Outstanding mail archiving bug
mailscanner at ecs.soton.ac.uk
Wed Jan 14 09:53:52 GMT 2004
Well I've tried
Allow Form Tags = no
Quarantine Infections = yes
with a message with a form tag in it, and the correct original message
segment (with the form tag still in it) is put into the quarantine.
So maybe I've already fixed this and forgot? Quite possible!
That was done using the latest beta 4.26-4.
So unless someone finds it still does the wrong thing for them with 4.26-4,
I'll consider this one closed.
Any more outstanding bugs that anyone knows about, and I haven't fixed?
At 23:42 13/01/2004, you wrote:
> > >I mailed a detailed report around the time you were in .nl, but i guess
> > >thats lost ? :))
> > I can't find it, have hunted all over the place for it. Have you still got
> > a copy of it or can you describe it again please?
>Found one in my quarantine dir ... =)
>This should contain the bad message, but its holding the error template... :
>[root at vmx01 1Ag3gn-0004KM-5u]# ls -al
>drwx------ 2 exim exim 4096 Jan 12 16:09 .
>drwx------ 67 exim exim 4096 Jan 12 23:58 ..
>-rw------- 1 exim exim 1065 Jan 12 16:09 msg-15123-14.html
>[root at vmx01 1Ag3gn-0004KM-5u]# more msg-15123-14.html
>Warning: This message has had one or more attachments removed
>Warning: (the entire message).
>Warning: Please read the "VirusWarning.txt" attachment(s) for more
>This is a message from the MailScanner E-Mail Virus Protection Service
>The original e-mail message contained potentially dangerous content,
>which has been removed for your safety.
>The content is dangerous as it is often used to spread viruses or to gain
>personal or confidential information from you, such as passwords or credit
>If you wish to receive a copy of the original email, please
>e-mail helpdesk and include the whole of this message
>in your request. Alternatively, you can call them, with
>the contents of this message to hand when you call.
>At Mon Jan 12 16:09:16 2004 the content filters said:
> MailScanner: Found dangerous Object Codebase tag in HTML message
>Note to Help Desk: Look on MailScanner in
>/var/spool/MailScanner/quarantine/20040112 (message 1Ag3gn-0004KM-5u).
>I also looked up in my logs what happened with this one:
>[root at fallback vmx01]# grep 1Ag3gn-0004KM-5u maillog-20040112
>Jan 12 16:09:13 vmx01 exim: 2004-01-12 16:09:13 1Ag3gn-0004KM-5u <=
>ciccio at allgratis.zzn.com H=ns3.prolocation.net (toverdoos.prolocation.net)
>[188.8.131.52] P=esmtp S=3511
>id=200401121509.i0CF95026049 at toverdoos.prolocation.net
>Jan 12 16:09:15 vmx01 MailScanner: Message 1Ag3gn-0004KM-5u from
>184.108.40.206 (ciccio at allgratis.zzn.com) to n-vision.nl is spam,
>SpamAssassin (score=9.625, required 5, BAYES_50 0.00, DATE_IN_PAST_12_24
>0.75, FORGED_MUA_OUTLOOK 2.57, HTML_70_80 0.10, HTML_FONT_INVISIBLE 0.60,
>HTML_MESSAGE 0.10, HTML_TITLE_UNTITLED 0.43, MAILTO_SUBJ_REMOVE 0.89,
>MIME_HTML_ONLY 0.32, RAZOR2_CF_RANGE_11_50 0.88, RAZOR2_CHECK 1.05,
>Jan 12 16:09:15 vmx01 MailScanner: Spam Actions: message
>1Ag3gn-0004KM-5u actions are deliver
>Jan 12 16:09:16 vmx01 MailScanner: Content Checks: Detected
>HTML-specific exploits in 1Ag3gn-0004KM-5u
>Jan 12 16:09:16 vmx01 MailScanner: Saved infected
>Jan 12 16:09:17 vmx01 exim: 2004-01-12 16:09:17 1Ag3gn-0004KM-5u =>
>a3 at n-vision.nl R=mailertable_router T=remote_smtp
>Jan 12 16:09:17 vmx01 exim: 2004-01-12 16:09:17 1Ag3gn-0004KM-5u
>Hope this helps, can lookup some more if needed, but i guess they all look
>about the same.
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner