Quarantined Message is Warning Instead of Content - MORE INFO

Desai, Jason jase at SENSIS.COM
Tue Mar 30 20:22:32 IST 2004


I've started noticing some problems others have had with the quarantined
message being the warning message instead of the original one.  Last I
remember, Julian said that he was not able to duplicate the problem.  I hope
some information here may help to fix it.

It looks like the problem happens when the message does not have any
attachments but still contains an "infection".  I turned on some of the
print STDERR lines in Message.pm.  The following is some of what was printed
out:

In Clean message, type = v and quar? = 1
File = "msg-8381-1.txt"
this = "MailScanner::Message=HASH(0x971e27c)"
Entity to clean is MIME::Entity=HASH(0x973a960)
root entity is MIME::Entity=HASH(0x973a960)
CleanEntity: In 1B80kF-0002sp-00 entity is MIME::Entity=HASH(0x973a960) and
its parent is

I noticed that the entity does not have a parent.  So, I think if there is
no parent, MailScanner replaces the whole body with the warning.  The only
problem is that it has not been quarantined yet.  So when it does get
quarantined, the warning gets stored and not the original message.

One possible solution might be to switch the order of $batch->Clean() and
$batch->QuarantineInfections() in bin/MailScanner.  But I'm not sure if this
would be a safe thing to do.

I am running MailScanner 4.28.6 with McAfee and ClamAV.  I can provide Exim
queue files of a message that McAfee catches and triggers this problem if
that will help.

Julian, can you take another look?  Thanks.

Jason



More information about the MailScanner mailing list