pt;
 mso-ansi-language:EN-US'>09:58:46</span></font></st1:time><font size=1><span
lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'> server2 <span
class=SpellE><span class=GramE>sendmail</span></span><span class=GramE>[</span>15162]:
i7VDwjg0015160: to=root, delay=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>, <span
class=SpellE>xdelay</span>=</span></font><st1:time Hour="0" Minute="0"><font
 size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>00:00:00</span></font></st1:time><font
size=1><span lang=EN-US style='font-size:8.0pt;mso-ansi-language:EN-US'>,
mailer=local, <span class=SpellE>pri</span>=31074, <span class=SpellE>dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span lang=EN-US
style='font-size:12.0pt;mso-ansi-language:EN-US'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Probé mandando un mensaje solo y pasa lo mismo.-<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>-----Mensaje original-----<br>
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Michele
Neylon <span class=GramE>::</span> Blacknight Solutions<br>
Enviado el: Martes, 31 de Agosto de 2004 8:50<br>
Para: MAILSCANNER@JISCMAIL.AC.UK<br>
Asunto: Re: in redhat 9<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b style='mso-bidi-font-weight:normal'><font size=3
color=navy face=Tahoma><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>&gt; No se porque motivo, todo correo que envío y que
recibo lo<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>&gt; interpreta como si fuera virus, y me bloque el
cuerpo del<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>&gt; mensaje, tengo redhat 9, con el sendmail que trae
por<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>&gt; defecto, realice la instalación tal cual como
sale en el<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>&gt; instructivo, y no entiendo que pasará.<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Si podria ver algunas lineas de /var/log/maillog seria
mas facil entender lo<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>que pasa.<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Has probado enviar mensajes de texto solo (sin HTML) ?<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Mr Michele Neylon<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Blacknight Internet Solutions Ltd<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>http://www.blacknight.ie/<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Tel. +353 59 9137101<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>------------------------ MailScanner list
------------------------<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>To unsubscribe, email jiscmail@jiscmail.ac.uk with the
words:<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>'leave mailscanner' in the body of the email.<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).<o:p></o:p></span></font></b></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ldg at TLS.NET  Tue Aug 31 14:56:53 2004
From: ldg at TLS.NET (Dave Goodrich)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1305.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Excellent, will you announce when it makes it there or should I keep an
eye out? I've just starting using portupgrade, always built everything
from source before.

DAve

Jan-Peter Koopmann wrote:

>>I have just released the new stable release 4.33.3.
>
>
> I just submitted the FreeBSD port version 4.33.3 as well. Let's see when
> this gets committed to the ports-tree...
>
> Regards,
>   JP
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

--
Systems Administrator
http://www.tls.net
Get rid of Unwanted Emails...get TLS Spam Blocker!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kmganesh at OPENCOMPT.COM  Tue Aug 31 14:58:47 2004
From: kmganesh at OPENCOMPT.COM (KM Ganesh)
Date: Thu Jan 12 21:26:43 2006
Subject: Qmail ?
Message-ID: <mailman.1306.1137101203.24926.mailscanner@lists.mailscanner.info>

On Tue, 31 Aug 2004 09:25:20 -0400, Ugo Bellavance <ugob@CAMO-ROUTE.COM> wrote:

>Dennis Robert Kelbert wrote:
>
>> How i can install Mailscanner with Qmail ??
>> I try to search a FAQ and/or How-to.. but nothing about...
>>
>> only the same thing... Added Qmail.... (you need the
>> qmail/qmail-queue.zip file)
>
>See the openprotect project on sourceforge.net.

I have posted a faq for manual integration of MailScanner to qmail which can
be found at:

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html

If it sounds like too much work, then download and install openprotect from
openprotect.com or opencomputing.sf.net

cheers,
Ganesh.
--
Opencomputing Technologies | http://openprotect.com
OpenProtect - Complete Server Side E-Mail Protection.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at K2SISTEMAS.COM.BR  Tue Aug 31 15:01:29 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:43 2006
Subject: in redhat 9
Message-ID: <mailman.1307.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o = 
"urn:schemas-microsoft-com:office:office" xmlns:w = 
"urn:schemas-microsoft-com:office:word" xmlns:st1 = 
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content=Word.Document name=ProgId>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<META content="Microsoft Word 10" name=Originator><LINK 
href="cid:filelist.xml@01C48F40.2E530C50" rel=File-List><o:SmartTagType 
name="time" 
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>st1\:* {
        BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
        font-family: Tahoma;
}
@page Section1 {size: 595.3pt 841.9pt; margin: 70.85pt 22.0pt 70.85pt 22.0pt; mso-header-margin: 35.4pt; mso-footer-margin: 35.4pt; mso-paper-source: 0; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
P.MsoPlainText {
        FONT-WEIGHT: bold; FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: navy; FONT-FAMILY: Tahoma; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"; mso-bidi-font-family: "Times New Roman"
}
LI.MsoPlainText {
        FONT-WEIGHT: bold; FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: navy; FONT-FAMILY: Tahoma; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"; mso-bidi-font-family: "Times New Roman"
}
DIV.MsoPlainText {
        FONT-WEIGHT: bold; FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: navy; FONT-FAMILY: Tahoma; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"; mso-bidi-font-family: "Times New Roman"
}
SPAN.SpellE {
        mso-style-name: ""; mso-spl-e: yes
}
SPAN.GramE {
        mso-style-name: ""; mso-gram-e: yes
}
DIV.Section1 {
        page: Section1
}
</STYLE>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Tabla normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=ES style="tab-interval: 35.4pt" vLink=purple link=blue>
<DIV><SPAN class=934545813-31082004><FONT face=Arial color=#0000ff size=2>Creo 
yo que pueda ser un error con el mcafee, ententa usar el bitdefender. que és 
gratís.</FONT></SPAN></DIV>
<DIV><SPAN class=934545813-31082004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=934545813-31082004><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 </SPAN><st1:time 
Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
class=GramE>[</SPAN>14392]: Commercial scanner <SPAN class=SpellE>mcafee</SPAN> 
timed out!&nbsp; &lt;- eso puede estar enviando un falso message pra el 
mailscanner.</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=934545813-31082004><FONT size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=934545813-31082004><FONT size=1><SPAN lang=EN-US 
style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Felipe 
Tonioli</SPAN></FONT></SPAN></DIV>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> MailScanner mailing list 
  [mailto:MAILSCANNER@JISCMAIL.AC.UK]<B>On Behalf Of </B>Raul Urqueta 
  S<BR><B>Sent:</B> Tuesday, August 31, 2004 10:52 AM<BR><B>To:</B> 
  MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re: in redhat 
  9<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Acá van unas de las <SPAN class=GramE>ultimas</SPAN> 
  líneas del <SPAN class=SpellE>maillog</SPAN>: (tal ves sean muchas, pero no 
  sabia cuantas enviar)<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="54" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:54:16</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>13708]: Notices: Warned about 1 messages 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="54" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:54:16</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>13708]: New Batch: Found 5 messages waiting 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="54" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:54:16</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>13708]: New Batch: Scanning 1 messages, 1402 bytes 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="54" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:54:16</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>13708]: Virus and Content Scanning: Starting 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Commercial scanner <SPAN 
  class=SpellE>mcafee</SPAN> timed out! <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Virus Scanning: Denial Of Service attack is in 
  message i7VDjVa4014869 <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Infected message i7VDjVa4014869 came from 
  127.0.0.1 <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Saved entire message to 
  var/spool/MailScanner/quarantine/20040831/i7VDjVa4014869 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Silent: Delivered 1 messages containing silent 
  viruses <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14949]: i7VDtfJG014949: from=postmaster, size=513, 
  class=0, <SPAN class=SpellE>nrcpts</SPAN>=1, 
  msgid=&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;, 
  relay=<SPAN class=SpellE>root@localhost</SPAN><o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14952]: i7VDtfa4014952: 
  from=&lt;postmaster@server2.festivaldelaserena.cl&gt;, size=824, class=0, 
  <SPAN class=SpellE>nrcpts</SPAN>=1, 
  msgid=&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;, 
  proto=<SPAN class=SpellE>ESMTP</SPAN>, daemon=<SPAN class=SpellE>MTA</SPAN>, 
  relay=<SPAN class=SpellE>localhost.localdomain</SPAN> 
  [127.0.0.1]<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14951]: i7VDjVa4014869: to=root, 
  delay=</SPAN></FONT><st1:time Minute="10" Hour="0"><FONT size=1><SPAN 
  lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:10:10</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  <SPAN class=SpellE>xdelay</SPAN>=</SPAN></FONT><st1:time Minute="0" 
  Hour="0"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  mailer=local, <SPAN class=SpellE>pri</SPAN>=120427, <SPAN 
  class=SpellE>dsn</SPAN>=2.0.0, stat=Sent<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14949]: i7VDtfJG014949: to=postmaster, 
  delay=</SPAN></FONT><st1:time Minute="0" Hour="0"><FONT size=1><SPAN 
  lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  <SPAN class=SpellE>xdelay</SPAN>=</SPAN></FONT><st1:time Minute="0" 
  Hour="0"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  mailer=relay, <SPAN class=SpellE>pri</SPAN>=30116, relay=[127.0.0.1] 
  [127.0.0.1], <SPAN class=SpellE>dsn</SPAN>=2.0.0, stat=Sent (i7VDtfa4014952 
  Message accepted for delivery)<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:41</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Notices: Warned about 1 messages 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:42</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: New Batch: Found 5 messages waiting 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:42</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: New Batch: Scanning 1 messages, 1402 bytes 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:42</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14392]: Virus and Content Scanning: Starting 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:56</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14318]: Commercial scanner <SPAN 
  class=SpellE>mcafee</SPAN> timed out! <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="55" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:55:57</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14318]: Virus Scanning: Denial Of Service attack detected! 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="56" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:56:37</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15048]: alias database /etc/aliases rebuilt by 
  root<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="56" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:56:39</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15048]: /etc/aliases: 63 aliases, longest 10 bytes, 625 
  bytes total<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="56" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:56:42</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15060]: starting daemon (8.12.8): 
  SMTP+queueing@01:00:00<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="56" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:56:42</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE>sm-msp-<SPAN class=GramE>queue</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15069]: starting daemon (8.12.8): 
  queueing@01:00:00<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Commercial scanner <SPAN 
  class=SpellE>mcafee</SPAN> timed out! <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Virus Scanning: Denial Of Service attack is in 
  message i7VDmZa4014883 <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Infected message i7VDmZa4014883 came from 
  127.0.0.1 <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Saved entire message to 
  /var/spool/MailScanner/quarantine/20040831/i7VDmZa4014883 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Silent: Delivered 1 messages containing silent 
  viruses <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:45</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15157]: i7VDwjQp015157: from=postmaster, size=513, 
  class=0, <SPAN class=SpellE>nrcpts</SPAN>=1, 
  msgid=&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;, 
  relay=<SPAN class=SpellE>root@localhost</SPAN><o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:46</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15159]: i7VDmZa4014883: to=root, 
  delay=</SPAN></FONT><st1:time Minute="10" Hour="0"><FONT size=1><SPAN 
  lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:10:11</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  <SPAN class=SpellE>xdelay</SPAN>=</SPAN></FONT><st1:time Minute="0" 
  Hour="0"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  mailer=local, <SPAN class=SpellE>pri</SPAN>=120427, <SPAN 
  class=SpellE>dsn</SPAN>=2.0.0, stat=Sent<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:46</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15160]: i7VDwjg0015160: 
  from=&lt;postmaster@server2.festivaldelaserena.cl&gt;, size=824, class=0, 
  <SPAN class=SpellE>nrcpts</SPAN>=1, 
  msgid=&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;, 
  proto=<SPAN class=SpellE>ESMTP</SPAN>, daemon=<SPAN class=SpellE>MTA</SPAN>, 
  relay=<SPAN class=SpellE>localhost.localdomain</SPAN> 
  [127.0.0.1]<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:46</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15157]: i7VDwjQp015157: to=postmaster, 
  delay=</SPAN></FONT><st1:time Minute="0" Hour="0"><FONT size=1><SPAN 
  lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:01</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  <SPAN class=SpellE>xdelay</SPAN>=</SPAN></FONT><st1:time Minute="0" 
  Hour="0"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:01</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  mailer=relay, <SPAN class=SpellE>pri</SPAN>=30116, relay=[127.0.0.1] 
  [127.0.0.1], <SPAN class=SpellE>dsn</SPAN>=2.0.0, stat=Sent (i7VDwjg0015160 
  Message accepted for delivery)<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:46</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>MailScanner</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>14411]: Notices: Warned about 1 messages 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">Aug 31 
  </SPAN></FONT></B><st1:time Minute="58" Hour="9"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">09:58:46</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US"> 
  server2 <SPAN class=SpellE><SPAN class=GramE>sendmail</SPAN></SPAN><SPAN 
  class=GramE>[</SPAN>15162]: i7VDwjg0015160: to=root, 
  delay=</SPAN></FONT><st1:time Minute="0" Hour="0"><FONT size=1><SPAN 
  lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  <SPAN class=SpellE>xdelay</SPAN>=</SPAN></FONT><st1:time Minute="0" 
  Hour="0"><FONT size=1><SPAN lang=EN-US 
  style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">00:00:00</SPAN></FONT></st1:time><FONT 
  size=1><SPAN lang=EN-US style="FONT-SIZE: 8pt; mso-ansi-language: EN-US">, 
  mailer=local, <SPAN class=SpellE>pri</SPAN>=31074, <SPAN 
  class=SpellE>dsn</SPAN>=2.0.0, stat=Sent<o:p></o:p></SPAN></FONT></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN lang=EN-US 
  style="FONT-SIZE: 12pt; mso-ansi-language: EN-US"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Probé mandando un mensaje solo y pasa lo 
  mismo.-<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">-----Mensaje original-----<BR>De: MailScanner mailing 
  list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Michele Neylon <SPAN 
  class=GramE>::</SPAN> Blacknight Solutions<BR>Enviado el: Martes, 31 de Agosto 
  de 2004 8:50<BR>Para: MAILSCANNER@JISCMAIL.AC.UK<BR>Asunto: Re: in redhat 
  9<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B style="mso-bidi-font-weight: normal"><FONT 
  face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">&gt; No se porque motivo, todo correo que envío y que 
  recibo lo<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">&gt; interpreta como si fuera virus, y me bloque el 
  cuerpo del<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">&gt; mensaje, tengo redhat 9, con el sendmail que trae 
  por<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">&gt; defecto, realice la instalación tal cual como 
  sale en el<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">&gt; instructivo, y no entiendo que 
  pasará.<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Si podria ver algunas lineas de /var/log/maillog seria 
  mas facil entender lo<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">que pasa.<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Has probado enviar mensajes de texto solo (sin HTML) 
  ?<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Mr Michele Neylon<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Blacknight Internet Solutions 
  Ltd<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">http://www.blacknight.ie/<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Tel. +353 59 9137101<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">------------------------ MailScanner list 
  ------------------------<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">To unsubscribe, email jiscmail@jiscmail.ac.uk with the 
  words:<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">'leave mailscanner' in the body of the 
  email.<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">Before posting, read the MAQ 
  (http://www.mailscanner.biz/maq/) and<o:p></o:p></SPAN></FONT></B></P>
  <P class=MsoPlainText><B><FONT face=Tahoma color=navy size=3><SPAN 
  style="FONT-SIZE: 12pt">the archives 
  (http://www.jiscmail.ac.uk/lists/mailscanner.html).<o:p></o:p></SPAN></FONT></B></P></DIV>------------------------ 
  MailScanner list ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From miguelk at KONSULTEX.COM.BR  Tue Aug 31 15:05:12 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:26:43 2006
Subject: in redhat 9
Message-ID: <mailman.1308.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Raul;<br>
<br>
Parece que Mcafee no responde. Yo verificaria su integridad con sus
herramientas propias. <br>
<br>
Eso me habia pasado con Clam en cierta oportunidad, pero era debido a
sobrecarga de Sendmail debido a un problema general en el servidor por
culpa de Firebird. O sea, en mi caso Clam no tenia tiempo para scanear
el anexo antes que MailScanner decidida que no responde.<br>
<br>
Miguel<br>
<br>
Raul Urqueta S wrote:<br>
<blockquote
 cite="mid!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAXUKUWnoE9UWoS8Pl0I144cKAAAAQAAAAEGSk9zoDHkOjDQCvYKZC3gEAAAAA@munilaserena.cl"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta name="ProgId" content="Word.Document">
  <meta name="Generator" content="Microsoft Word 10">
  <meta name="Originator" content="Microsoft Word 10">
  <link rel="File-List" href="cid:filelist.xml@01C48F40.2E530C50">
  <o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="time">
<!--[if gte mso 9]><xml>

 <o:OfficeDocumentSettings>

  <o:DoNotRelyOnCSS/>

 </o:OfficeDocumentSettings>

</xml><![endif]--><!--[if gte mso 9]><xml>

 <w:WordDocument>

  <w:View>Normal</w:View>

  <w:SpellingState>Clean</w:SpellingState>

  <w:GrammarState>Clean</w:GrammarState>

  <w:DocumentKind>DocumentEmail</w:DocumentKind>

  <w:HyphenationZone>21</w:HyphenationZone>

  <w:EnvelopeVis/>

  <w:Compatibility>

   <w:BreakWrappedTables/>

   <w:SnapToGridInCell/>

   <w:WrapTextWithPunct/>

   <w:UseAsianBreakRules/>

  </w:Compatibility>

  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>

 </w:WordDocument>

</xml><![endif]--><!--[if !mso]>

<style>

st1\:*{behavior:url(#default#ieooui) }

</style>

<![endif]-->
  <style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;

        mso-font-charset:0;

        mso-generic-font-family:swiss;

        mso-font-pitch:variable;

        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {mso-style-parent:"";

        margin:0cm;

        margin-bottom:.0001pt;

        mso-pagination:widow-orphan;

        font-size:12.0pt;

        font-family:"Times New Roman";

        mso-fareast-font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;

        text-underline:single;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;

        text-underline:single;}

p.MsoPlainText, li.MsoPlainText, div.MsoPlainText

        {margin:0cm;

        margin-bottom:.0001pt;

        mso-pagination:widow-orphan;

        font-size:12.0pt;

        font-family:Tahoma;

        mso-fareast-font-family:"Times New Roman";

        mso-bidi-font-family:"Times New Roman";

        color:navy;

        font-weight:bold;}

span.SpellE

        {mso-style-name:"";

        mso-spl-e:yes;}

span.GramE

        {mso-style-name:"";

        mso-gram-e:yes;}

@page Section1

        {size:595.3pt 841.9pt;

        margin:70.85pt 22.0pt 70.85pt 22.0pt;

        mso-header-margin:35.4pt;

        mso-footer-margin:35.4pt;

        mso-paper-source:0;}

div.Section1

        {page:Section1;}

-->

  </style><!--[if gte mso 10]>

<style>

 /* Style Definitions */ 

 table.MsoNormalTable

        {mso-style-name:"Tabla normal";

        mso-tstyle-rowband-size:0;

        mso-tstyle-colband-size:0;

        mso-style-noshow:yes;

        mso-style-parent:"";

        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;

        mso-para-margin:0cm;

        mso-para-margin-bottom:.0001pt;

        mso-pagination:widow-orphan;

        font-size:10.0pt;

        font-family:"Times New Roman";}

</style>

<![endif]-->
  </o:SmartTagType>
  <div class="Section1">
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Ac&aacute; van unas de las <span class="GramE">ultimas</span>
l&iacute;neas
del <span class="SpellE">maillog</span>: (tal ves sean muchas, pero no
sabia
cuantas enviar)<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="54"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:54:16</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>13708]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="54"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:54:16</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>13708]:
New Batch: Found 5 messages waiting <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="54"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:54:16</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>13708]:
New Batch: Scanning 1 messages, 1402 bytes <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="54"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:54:16</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>13708]:
Virus and Content Scanning: Starting <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Commercial scanner <span class="SpellE">mcafee</span> timed out! <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Virus Scanning: Denial Of Service attack is in message i7VDjVa4014869 <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Infected message i7VDjVa4014869 came from 127.0.0.1 <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Saved entire message to
var/spool/MailScanner/quarantine/20040831/i7VDjVa4014869
  <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Silent: Delivered 1 messages containing silent viruses <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>14949]:
i7VDtfJG014949: from=postmaster, size=513, class=0, <span
 class="SpellE">nrcpts</span>=1,
msgid=<a class="moz-txt-link-rfc2396E" href="mailto:200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl">&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;</a>,
relay=<span class="SpellE">root@localhost</span><o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>14952]:
i7VDtfa4014952: from=<a class="moz-txt-link-rfc2396E" href="mailto:postmaster@server2.festivaldelaserena.cl">&lt;postmaster@server2.festivaldelaserena.cl&gt;</a>,
size=824, class=0, <span class="SpellE">nrcpts</span>=1,
msgid=<a class="moz-txt-link-rfc2396E" href="mailto:200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl">&lt;200408311355.i7VDtfJG014949@server2.festivaldelaserena.cl&gt;</a>,
proto=<span class="SpellE">ESMTP</span>, daemon=<span class="SpellE">MTA</span>,
relay=<span class="SpellE">localhost.localdomain</span> [127.0.0.1]<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>14951]:
i7VDjVa4014869: to=root, delay=</span></font><st1:time hour="0"
 minute="10"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:10:10</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, <span
 class="SpellE">xdelay</span>=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">,
mailer=local, <span class="SpellE">pri</span>=120427, <span
 class="SpellE">dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>14949]:
i7VDtfJG014949: to=postmaster, delay=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, <span
 class="SpellE">xdelay</span>=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, mailer=relay,
  <span class="SpellE">pri</span>=30116, relay=[127.0.0.1] [127.0.0.1],
  <span class="SpellE">dsn</span>=2.0.0, stat=Sent (i7VDtfa4014952
Message accepted for
delivery)<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:41</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:42</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
New Batch: Found 5 messages waiting <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:42</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
New Batch: Scanning 1 messages, 1402 bytes <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:42</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14392]:
Virus and Content Scanning: Starting <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:56</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14318]:
Commercial scanner <span class="SpellE">mcafee</span> timed out! <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="55"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:55:57</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14318]:
Virus Scanning: Denial Of Service attack detected! <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="56"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:56:37</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15048]:
alias database /etc/aliases rebuilt by root<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="56"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:56:39</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15048]:
/etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="56"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:56:42</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15060]:
starting daemon (8.12.8): SMTP+queueing@01:00:00<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="56"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:56:42</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE">sm-msp-<span
 class="GramE">queue</span></span><span class="GramE">[</span>15069]:
starting daemon (8.12.8): queueing@01:00:00<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Commercial scanner <span class="SpellE">mcafee</span> timed out! <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Virus Scanning: Denial Of Service attack is in message i7VDmZa4014883 <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Infected message i7VDmZa4014883 came from 127.0.0.1 <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Saved entire message to
/var/spool/MailScanner/quarantine/20040831/i7VDmZa4014883 <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Silent: Delivered 1 messages containing silent viruses <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:45</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15157]:
i7VDwjQp015157: from=postmaster, size=513, class=0, <span
 class="SpellE">nrcpts</span>=1,
msgid=<a class="moz-txt-link-rfc2396E" href="mailto:200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl">&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;</a>,
relay=<span class="SpellE">root@localhost</span><o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:46</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15159]:
i7VDmZa4014883: to=root, delay=</span></font><st1:time hour="0"
 minute="10"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:10:11</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, <span
 class="SpellE">xdelay</span>=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">,
mailer=local, <span class="SpellE">pri</span>=120427, <span
 class="SpellE">dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:46</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15160]:
i7VDwjg0015160: from=<a class="moz-txt-link-rfc2396E" href="mailto:postmaster@server2.festivaldelaserena.cl">&lt;postmaster@server2.festivaldelaserena.cl&gt;</a>,
size=824, class=0, <span class="SpellE">nrcpts</span>=1,
msgid=<a class="moz-txt-link-rfc2396E" href="mailto:200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl">&lt;200408311358.i7VDwjQp015157@server2.festivaldelaserena.cl&gt;</a>,
proto=<span class="SpellE">ESMTP</span>, daemon=<span class="SpellE">MTA</span>,
relay=<span class="SpellE">localhost.localdomain</span> [127.0.0.1]<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:46</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15157]:
i7VDwjQp015157: to=postmaster, delay=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:01</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, <span
 class="SpellE">xdelay</span>=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:01</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">,
mailer=relay, <span class="SpellE">pri</span>=30116, relay=[127.0.0.1]
[127.0.0.1], <span class="SpellE">dsn</span>=2.0.0, stat=Sent
(i7VDwjg0015160
Message accepted for delivery)<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:46</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">MailScanner</span></span><span class="GramE">[</span>14411]:
Notices: Warned about 1 messages <o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="1"><span
 style="font-size: 8pt;" lang="EN-US">Aug 31 </span></font></b><st1:time
 hour="9" minute="58"><font size="1"><span style="font-size: 8pt;"
 lang="EN-US">09:58:46</span></font></st1:time><font size="1"><span
 style="font-size: 8pt;" lang="EN-US"> server2 <span class="SpellE"><span
 class="GramE">sendmail</span></span><span class="GramE">[</span>15162]:
i7VDwjg0015160: to=root, delay=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">, <span
 class="SpellE">xdelay</span>=</span></font><st1:time hour="0"
 minute="0"><font size="1"><span style="font-size: 8pt;" lang="EN-US">00:00:00</span></font></st1:time><font
 size="1"><span style="font-size: 8pt;" lang="EN-US">,
mailer=local, <span class="SpellE">pri</span>=31074, <span
 class="SpellE">dsn</span>=2.0.0,
stat=Sent<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;" lang="EN-US"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Prob&eacute; mandando un mensaje solo y pasa lo
mismo.-<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">-----Mensaje original-----<br>
De: MailScanner mailing list [<a class="moz-txt-link-freetext" href="mailto:MAILSCANNER@JISCMAIL.AC.UK">mailto:MAILSCANNER@JISCMAIL.AC.UK</a>] En
nombre de Michele
Neylon <span class="GramE">::</span> Blacknight Solutions<br>
Enviado el: Martes, 31 de Agosto de 2004 8:50<br>
Para: <a class="moz-txt-link-abbreviated" href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</a><br>
Asunto: Re: in redhat 9<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b style=""><font color="navy" face="Tahoma"
 size="3"><span style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">&gt; No se porque motivo, todo correo que
env&iacute;o y que
recibo lo<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">&gt; interpreta como si fuera virus, y me
bloque el
cuerpo del<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">&gt; mensaje, tengo redhat 9, con el sendmail
que trae
por<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">&gt; defecto, realice la instalaci&oacute;n tal cual
como
sale en el<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">&gt; instructivo, y no entiendo que pasar&aacute;.<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Si podria ver algunas lineas de
/var/log/maillog seria
mas facil entender lo<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">que pasa.<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Has probado enviar mensajes de texto solo
(sin HTML) ?<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Mr Michele Neylon<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Blacknight Internet Solutions Ltd<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><a class="moz-txt-link-freetext" href="http://www.blacknight.ie/">http://www.blacknight.ie/</a><o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Tel. +353 59 9137101<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;"><o:p>&nbsp;</o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">------------------------ MailScanner list
------------------------<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the
words:<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">'leave mailscanner' in the body of the email.<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">Before posting, read the MAQ
(<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and<o:p></o:p></span></font></b></p>
  <p class="MsoPlainText"><b><font color="navy" face="Tahoma" size="3"><span
 style="font-size: 12pt;">the archives
(<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).<o:p></o:p></span></font></b></p>
  </div>
  <br>
--
  <br>
Esta mensagem foi verificada pelo sistema de antiv&iacute;rus e <br>
acredita-se estar livre de perigo.
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>
and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</blockquote>
</body>
<br />--
<br />Esta mensagem foi verificada pelo sistema de antivírus e 
<br /> acredita-se estar livre de perigo.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 15:06:53 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:43 2006
Subject: in redhat 9
Message-ID: <mailman.1309.1137101203.24926.mailscanner@lists.mailscanner.info>

Raul Urqueta S wrote:
> Acá van unas de las ultimas líneas del maillog: (tal ves sean muchas,
> pero no sabia cuantas enviar) 
> 
> 
> Probé mandando un mensaje solo y pasa lo mismo.-
> 
Lo que veo alli es un problema con el mcafee:
Aug 31 09:58:45 server2 MailScanner[14411]:  Commercial scanner mcafee timed
out! 

Si podrias probar con un otro antivirus como bitdefender o clam para empezar

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From d99-jbe at NADA.KTH.SE  Tue Aug 31 15:08:09 2004
From: d99-jbe at NADA.KTH.SE (John Bergbom)
Date: Thu Jan 12 21:26:43 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1310.1137101203.24926.mailscanner@lists.mailscanner.info>

I'm using tabs and not spaces, and the problem is still there! I have
no idea why it's not working. I have done according to the
instructions in the FAQ.

/John


On Mon, 30 Aug 2004, Alex Neuman van der Hans wrote:

> Are you sure you're not using spaces instead of tabs?
>
> John Bergbom wrote:
> > Hi!
> >
> > I'm running a server with many domains, and one of our customers wants to
> > allow exe-attachments. I followed the steps in the FAQ, but it still
> > doesn't work for me. This is what I did:
> >
> > In MailScanner.conf:
> > Filename Rules = %etc-dir%/rules/filename.rules
> > Filetype Rules = %etc-dir%/rules.filetype.rules
> >
> > In rules/filename.rules:
> > To: *@domain.se    %etc-dir%/filename.exeok.rules.conf
> > FromOrTo: default %etc-dir%/filename.rules.conf
> >
> > In rules/filetype.rules:
> > To: *@domain.se    %etc-dir%/filetype.exeok.rules.conf
> > FromOrTo: default %etc-dir%/filetype.rules.conf
> >
> > In %etc-dir%/filename.rules.conf:
> > deny     \.exe$    Windows/DOS Executable
> >
> > In %etc-dir%/filename.exeok.rules.conf:
> > allow     \.exe$    Windows/DOS Executable
> >
> > In %etc-dir%/filetype.rules.conf:
> > deny     executable    No executables      No programs allowed
> >
> > In %etc-dir%/filename.exeok.rules.conf:
> > allow     executable    No executables      No programs allowed
> >
> > This has worked for others, but not for me. When I try to send an email to
> > test@domain.se I get this in return:
> >
> > From: Mail Delivery System
> > Subject: Mail delivery failed: returning message to sender
> >
> > This message was created automatically by mail delivery software.
> >
> > A message that you sent could not be delivered to one or more of its
> > recipients. This is a permanent error. The following address(es) failed:
> >
> > test@domain.se
> >   This message has been rejected because it has
> >   a potentially executable attachment "temp.exe"
> >   This for of attachment has been used by recent
> >   viruses or other malware. If you meant to send
> >   this file then please package it up as a zip
> >   file and resend it.
> >
> > SOMETHING is working though, because in the returned header there is a
> > line:
> > X-yoursite-MailScanner: Not scanned: please contact your Internet E-Mail
> > Service Provider for details
> >
> > So my problem is (from what I understand): The Filename Rules and Filetype
> > Rules lets the exe-attachment get through, but then there is something
> > else that stops the file from getting through, and I can't figure out what
> > it is. I tried to set Virus Scanning for all domains except the domain in
> > question, but the same error occurred.
> >
> > Before I made any changes to the MailSCanner.conf-file I got the usual
> > yoursite-Attachment-Warning.txt message, saying the the attachment has
> > been replaced with a warning message.
> >
> > Please help me with this, it's important for us, and I can't figure out
> > what is wrong, and I haven't been able to find an answer to this in the
> > FAQ or in the mailing list archives.
> >
> > Regards
> > John
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jan-Peter.Koopmann at SECEIDOS.DE  Tue Aug 31 15:09:54 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1311.1137101203.24926.mailscanner@lists.mailscanner.info>

On Tuesday, August 31, 2004 3:57 PM MailScanner mailing list wrote:

> Excellent, will you announce when it makes it there or should
> I keep an eye out? I've just starting using portupgrade,
> always built everything from source before.

I cannot at least this time. I will be on vacation for the next five
weeks... :-) Speaking of which: There will probably not be any new
FreeBSD version during that time. I suspect my wife would kill me the
moment she finds me working on FreeBSD port from an Internet Cafe in
Australia... :-)

Kind regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From davidb at UNIQUEPHOTO.COM  Tue Aug 31 15:14:50 2004
From: davidb at UNIQUEPHOTO.COM (David Ballengee)
Date: Thu Jan 12 21:26:43 2006
Subject: can i turn off the user notification when virus is sent
Message-ID: <mailman.1312.1137101203.24926.mailscanner@lists.mailscanner.info>

I am running Mail Scanner with Kaspersky. I would like to turn off the user
notification when a virus is sent to someone, and also at the same time I
would still like notification sent to postmaster.


Is this possible??

thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Tue Aug 31 15:17:02 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner sending warning messages to users
Message-ID: <mailman.1313.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

I don't really want to notify anybody about anything.  This is set in
MailScanner.conf -

Notify Senders = no

Most viruses appear to be comming from infected windows systems on the NET.

I do want MailScanner to notify postmaster -

# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes

Is there any reason to notify a recipient.

How can I turn this notifications off ?

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "winmail.dat"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Mon Aug 30 20:58:02 2004 the virus scanner said:
   Could not parse Outlook Rich Text attachment

Note to Help Desk: Look on the SSS MailScanner in
/var/spool/MailScanner/quarantine/20040830 (message i7V1vxPF001161).
--
Postmaster
MailScanner thanks transtec Computers for their support

MailScanner appears to be doing a great job.  Vexira finds most viruses.
MailScanner finds lots of  malicious code.

btb

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Tue Aug 31 15:31:47 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:43 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1314.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John Bergbom wrote:
> I'm using tabs and not spaces, and the problem is still there! I have
> no idea why it's not working. I have done according to the
> instructions in the FAQ.
We have similar configuration and it works fine...
Did you restart mailscanner? Are you sure that there should be domain.se not
something.domain.se ? Can you paste headers of blocked mail and mailscanner's
log that show processing of that mail?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Tue Aug 31 15:32:14 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:43 2006
Subject: Upgrade
Message-ID: <mailman.1315.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=585203014-31082004><FONT face=Arial>What is the proper method 
to upgrade/update MailScanner and/or ClamAV. I am using MailScanner 4.32.5 and 
ClamAV 0.11 at this point and want to update but do not want to break my 
config?</FONT></SPAN></DIV>
<DIV><SPAN class=585203014-31082004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=585203014-31082004><FONT face=Arial>Dave</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV><!-- Converted from text/plain format -->
<P align=left><FONT size=2><FONT face=Verdana>David Filchak<BR>President - Zuka 
Inc.<BR>Toronto, On Canada M5V2J1<BR>www.zuka.net | www.screamingmedia.ca</FONT> 
</FONT></P>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From marcin.rozek at IOS.EDU.PL  Tue Aug 31 15:40:46 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:43 2006
Subject: can i turn off the user notification when virus is sent
Message-ID: <mailman.1316.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David Ballengee wrote:
> I am running Mail Scanner with Kaspersky. I would like to turn off the user
> notification when a virus is sent to someone, and also at the same time I
> would still like notification sent to postmaster.
Check section "Notifications back to the senders of blocked messages". Also
check options: Silent Viruses, Still Deliver Silent Viruses.

Regards.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Aug 31 15:46:16 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:43 2006
Subject: Upgrade
Message-ID: <mailman.1317.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave Filchak wrote:

> What is the proper method to upgrade/update MailScanner and/or ClamAV. I
> am using MailScanner 4.32.5 and ClamAV 0.11 at this point and want to
> update but do not want to break my config?

Please read the MAQ, there is a section on install/upgrade.  See the
footer of every message for the address.

>
> Dave
>
>
> David Filchak
> President - Zuka Inc.
> Toronto, On Canada M5V2J1
> www.zuka.net | www.screamingmedia.ca
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 15:52:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:43 2006
Subject: MailScanner sending warning messages to users
Message-ID: <mailman.1318.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:17 31/08/2004, you wrote:
>Hi All,
>
>I don't really want to notify anybody about anything.  This is set in
>MailScanner.conf -
>
>Notify Senders = no
>
>Most viruses appear to be comming from infected windows systems on the NET.
>
>I do want MailScanner to notify postmaster -
>
># Notify the local system administrators ("Notices To") when any infections
># are found?
># This can also be the filename of a ruleset.
>Send Notices = yes
>
>Is there any reason to notify a recipient.
>
>How can I turn this notifications off ?

Silent Viruses = All-Viruses
Still Deliver Silent Viruses = no

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 15:53:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1319.1137101203.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:08 31/08/2004, you wrote:
> > > This has worked for others, but not for me. When I try to send an
> email to
> > > test@domain.se I get this in return:
> > >
> > > From: Mail Delivery System
> > > Subject: Mail delivery failed: returning message to sender
> > >
> > > This message was created automatically by mail delivery software.
> > >
> > > A message that you sent could not be delivered to one or more of its
> > > recipients. This is a permanent error. The following address(es) failed:
> > >
> > > test@domain.se
> > >   This message has been rejected because it has
> > >   a potentially executable attachment "temp.exe"
> > >   This for of attachment has been used by recent
> > >   viruses or other malware. If you meant to send
> > >   this file then please package it up as a zip
> > >   file and resend it.

That doesn't look like a MailScanner warning. Something else is going on too.

> > >
> > > SOMETHING is working though, because in the returned header there is a
> > > line:
> > > X-yoursite-MailScanner: Not scanned: please contact your Internet E-Mail
> > > Service Provider for details
> > >
> > > So my problem is (from what I understand): The Filename Rules and
> Filetype
> > > Rules lets the exe-attachment get through, but then there is something
> > > else that stops the file from getting through, and I can't figure out
> what
> > > it is. I tried to set Virus Scanning for all domains except the domain in
> > > question, but the same error occurred.
> > >
> > > Before I made any changes to the MailSCanner.conf-file I got the usual
> > > yoursite-Attachment-Warning.txt message, saying the the attachment has
> > > been replaced with a warning message.
> > >
> > > Please help me with this, it's important for us, and I can't figure out
> > > what is wrong, and I haven't been able to find an answer to this in the
> > > FAQ or in the mailing list archives.
> > >
> > > Regards
> > > John
> > >
> > > ------------------------ MailScanner list ------------------------
> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 15:56:45 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: Upgrade
Message-ID: <mailman.1320.1137101204.24926.mailscanner@lists.mailscanner.info>

Dave Filchak wrote:
> What is the proper method to upgrade/update MailScanner and/or
> ClamAV. I am using MailScanner 4.32.5 and ClamAV 0.11 at this point
> and want to update but do not want to break my config?
As you haven't mentioned what you are running on I'll presume it's some
rpm-based system
If so simply download the tar.gz into somewhere like /home/installstuff or
whatever
Tar -zxvf blah.rpm.tar.gz
cd MailScanner-x-x-x
./install.sh

Wait for it to do its thing

Cd /etc/MailScanner
upgrade_MailScanner_conf
Follow instructions
Done

For clamav - just grab a new version and install it



Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 15:59:19 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: [OT] HTML emails
Message-ID: <mailman.1321.1137101204.24926.mailscanner@lists.mailscanner.info>

Is there anyway that the list could disable HTML emails?

They're a real PITA

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Tue Aug 31 16:00:13 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:44 2006
Subject: MailScanner sending warning messages to users
Message-ID: <mailman.1322.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Brent Bolin wrote:
> Hi All,
>
> I don't really want to notify anybody about anything.  This is set in
Set:
Silent Viruses = All-Viruses
Still Deliver Silent Viruses = no

Regards.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Tue Aug 31 16:06:16 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:44 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1323.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>>In rules/filename.rules:
>>>To: *@domain.se    %etc-dir%/filename.exeok.rules.conf
>>>FromOrTo: default %etc-dir%/filename.rules.conf
>>>
>>>In rules/filetype.rules:
>>>To: *@domain.se    %etc-dir%/filetype.exeok.rules.conf
>>>FromOrTo: default %etc-dir%/filetype.rules.conf

One more idea - change %etc-dir% here to full path (eg. /etc/MailScanner )

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin_Miller at CI.JUNEAU.AK.US  Tue Aug 31 18:06:31 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:44 2006
Subject: upgrade problems cont.
Message-ID: <mailman.1324.1137101204.24926.mailscanner@lists.mailscanner.info>

Stuart Clark wrote:
> When upgrading I accidentally did this (notice the MailScanner.)
>
> cd /etc/MailScanner
> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew >
> MailScanner.
> mv -f MailScanner.conf MailScanner.old
> mv -f MailScanner.new  MailScanner.conf

I would move MailScanner.old back to MailScanner.conf, then reinstall.
Presumably, your MailScanner.old is the original, intact one.  After you
reinstall you can rerun upgrade_MailScanner_conf with the right parameters
and hopefully all will be well...


...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brentbolin at HOTMAIL.COM  Tue Aug 31 19:50:38 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:44 2006
Subject: Confused about "Could not parse Outlook Rich Text attachment"
Message-ID: <mailman.1325.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All,

Looking through the mail list archives and the actual message, it has to do 
with M$ outlook using Rich text.  Think trying to get users to use plain 
text and html might be a problem.

I also see mention of winmail.dat .  If I send a test message with rich text 
enabled , I don't see this attached to the mail.  I checked this using "vi" 
on a users mail box.

Deliver Unparsable TNEF = no

Is it safe to change this to yes

Vexira is the viruse scanner being used.  It is not being run from 
MailScanner.

sendmail+vexira+milter

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From suporte at SETINET.COM.BR  Tue Aug 31 19:55:13 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: Per-user conf?
Message-ID: <mailman.1326.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>How i can configure MailScanner to do a "per-user" 
attachment check?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>any idea?</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From peter at UCGBOOK.COM  Tue Aug 31 19:58:09 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:44 2006
Subject: [OT] HTML emails
Message-ID: <mailman.1327.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon :: Blacknight Solutions wrote:
> Is there anyway that the list could disable HTML emails?

I know it's not the correct way to correct a problem but if you use
Thunderbird as your MUA you can display all messages as plain text with
View - Message Body As - Plain Text. Some people will never learn so I
fix it on my end instead.

But I agree that it would be great if the list server could fix it.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Tue Aug 31 19:58:38 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:44 2006
Subject: Confused about "Could not parse Outlook Rich Text attachment"
Message-ID: <mailman.1328.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Brent Bolin wrote:

> Hi All,
>
> Looking through the mail list archives and the actual message, it has 
> to do with M$ outlook using Rich text.  Think trying to get users to 
> use plain text and html might be a problem.
>
> I also see mention of winmail.dat .  If I send a test message with 
> rich text enabled , I don't see this attached to the mail.  I checked 
> this using "vi" on a users mail box.
>
> Deliver Unparsable TNEF = no
>
> Is it safe to change this to yes
>
> Vexira is the viruse scanner being used.  It is not being run from 
> MailScanner.
>
> sendmail+vexira+milter
>
Brett,

You may have better luck with:
TNEF Expander = internal

I get almost no unparsable TNEF this way.

Allowing TNEF is a bad idea because there may be many nasty things in 
the email that a virus scanner cannot protect you against.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Aug 31 19:58:50 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:44 2006
Subject: Per-user conf?
Message-ID: <mailman.1329.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dennis Robert Kelbert wrote:
> How i can configure MailScanner to do a "per-user" attachment check?
>
> any idea?

You need a ruleset.  Please the beginning of the MAQ page.  see below
for url.  Everything is there.

> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Aug 31 20:02:58 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: Per-user conf?
Message-ID: <mailman.1330.1137101204.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-31 at 15:55 -0300, Dennis Robert Kelbert wrote:
> How i can configure MailScanner to do a "per-user" attachment check?

Rulesets
Depending on the number of users it could become quite painful
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From d99-jbe at NADA.KTH.SE  Tue Aug 31 20:04:11 2004
From: d99-jbe at NADA.KTH.SE (John Bergbom)
Date: Thu Jan 12 21:26:44 2006
Subject: Problem s with allowing exe-attachments for a signel domain
Message-ID: <mailman.1331.1137101204.24926.mailscanner@lists.mailscanner.info>

I finally solved my problem. Thank you for giving me clues as to how
I could find the cause of the problem! It was Exim that caused the
problem. Even though MailScanner let the exe-attachment get through,
Exim stopped it. By changing Exim's system_filter I got it working
now. Many thanks!!!

/John


On Tue, 31 Aug 2004, [ISO-8859-2] Marcin Ro?ek wrote:

> John Bergbom wrote:
> > I'm using tabs and not spaces, and the problem is still there! I have
> > no idea why it's not working. I have done according to the
> > instructions in the FAQ.
> We have similar configuration and it works fine...
> Did you restart mailscanner? Are you sure that there should be domain.se not
> something.domain.se ? Can you paste headers of blocked mail and mailscanner's
> log that show processing of that mail?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Tue Aug 31 20:09:12 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: Per-user conf?
Message-ID: <mailman.1332.1137101204.24926.mailscanner@lists.mailscanner.info>

I love when the things going to be hard.. =o)
If you have some examples about the rules, it would help.


Really thanks for now.. I hope to help somebody when i have more knowledge
about MailScanner.



That´s it



----- Original Message ----- 
From: "Michele Neylon : Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, August 31, 2004 4:02 PM
Subject: Re: Per-user conf?


> On Tue, 2004-08-31 at 15:55 -0300, Dennis Robert Kelbert wrote:
> > How i can configure MailScanner to do a "per-user" attachment check?
>
> Rulesets
> Depending on the number of users it could become quite painful
> --
> Mr Michele Neylon
> Blacknight Solutions
> http://www.blacknight.ie
> 059 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Tue Aug 31 20:11:02 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: Per-user conf?
Message-ID: <mailman.1333.1137101204.24926.mailscanner@lists.mailscanner.info>

Thanks.
I think that´s help

----- Original Message ----- 
From: "Ugo Bellavance" <ugob@CAMO-ROUTE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, August 31, 2004 3:58 PM
Subject: Re: Per-user conf?


> Dennis Robert Kelbert wrote:
> > How i can configure MailScanner to do a "per-user" attachment check?
> >
> > any idea?
>
> You need a ruleset.  Please the beginning of the MAQ page.  see below
> for url.  Everything is there.
>
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Tue Aug 31 20:39:58 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:44 2006
Subject: MailScanner: Stable 4.33.3 released (fwd)
Message-ID: <mailman.1334.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
oops, I wanted to send this to the mailscanner list, not the announce
list.  Sorry about that.  Jeff

---------- Forwarded message ----------
Date: Tue, 31 Aug 2004 15:10:56 -0400 (EDT)
From: Jeff A. Earickson <jaearick@colby.edu>
To: Julian Field <mailscanner@ECS.SOTON.AC.UK>
Cc: MAILSCANNER-ANNOUNCE@JISCMAIL.AC.UK
Subject: Re: MailScanner: Stable 4.33.3 released

Julian,

    Isn't it time to make the default for "Still Deliver Silent Viruses"
no instead of yes?  Your comments there warn against it, I turned it off
ages ago.  Why not "no" for a default?

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Aug 31 20:53:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: MailScanner: Stable 4.33.3 released (fwd)
Message-ID: <mailman.1335.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:39 31/08/2004, you wrote:
>    Isn't it time to make the default for "Still Deliver Silent Viruses"
>no instead of yes?  Your comments there warn against it, I turned it off
>ages ago.  Why not "no" for a default?

Sorry, I didn't realise the default was still "yes". Changed to "no".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From vguerrero at minar.com  Tue Aug 31 21:29:15 2004
From: vguerrero at minar.com (Ing. Vicente Guerrero M.)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1336.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi all,

Is there a way to store or qarantine all filename (or filetype) blocked
messages with MailScanner? I'd like to check these blocked  attachments and
then deliver to the original recipients if they are real mail.
I searched trough the faq, maq, archive but nothing was found about this.
Any help is appreciated.

BTW, I'm using MS 4.29.7-1, SA 2.64 in a Red Hat 7.1 box.

Thanks.

Vicente Guerrero

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Tue Aug 31 21:35:03 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:44 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1337.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,
    Whilst on the subject, I would lobby you to change the defaults
on the following parameters too:

Quarantine Silent Viruses from "yes" to "no".

    Why waste disk space quarantining stuff that is all bogus?

Notices Include Full Headers from "no" to "yes".

    IMHO, a sysadmin can't do much in terms of tracking down information
    on a message without the full mail headers and the message ID.  So
    notices without the full mail headers are pretty useless...

Attachment Encoding Charset from "us-ascii" to "ISO-8859-1"

    This one is probably controversial among mailscanner users.
    Even us Americans have to deal with languages that use accents and
    that eighth bit, especially in higher education settings.  My charset
    in both MS and sendmail (DefaultCharSet) have been defined as
    ISO-8859-1 for a long time with no complaints.  What charsets
    do other sites use in MS and their MTA, especially non-US sites?

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From d.santos at barcelohotels.com.do  Tue Aug 31 21:45:36 2004
From: d.santos at barcelohotels.com.do (Dywer Santos)
Date: Thu Jan 12 21:26:44 2006
Subject: Vispan installing
Message-ID: <mailman.1338.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV><FONT face=Arial size=2><SPAN class=867581014-31082004>Hi, I have the 
following error when I try to install the&nbsp;<SPAN 
class=527454420-31082004>vispan</SPAN>:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=867581014-31082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=867581014-31082004>[root Vispan-1.4]# 
make install<BR>Writing 
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Vispan/.packlist<BR>Appending 
installation info to 
/usr/lib/perl5/site_perl/5.005/i386-linux/perllocal.pod<BR>Not enough arguments 
for mkdir at /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 47, near 
"$temp)"<BR>Not enough arguments for mkdir at 
/usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 60, near "$temp)"<BR>Not 
enough arguments for mkdir at /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm 
line 64, near ""$temp\/thumbs")"<BR>Not enough arguments for mkdir at 
/usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 65, near 
""$temp\/images")"<BR>Not enough arguments for mkdir at 
/usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 75, near "$temp)"<BR>BEGIN 
not safe after errors--compilation aborted at 
/usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 86.<BR>BEGIN 
failed--compilation aborted at install.pl line 42.<BR>make: *** [zconfig] Error 
255</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=867581014-31082004><BR>&nbsp;</DIV></SPAN></FONT>
<DIV><FONT face=Arial size=2><SPAN class=867581014-31082004>Please, any idea? 
I've searched the mailling list and I couldn't find an 
answer.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=867581014-31082004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=867581014-31082004>Thanks.</DIV></SPAN></FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From kevins at BMRB.CO.UK  Tue Aug 31 22:03:49 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:44 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1339.1137101204.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-31 at 21:35, Jeff A. Earickson wrote:
> Julian,
>     Whilst on the subject, I would lobby you to change the defaults
> on the following parameters too:
>
> Quarantine Silent Viruses from "yes" to "no".
>
>     Why waste disk space quarantining stuff that is all bogus?

Can I second that please.  I've had a number of messages recently from
people using older versions of MailScanner-MRTG where the quarantine
gets so full that MSMRTG can't finish counting the files in quarantine
in a 5 minute period.  Given that only a fraction of MS users use MSMRTG
I would guess there are plenty of folks who have not set up clean
quarantine and have managed to fill their disk space with quarantine
files.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Tue Aug 31 22:07:21 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:44 2006
Subject: Vispan installing
Message-ID: <mailman.1340.1137101204.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-08-31 at 21:45, Dywer Santos wrote:
> Hi, I have the following error when I try to install the vispan:
>
> [root Vispan-1.4]# make install
> Writing
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Vispan/.packlist
> Appending installation info to
> /usr/lib/perl5/site_perl/5.005/i386-linux/perllocal.pod
> Not enough arguments for mkdir at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 47, near "$temp)"
> Not enough arguments for mkdir at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 60, near "$temp)"
> Not enough arguments for mkdir at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 64, near
> ""$temp\/thumbs")"
> Not enough arguments for mkdir at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 65, near
> ""$temp\/images")"
> Not enough arguments for mkdir at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 75, near "$temp)"
> BEGIN not safe after errors--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/Vispan/Setup.pm line 86.
> BEGIN failed--compilation aborted at install.pl line 42.
> make: *** [zconfig] Error 255
>
> Please, any idea? I've searched the mailling list and I couldn't find
> an answer.

Its your old version of perl, the quick fix is edit the script to add a
mode to all calls to mkdir.  i.e. mkdir($temp,700)
(I don't know what the appropriate mode is, but from the directory name
as $temp I'd guess 700 would probably be okay.)




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Tue Aug 31 23:05:33 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:44 2006
Subject: Spamassassin timed out and was killed
Message-ID: <mailman.1341.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi!

> Rsync RBL zones ?, seems to be a great idea, how do you do that ?

> Do you have large rulesets ? BigEvil ?
> Do you have local caching DNS servers.
> Do you rsync RBL zones locally for fast lookups ?

For example check:

http://dsbl.org/usage
http://www.surbl.org/rsync-signup.html

For others, google! ;)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Tue Aug 31 23:40:15 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: attach DENY FIRST
Message-ID: <mailman.1342.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello everybody...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>What i need to do , if I want to block all possible 
attachments(like \.*), and then making rules for accept the attachments that i 
really need..?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From alex at NKPANAMA.COM  Tue Aug 31 23:41:07 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:44 2006
Subject: in redhat 9
Message-ID: <mailman.1343.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Si vamos a crear una lista de MailScanner en español, me anoto para 
ayudar en lo que pueda.

If we're going to create a MailScanner list in spanish, I'll join and 
help if possible.

En cualquier caso, definitivamente te sale mejor ponerle a tu server 
ClamAV+BitDefender; lo bueno es que uno es libre (Clam) y el otro es gratis.

In any case, you're definitely better off installing ClamAV+BitDefender 
on your server; the good thing is that one is free (as in freedom) and 
the other is free (as in zero-cost).

greyhair wrote:

> Raul,
> 
> Did you see this?
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/121.html
> It directly relates to RedHat 9!
> 
> Sorry, hablo solamente inglés.
> Google trys to translate,(http://translate.google.com/translate_t)
> 
> http://translate.google.com/translate?u=http%3A%2F%2Fwww.sng.ecs.soton.ac.uk%2Fmailscanner%2Fserve%2Fcache%2F121.html&langpair=en%7Ces&hl=en&ie=UTF8&oe=UTF8 
> 
> 
> 
> 
> Raul Urqueta S wrote:
> 
>> *somebody** can help me to configure the MailScanner with RedHat 9, 
>> and Uvscan? Step by step (in Spanish better)*
>>
>> *I cant do it work.*
>>
>> *I follow the steps in the page 
>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
>> don^Òt work*
>>
>> * *
>>
>> *Thanks*
>>
>> * *
>>
>> *Raul.-*
>>
>> ------------------------ MailScanner list ------------------------ To 
>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>