Emailing quarantined emails
campbell at CNPAPERS.COM
Mon Feb 23 19:18:00 GMT 2004
One of the problems I had after upgrading MailWatch from Version 0.4 to 0.5
was the releasing of quarantineed messages. I found that the 0.4 version was
using 'mail' instead of 'smtp' to resend the quarantineed file back into
sendmail. This resulted in sending mail to the output queue
(/var/spool/mqueue) when using 0.4, instead of the input queue
(/var/spool/mqueue.in) when using 0.5. This requires the rules I mentioned
before in my last post. I am using RH and sendmail. Your mileage may vary.
You could change the line in detail.php in your mailscanner(MailWatch)
$mail =& Mail::factory('smtp');
$mail =& Mail::factory('mail');
, but then nothing gets scanned again and an errant release could let
something through. Files do get delivered though.
Check your logs and headers and see if a released quarantined message is not
sent from 127.0.0.1 (localhost). If it is, you can create any type of rules
you want for either the IP or the domain localhost to control quarantine
releases. With the rules Mr. Freegard suggested, you still get scanned for
viruses, and as someone else mentioned (Mr. Rose I believe), this will take
care of the situation where an email was not flagged as a virus due to virus
dictionaries not being up to date during the quarantine process the first
time through, but maybe getting flagged the second time after the
dictionaries have been updated. There is usually a considerable time lapse
between the actual receipt of email and the time someone wants it released,
allowing for the updated dictionary.
This would explain some of the "mine works, how come yours doesn't".
Or maybe they already had the localhost rules in place.
campbell at cnpapers.com
----- Original Message -----
From: "Jan-Peter Koopmann" <Jan-Peter.Koopmann at SECEIDOS.DE>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, February 23, 2004 1:40 PM
Subject: Re: Emailing quarantined emails
> Hm, makes me wonder why this happens on your systems and not
> here. Try adding a whitelist rule for your own IP. Those
> mails are generated on your system, so this should whitelist them.
My description is exactly doing that: Whitelisting the mails from
Mailwatch.... I am not having problem. Others are. :-)
More information about the MailScanner